Update.

certbot

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+docker exec nginx_proxy mkdir -p /var/www/certbot
+
+docker run -it --rm --name letsencrypt \
+       --volumes-from nginx_proxy -v /etc/letsencrypt:/etc/letsencrypt:rw \
+       --network nginxproxy \
+       certbot/certbot \
+       --webroot --webroot-path /var/www/certbot --config-dir=/etc/letsencrypt \
+       $*
+
+# renew --cert-name typename.fr --dry-run

docker-compose.yml

@@ -1,4 +1,5 @@
-version: '2'
+version: "2"
+
 services:
   nginx:
     restart: always
@@ -12,6 +13,7 @@ services:
       - /etc/nginx/conf.d
       - /etc/letsencrypt:/etc/letsencrypt:ro
       - /var/docker/proxy/vhost.d:/etc/nginx/vhost.d:ro
+
   dockergen:
     restart: always
     depends_on:

domains.list

@@ -50,3 +50,8 @@ zik-insat.fr
 q.zik-insat.fr
 m.zik-insat.fr
 n.zik-insat.fr
+
+# Saxtoys
+saxtoys.fr
+www.saxtoys.fr
+q.saxtoys.fr

nginx.tmpl

@@ -75,7 +75,7 @@ server {
         server_name _; # This is just an invalid value which will never trigger on a real hostname.
         listen 80;
         access_log /var/log/nginx/access.log vhost;
-        location /.well-known/ {
+        location /.well-known/acme-challenge {
                  root /var/www/certbot;
         }
 
@@ -94,7 +94,7 @@ server {
 #	ssl_certificate /etc/nginx/certs/default.crt;
 #	ssl_certificate_key /etc/nginx/certs/default.key;
 
-        location /.well-known/ {
+        location /.well-known/acme-challenge {
                  root /var/www/certbot;
         }
 
@@ -157,6 +157,8 @@ upstream {{ $upstream_name }} {
 
 {{ $is_https := (and (ne $https_method "nohttps") (ne $vhostCertDir "") (exists (printf "/etc/letsencrypt/live/%s/fullchain.pem" $host)) (exists (printf "/etc/letsencrypt/live/%s/privkey.pem" $host))) }}
 
+{{ $is_https := true }}
+
 {{ if $is_https }}
 
 {{ if eq $https_method "redirect" }}
@@ -181,8 +183,11 @@ server {
         ssl_session_cache shared:SSL:50m;
         ssl_session_tickets off;
 
-        ssl_certificate /etc/letsencrypt/live/{{ (printf "%s" $host) }}/fullchain.pem;
+        {{/* ssl_certificate /etc/letsencrypt/live/{{ (printf "%s" $host) }}/fullchain.pem; */}}
-        ssl_certificate_key /etc/letsencrypt/live/{{ (printf "%s" $host) }}/privkey.pem;
+        {{/* ssl_certificate_key /etc/letsencrypt/live/{{ (printf "%s" $host) }}/privkey.pem; */}}
+
+        ssl_certificate /etc/letsencrypt/live/typename.fr/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/typename.fr/privkey.pem;
 
         {{ if (exists (printf "/etc/letsencrypt/live/%s.dhparam.pem" $host)) }}
         ssl_dhparam {{ printf "/etc/letsencrypt/live/%s.dhparam.pem" $host }};
@@ -198,7 +203,7 @@ server {
         include /etc/nginx/vhost.d/default;
         {{ end }}
 
-        location /.well-known/ {
+        location /.well-known/acme-challenge {
                  root /var/www/certbot;
         }
 
@@ -236,7 +241,7 @@ server {
         include /etc/nginx/vhost.d/default;
         {{ end }}
 
-        location /.well-known/ {
+        location /.well-known/acme-challenge {
                  root /var/www/certbot;
         }
 

update_certs.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 
-if [ $(id -u) -ne 0 ]; then
+# if [ $(id -u) -ne 0 ]; then
-    echo "This script must be run as root." > /dev/stderr
+#     echo "This script must be run as root." > /dev/stderr
-    exit 1
+#     exit 1
-fi
+# fi
 
 domains=$(cat domains.list | grep -v -E '^[[:space:]]*(#.*)?$')
 
@@ -16,16 +16,4 @@ $(dirname $0)/certbot \
              --cert-name typename.fr \
              -d $(echo typename.fr ${domains[*]} | tr ' ' ',')
 
-for domain in ${domains[*]}; do
-    echo "Creating symbolic links for ${domain}... "
-    dir=/etc/letsencrypt/live/${domain}
-    if [ -e "${dir}" ]; then
-        rm -rf ${dir}
-    fi
-    mkdir ${dir}
-    for link in /etc/letsencrypt/live/typename.fr/*.pem; do
-        ln -s $(readlink $link) ${dir}/$(basename $link)
-    done
-done
-
 docker-compose restart