0%
Reading Settings
Font Size
18px
Line Height
1.5
Letter Spacing
0.01em
Font Family
Table of contents
    blog cover

    How to Manage and Renew SSL Certificates Using Docker Compose

    Software Engineer
    Software Engineer
    Docker
    Docker
    published 2024-08-15 21:06:08 +0700 · 3 mins read
    Securing your website with SSL certificates is essential to protect data transmitted between the server and client. Managing and renewing SSL certificates can be a cumbersome task, but Docker simplifies this process. In this blog post, we will demonstrate how to manage and renew SSL certificates using Docker Compose.

    Introduction

    Let's Encrypt
    Let's Encrypt is a free, automated, and open certificate authority (CA) that provides SSL/TLS certificates to enable HTTPS on websites. Its mission is to create a more secure and privacy-respecting Web by promoting the widespread adoption of HTTPS. Certificates issued by Let's Encrypt are valid for 90 days, after which they must be renewed.

    Certbot
    Certbot is a tool developed by the Electronic Frontier Foundation (EFF) to automate the process of obtaining and renewing Let's Encrypt SSL certificates. It simplifies the certificate issuance and renewal process, making it accessible even to those with limited technical knowledge.

    Prerequisites
    Before you start, ensure you have:
    1. Docker installed on your system. Follow the official installation guide if necessary.
    2. Docker Compose installed. Follow the installation guide if needed.
    3. Basic understanding of Docker and Docker Compose.

    Step 1: Create a Docker Compose File

    Create a file named docker-compose-cert.yml with the following content:
    // language: yaml
version: "3.9"
services:
  letsencrypt:
    container_name: "certbot-service"
    image: certbot/certbot
    command: sh -c "certbot certonly --webroot -w /tmp/acme_challenge -d your-app.com --text --agree-tos --email [email protected] --rsa-key-size 4096 --verbose --keep-until-expiring --preferred-challenges=http"
    entrypoint: ""
    volumes:
      - /etc/letsencrypt:/etc/letsencrypt
      - /tmp/acme_challenge:/tmp/acme_challenge
    environment:
      - TERM=xterm
    Make sure to replace your-app.com with your domain and [email protected] with your email address.

    Step 2: Configure Your Web Server

    Ensure that your web server serves the /.well-known/acme-challenge/ directory from the /tmp/acme_challenge path. This is necessary for the webroot method used by Certbot to verify domain ownership.

    If you use NGINX, add the following location block to your Nginx configuration:
    // language: bash
server {
    listen 80;
    server_name your-app.com;

    location /.well-known/acme-challenge/ {
        root /tmp/acme_challenge;
    }
}

    Step 3: Run Docker Compose

    Navigate to the directory containing your docker-compose-cert.yml file and run the following command
    // language: bash
docker-compose -f docker-compose-cert.yml up --build

    After renewing the certificates, you need to reload your web server to apply the changes. If you use NGINX, run the below command
    // language: bash
nginx -s reload

    You can verify the new certificate in your browser
    Select "Show certificate"
    Check "Validity Period"



    Step 4: Schedule Automatic Renewals

    To keep your SSL certificates up-to-date, you should renew them periodically. Since Let's Encrypt certificates are valid for 90 days, it's a good practice to renew them every ~80 days. You can automate this process using a cron job.

    Open the crontab editor by running:
    // language: bash
crontab -e

    Add a new line to schedule the renewal process. The following example schedules the renewal to run every 80 days at 2 AM:
    // language: bash
0 2 */80 * * docker-compose -f /path/to/docker-compose-cert.yml run --rm letsencrypt && nginx -s reload
    The --rm option is used when running a Docker container. It ensures that the container is automatically removed after it exits. This is useful for containers that are used for one-time tasks, such as renewing SSL certificates, to avoid cluttering your system with stopped containers.
    Make sure to replace /path/to/docker-compose-cert.yml with the actual path to your Docker Compose file.

    Conclusion

    By following these steps, you can efficiently manage and renew SSL certificates using Docker. This setup ensures that your SSL certificates are always up-to-date, enhancing the security and reliability of your website without requiring manual intervention.

    Related blogs

    blog cover
    Safe Concurrent Updates in Rails with Locks and Atomic SQL
    Some applications require handling concurrent updates, like buying concert tickets or transferring money. In these cases, data consistency and atomicity are critical. Any mistake can lead to overbooking, double-spending, or even lost money. This post...
    Software Engineer
    Software Engineer
    published 2025-08-08 10:21:06 +0700 · 3 mins read
    blog cover
    Jekyll Asset Caching Strategy for AWS S3 + CloudFront Deployment
    Deploying a static Jekyll site to AWS can be fast, but without the right caching strategy, users might see stale content or you might waste bandwidth re-downloading unchanged assets.This blog explains a dual-cache policy that combines long-term cachi...
    Software Engineer
    Software Engineer
    published 2025-08-11 10:52:50 +0700 · 3 mins read