понедельник, 31 декабря 2018 г.

Получение Let's Encrypt Certificate используя docker и nginx


Для обоих вариантов осводим порт 80 !!!
Вариант № 1 (левый quay.io/letsencrypt/letsencrypt)
Let's Encrypt Certificate Generation Using Docker

$ mkdir -p /home/user/letsencrypt/certs

$ docker run -d -p 80:80 --name nginx -v /usr/share/nginx/html nginx

$ docker run -it --name letsencrypt  --rm -v /home/user/letsencrypt/certs:/etc/letsencrypt --volumes-from nginx quay.io/letsencrypt/letsencrypt certonly --agree-tos --webroot --webroot-path /usr/share/nginx/html -m certs@zaz60.com -d zaz60.com -d www.zaz60.com

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/zaz60.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/zaz60.com/privkey.pem
   Your cert will expire on 2019-03-31. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

$ docker stop nginx
$ docker rm nginx

Сертификаты /home/user/letsencrypt/certs

Вариант № 2 (официальный certbot/certbot)
Generate and renew Let’s Encrypt Certificates for Apache with Certbot Docker container

$ mkdir -p /home/user/letsencrypt/certs

$ docker pull certbot/certbot

$ docker run -d -p 80:80 --name nginx -v /usr/share/nginx/html nginx

$ docker run -it --rm -v /home/user/letsencrypt/certs:/etc/letsencrypt  --volumes-from nginx certbot/certbot certonly --webroot --webroot-path=/usr/share/nginx/html -d zaz60.com --email info@zaz60.com --agree-tos

 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/zaz60.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/zaz60.com/privkey.pem
   Your cert will expire on 2019-03-31. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Сертификаты /home/user/letsencrypt/certs


Вариант № 3 (показался мне самым лучшим)
Automating the management of HTTPS certificates in a Dockerized environment with Let’s Encrypt

$ docker volume create --name certs
$ docker run -v certs:/etc/letsencrypt -e http_proxy=$http_proxy -e domains="www.zaz60.com" -e email="info@zaz60.com" -p 80:80 -p 443:443 --rm pierreprinetti/certbot:latest

Сертификаты /var/lib/docker/volumes/certs/_data/
Автор: на
Ярлыки: , , , ,

Комментариев нет:

Отправить комментарий

Подписаться на: Комментарии к сообщению (Atom)