kurtcms.org

Thinking. Writing. Philosophising.

Email Github LinkedIn

Automation: SSL/TLS with Certbot

Posted on December 14, 2021 — 2 Minutes Read

Certbot by the Electronic Frontier Foundation (EFF) is a wonderful tool for obtaining and renewing a signed SSL/TLS certificate on a given root domain from Let’s Encrypt, a non-profit Certificate Authority by the Internet Security Research Group (ISRG). There is nevertheless a circular dependency problem with using Docker and Docker Compose, to orchestrate an NGINX web server, with a signed SSL/TLS certificate by answering a HTTP-01 challenge with Certbot. For Certbot to answer the challenge and to obtain a signed SSL/TLS certificate, NGINX will need serve a file containing a token and a thumbprint. For NGINX to start service however, a SSL/TLS certificate will need to be in place. Deadlock as it may seem, using a simple Bash script to create a dummy SSL/TLS certificate to allow NGINX to start service, and to serve the file needed for obtaining a signed SSL/TLS certificate with Certbot, takes merely a few lines.

The rest of the code is shared on Github for reference and further development. With the code packaged as a standalone script, deployment is as simple as:

  1. Download a copy of the script;
  2. Provide the script with execute permission;
  3. Ensure the dependencies are in place; and
  4. Run the script.

Git Clone

Download a copy of the script with git clone.

$ git clone https://github.com/kurtcms/certbot /app/certbot/

Permission

Provide the script with execute permission.

$ chmod +x /app/certbot/certbot.sh

Dependencies

The script expects a sample NGINX config file by the name of nginx.conf-sample in the ../nginx-conf/ directory. It should be a working NGINX config file with ROOT_DOMAIN in place of the root domain.

It also requires Docker and Docker Compose, together with a docker-compose.yml file in the parent directory of this script with two services by the name of nginx and certbot, backed by the nginx and certbot Docker images.

Be sure to have the dependencies in place. A reference is avaliable here.

Run

Run the script manually or as part of an automation workflow.

$ /app/certbot/certbot.sh

And have a signed SSL/TLS certificate installed.

Thoughts

This is just one example of using a simple Bash script to execute and automate commands. There are plenty of other fascinating tasks that can be done and with Bash. Explore and be amazed.