I'm struggling of using certificate from external providers: I have some sites, all of them use certificate from LetsEncrypt, for my main site I want to use a certificate from Godaddy provider, but I can't find where's instruction for this purpose.
Does this container support this?
Thanks
Hi.
Sure, let's say you plan on using an external certificate for example.com:
You'll need your certificate, private key and optionally chain encoded in PEM format.
Create a directory inside /etc/nginx/certs where you'll put those files. Let's name it example.com to follow the same convention as the companion but really any name will do:
docker exec your-le-container-name mkdir /etc/nginx/certs/example.com
Copy your files inside this directory (let say your files are named cert.pem, key.pem and chain.pem):
docker cp /path/to/your/cert.pem your-le-container-name: /etc/nginx/certs/example.com
docker cp /path/to/your/key.pem your-le-container-name: /etc/nginx/certs/example.com
docker cp /path/to/your/chain.pem your-le-container-name: /etc/nginx/certs/example.com
Create symlinks pointing to those file inside /etc/nginx/certs, named after the VIRTUAL_HOST you want this certificate to be used with, /etc/nginx/certs/domain.crt for the certificate, /etc/nginx/certs/domain.key for the private key and /etc/nginx/certs/domain.chain.pem for the optional chain file :
docker exec your-le-container-name ln -s /etc/nginx/certs/example.com/cert.pem /etc/nginx/certs/example.com.crt
docker exec your-le-container-name ln -s /etc/nginx/certs/example.com/key.pem /etc/nginx/certs/example.com.key
docker exec your-le-container-name ln -s /etc/nginx/certs/example.com/chain.pem /etc/nginx/certs/example.com.chain.pem
Reload docker-gen and nginx.
If your certificate is a SAN certificate and cover multiple domains, juste repeat step 4 with symlinks named after the other domains.
Thanks @buchdag for a very detail answer, it's working for me
thank you very much for a detail answer, I'm wondering about 1 point: in step 4 when creating symbolic link for example.com.crt, should it be:
ln -s ./example.com/fullchain.pem example.com.crt
Because I observed other certs (which generated automatically by LetsEncrypt), they're linked like that.
You are right the container use relative paths for the symlinks. Absolute path are easier for a quick docker exec example, but if you'd rather have relative path symlink you can create them like this:
docker exec -w /etc/nginx/certs your-le-container-name ln -s ./example.com/cert.pem example.com.crt
Add the -f flag to ln (in addition to -s, so ln -sf) if you want to replace existing symlinks.
Thank you
We should probably cover that in the doc by the way.
Most helpful comment
Hi.
Sure, let's say you plan on using an external certificate for
example.com:You'll need your certificate, private key and optionally chain encoded in PEM format.
Create a directory inside
/etc/nginx/certswhere you'll put those files. Let's name itexample.comto follow the same convention as the companion but really any name will do:docker exec your-le-container-name mkdir /etc/nginx/certs/example.comCopy your files inside this directory (let say your files are named
cert.pem,key.pemandchain.pem):docker cp /path/to/your/cert.pem your-le-container-name: /etc/nginx/certs/example.comdocker cp /path/to/your/key.pem your-le-container-name: /etc/nginx/certs/example.comdocker cp /path/to/your/chain.pem your-le-container-name: /etc/nginx/certs/example.comCreate symlinks pointing to those file inside
/etc/nginx/certs, named after theVIRTUAL_HOSTyou want this certificate to be used with, /etc/nginx/certs/domain.crt for the certificate, /etc/nginx/certs/domain.key for the private key and /etc/nginx/certs/domain.chain.pem for the optional chain file :docker exec your-le-container-name ln -s /etc/nginx/certs/example.com/cert.pem /etc/nginx/certs/example.com.crtdocker exec your-le-container-name ln -s /etc/nginx/certs/example.com/key.pem /etc/nginx/certs/example.com.keydocker exec your-le-container-name ln -s /etc/nginx/certs/example.com/chain.pem /etc/nginx/certs/example.com.chain.pemReload
docker-genandnginx.If your certificate is a SAN certificate and cover multiple domains, juste repeat step 4 with symlinks named after the other domains.