Automation: SSL/TLS with Certbot
Posted on December 14, 2021 — 2 Minutes Read
Certbot by the Electronic Frontier Foundation (EFF) is a wonderful tool for obtaining and renewing a signed SSL/TLS certificate on a given root domain from Let’s Encrypt, a non-profit Certificate Authority by the Internet Security Research Group (ISRG). There is nevertheless a circular dependency problem with using Docker and Docker Compose, to orchestrate an NGINX web server, with a signed SSL/TLS certificate by answering a HTTP-01 challenge with Certbot. For Certbot to answer the challenge and to obtain a signed SSL/TLS certificate, NGINX will need serve a file containing a token and a thumbprint. For NGINX to start service however, a SSL/TLS certificate will need to be in place. Deadlock as it may seem, using a simple Bash script to create a dummy SSL/TLS certificate to allow NGINX to start service, and to serve the file needed for obtaining a signed SSL/TLS certificate with Certbot, takes merely a few lines.
The rest of the code is shared on Github for reference and further development. With the code packaged as a standalone script, deployment is as simple as:
- Download a copy of the script;
- Provide the script with execute permission;
- Ensure the dependencies are in place; and
- Run the script.
Git Clone
Download a copy of the script with git clone
.
$ git clone https://github.com/kurtcms/certbot /app/certbot/
Permission
Provide the script with execute permission.
$ chmod +x /app/certbot/certbot.sh
Dependencies
The script expects a sample NGINX config file by the name of nginx.conf-sample
in the ../nginx-conf/
directory. It should be a working NGINX config file with ROOT_DOMAIN
in place of the root domain.
It also requires Docker and Docker Compose, together with a docker-compose.yml
file in the parent directory of this script with two services by the name of nginx
and certbot
, backed by the nginx
and certbot
Docker images.
Be sure to have the dependencies in place. A reference is avaliable here.
Run
Run the script manually or as part of an automation workflow.
$ /app/certbot/certbot.sh
And have a signed SSL/TLS certificate installed.
Thoughts
This is just one example of using a simple Bash script to execute and automate commands. There are plenty of other fascinating tasks that can be done and with Bash. Explore and be amazed.