Renew Let's encrypt certificate automatically without stopping nginx hosted on docker

Question

I am using nginx as proxy and SSL termination for the site hosted on docker. App & nginx both are on docker. I have installed Let's encrypt SSL using Certbot directly on Ubuntu server. And now using the SSL cert installed on Ubuntu server in Docker by mapping it using volume in docker-compose.

I noticed that Certbot cron job to renew certificate is failing as the port 80 and 443 are in use by docker nginx instance.

And to renew, I need to stop the docker and then run certbot renew command which works fine.

What is the best way to have automated renewal without stopping docker container that runs nginx.

Answer 1

Certbot has multiple modes of generating and renuwing the certificates. One of the modes is the nginx renewal mode. Check this tutorial from nginx documentation.

Another option is the webroot option described in the certbot documents where you will need to tell certbot where is the root folder of the web-server with the --webroot-path which certbot will use for the challenge-response authentication.

Depending on your containers, you might need to restart the container after certificate was renewed in order for nginx to load the new certificate.