Automating multiple domain renewals when using Certbot with Apache inside a docker container

Last Updated on January 3, 2024 by Amarjit Singh

In the modern web ecosystem, ensuring your domains are always secured with valid SSL certificates is crucial. For those utilizing Docker containers, managing SSL certificates across multiple domains can be a complex task. Today, we’re introducing a Bash script that simplifies this process. This script, combined with a cron job on the host operating system, automates the renewal of SSL certificates for multiple domains within a Docker container running Apache and Certbot.

Script

#!/bin/bash

CONTAINER_NAME="<Container name having Apache and certbot installed>"
DOMAINS="www.domain1.com domain2.com"

read -r -d '' SCRIPT_CONTENT << 'EOF'
#!/bin/bash
# Read all arguments into an array
domains=("$@")

service apache2 stop
# Iterate over the domains array
for domain in "${domains[@]}"; do
    if [ -f "/etc/letsencrypt/renewal/$domain.conf" ]; then
		certbot renew --cert-name $domain --standalone
	else
		certbot certonly -d $domain --standalone
	fi
done
service apache2 start
EOF

# Create the script inside the container
docker exec $CONTAINER_NAME bash -c "echo '$SCRIPT_CONTENT' > /tmp/run-certbot.sh"

# Make the script executable
docker exec $CONTAINER_NAME chmod +x /tmp/run-certbot.sh

# Execute the script
docker exec $CONTAINER_NAME bash -c "/tmp/run-certbot.sh $DOMAINS"

# Delete the script
docker exec $CONTAINER_NAME rm /tmp/run-certbot.sh

Understanding the Script

This script automates the SSL certificate renewal process for multiple domains inside a specified Docker container. It creates and executes a temporary script within the container, handling the SSL renewal or issuance through Certbot, with minimal disruption to the Apache service.

Key Components of the Script

  1. Container and Domains Setup:
    • Container Name: Define the Docker container name that has Apache and Certbot installed.
    • Domains List: Specify the domains for SSL management in a space-separated list.
  2. Inner Script Creation:
    • The script employs a heredoc to define a multiline string, creating the content of a temporary inner script. This script manages the stopping of Apache, processes each domain for renewal or certificate issuance, and restarts Apache.
  3. Execution in Docker:
    • The temporary script is transferred into the Docker container, made executable, and then executed.
  4. Post-Execution Clean-Up:
    • The script is removed from the container after execution to maintain a clean environment.

Automating with Cron

To fully harness the power of automation, this script should be executed regularly through a cron job on the host machine. Setting up a cron job ensures that your SSL certificates are renewed automatically without manual intervention.

  1. Setting Up the Cron Job:
    • Open the crontab file on your host machine: crontab -e
    • Add a line to schedule the script’s execution. For instance, to run it at midnight on the first day of each month, add 0 0 1 * * /path/to/your/script.sh
    • Replace /path/to/your/script.sh with the actual path to the script.
  2. Cron Job Configuration:
    • This cron job will automatically execute the script at the specified time, ensuring that your SSL certificates are always up to date.
    • Adjust the schedule according to your requirements.

Leave a Reply

Your email address will not be published. Required fields are marked *