在nginx的 docker run 中添加webroot和配置文件挂载
-v $PWD/nginx/letsencrypt/:/var/www/letsencrypt:ro \
-v $PWD/letsencrypt/etc/:/etc/nginx/letsencrypt/:ro \
在nginx中将wwwroot发布出去
location ^~ /.well-known/ {
root /var/www/letsencrypt/;
}
在nginx中配置证书文件
ssl_certificate letsencrypt/live/www.yaoge123.com/fullchain.pem;
ssl_certificate_key letsencrypt/live/www.yaoge123.com/privkey.pem;
创建 certbot 的docker run脚本,以后只要周期性运行这个脚本就可以自动更新证书了
#!/bin/sh
cd $(dirname $0)
pwd
docker run -it --rm \
-v $PWD/letsencrypt/etc:/etc/letsencrypt \
-v $PWD/letsencrypt/lib:/var/lib/letsencrypt \
-v $PWD/letsencrypt/log:/var/log/letsencrypt \
-v $PWD/nginx/letsencrypt:/var/www \
certbot/certbot \
certonly --webroot \
--email yaoge123@example.com --agree-tos --no-eff-email \
--webroot-path=/var/www/ \
-n \
--domains www.yaoge123.com
docker kill --signal=HUP nginx