Docker-letsencrypt-nginx-proxy-companion: Certificate from external providers

Created on 24 Sep 2020  路  5Comments  路  Source: nginx-proxy/docker-letsencrypt-nginx-proxy-companion

I'm struggling of using certificate from external providers: I have some sites, all of them use certificate from LetsEncrypt, for my main site I want to use a certificate from Godaddy provider, but I can't find where's instruction for this purpose.

Does this container support this?

Thanks

Documentation Update Question

Most helpful comment

Hi.

Sure, let's say you plan on using an external certificate for example.com:

  1. You'll need your certificate, private key and optionally chain encoded in PEM format.

  2. Create a directory inside /etc/nginx/certs where you'll put those files. Let's name it example.com to follow the same convention as the companion but really any name will do:
    docker exec your-le-container-name mkdir /etc/nginx/certs/example.com

  3. Copy your files inside this directory (let say your files are named cert.pem, key.pem and chain.pem):
    docker cp /path/to/your/cert.pem your-le-container-name: /etc/nginx/certs/example.com
    docker cp /path/to/your/key.pem your-le-container-name: /etc/nginx/certs/example.com
    docker cp /path/to/your/chain.pem your-le-container-name: /etc/nginx/certs/example.com

  4. Create symlinks pointing to those file inside /etc/nginx/certs, named after the VIRTUAL_HOST you want this certificate to be used with, /etc/nginx/certs/domain.crt for the certificate, /etc/nginx/certs/domain.key for the private key and /etc/nginx/certs/domain.chain.pem for the optional chain file :
    docker exec your-le-container-name ln -s /etc/nginx/certs/example.com/cert.pem /etc/nginx/certs/example.com.crt
    docker exec your-le-container-name ln -s /etc/nginx/certs/example.com/key.pem /etc/nginx/certs/example.com.key
    docker exec your-le-container-name ln -s /etc/nginx/certs/example.com/chain.pem /etc/nginx/certs/example.com.chain.pem

  5. Reload docker-gen and nginx.

If your certificate is a SAN certificate and cover multiple domains, juste repeat step 4 with symlinks named after the other domains.

All 5 comments

Hi.

Sure, let's say you plan on using an external certificate for example.com:

  1. You'll need your certificate, private key and optionally chain encoded in PEM format.

  2. Create a directory inside /etc/nginx/certs where you'll put those files. Let's name it example.com to follow the same convention as the companion but really any name will do:
    docker exec your-le-container-name mkdir /etc/nginx/certs/example.com

  3. Copy your files inside this directory (let say your files are named cert.pem, key.pem and chain.pem):
    docker cp /path/to/your/cert.pem your-le-container-name: /etc/nginx/certs/example.com
    docker cp /path/to/your/key.pem your-le-container-name: /etc/nginx/certs/example.com
    docker cp /path/to/your/chain.pem your-le-container-name: /etc/nginx/certs/example.com

  4. Create symlinks pointing to those file inside /etc/nginx/certs, named after the VIRTUAL_HOST you want this certificate to be used with, /etc/nginx/certs/domain.crt for the certificate, /etc/nginx/certs/domain.key for the private key and /etc/nginx/certs/domain.chain.pem for the optional chain file :
    docker exec your-le-container-name ln -s /etc/nginx/certs/example.com/cert.pem /etc/nginx/certs/example.com.crt
    docker exec your-le-container-name ln -s /etc/nginx/certs/example.com/key.pem /etc/nginx/certs/example.com.key
    docker exec your-le-container-name ln -s /etc/nginx/certs/example.com/chain.pem /etc/nginx/certs/example.com.chain.pem

  5. Reload docker-gen and nginx.

If your certificate is a SAN certificate and cover multiple domains, juste repeat step 4 with symlinks named after the other domains.

Thanks @buchdag for a very detail answer, it's working for me

thank you very much for a detail answer, I'm wondering about 1 point: in step 4 when creating symbolic link for example.com.crt, should it be:

ln -s ./example.com/fullchain.pem example.com.crt
Because I observed other certs (which generated automatically by LetsEncrypt), they're linked like that.

You are right the container use relative paths for the symlinks. Absolute path are easier for a quick docker exec example, but if you'd rather have relative path symlink you can create them like this:

docker exec -w /etc/nginx/certs your-le-container-name ln -s ./example.com/cert.pem example.com.crt

Add the -f flag to ln (in addition to -s, so ln -sf) if you want to replace existing symlinks.

Thank you

We should probably cover that in the doc by the way.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

DatAres37 picture DatAres37  路  5Comments

KetchupBomb picture KetchupBomb  路  6Comments

nosovk picture nosovk  路  5Comments

mrg20 picture mrg20  路  5Comments

SuperRoach picture SuperRoach  路  5Comments