this post was submitted on 20 Jul 2024
13 points (100.0% liked)

Docker

966 readers
1 users here now

founded 2 years ago
MODERATORS
 

I am working on this django docker project template with this certbot setup, Dockerfile

FROM certbot/certbot:v1.27.0

COPY certify-init.sh /opt/
RUN chmod +x /opt/certify-init.sh

ENTRYPOINT ["/opt/certify-init.sh"]

entrypoint

#!/bin/sh

set -e

echo "Getting certificate..."

certbot certonly \
    --webroot \
    --webroot-path "/vol/www/" \
    -d "$DOMAIN" \
    --email $EMAIL \
    --rsa-key-size 4096 \
    --agree-tos \
    --noninteractive

if [ $? -ne 0 ]; then
    echo "Certbot encountered an error. Exiting."
    exit 1
fi

#for copying the certificate and configuration to the volume
if [ -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; then
    echo "SSL cert exists, enabling HTTPS..."
    envsubst '${DOMAIN}' < /etc/nginx/nginx.prod.conf > /etc/nginx/conf.d/default.conf
    echo "Reloading Nginx configuration..."
    nginx -s reload
else
    echo "Certbot unable to get SSL cert,server HTTP only..."
fi


echo "Setting up auto-renewal..."
apk add --no-cache dcron
echo "0 12 * * * /usr/bin/certbot renew --quiet" | crontab -
crond -b

problem with this setup is,certbot exits after initial run of getting the certificate and when it's renew time it require manual intervention.

Now There are two choices

  1. set restart: unless-stopped in docker compose file so it keeps restarting the container and with cron job to renew the certificate when required.

  2. Set cron job in host machine to restart the container.

Are there any other/more option to tackle this situation.

you are viewing a single comment's thread
view the rest of the comments
[–] Semi_Hemi_Demigod 2 points 5 months ago (1 children)

Just curious: What manual intervention do you need to do when renewing? That might point to a possible root cause for why it's not working

[–] alexdeathway@programming.dev 2 points 5 months ago (1 children)
[–] Semi_Hemi_Demigod 2 points 5 months ago

Anything in the cron logs? Maybe you could try sending the output of the cron job to a log file to see where it gets hung up.