Do not use this repository. Use https://github.com/ixc/letsencrypt-docker
instead, which works with the official dockercloud-haproxy
image and fixes
a few problems and limitations with this letsencrypt
image.
The haproxy
image will:
-
Create a self signed default certificate, so HAproxy can start before we have any real certificates.
-
Watch the
/etc/letsencrypt/live
directory and when changes are detected, install combined certificates and reload HAproxy.
The letsencrypt
image will:
- Automatically create or renew certificates on startup and daily thereafter.
In your stack file:
-
Link to the
letsencrypt
service from thehaproxy
service. -
Use
volumes_from: letsencrypt
in thehaproxy
service. -
Define a
DOMAINS
environment variable in theletsencrypt
service. Certificates are separated by semi-colon (;) and domains are separated by comma (,). -
Define an
EMAIL
environment variable in theletsencrypt
service. It will be used for all certificates. -
Define an
OPTIONS
environment variable in theletsencrypt
service, if you want to pass additional arguments tocertbot
(e.g.--staging
).
Several environment variables are hard coded, and don't need to be defined in your stack file:
-
The
DEFAULT_SSL_CERT
environment variable is set to the value of the default/first Let's Encrypt certificate (if not already explicitly set), to ensure SSL termination is enabled. -
The
VIRTUAL_HOST
andVIRTUAL_HOST_WEIGHT
environment variables are hard coded in theletsencrypt
image, to ensure challenge requests for all domains are proxied to theletsencrypt
service.
A sample stack file is provided.