Skip to content

letsencrypt

Letsencrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Basically it gives away SSL certificates, which are required to configure webservers to use HTTPS instead of HTTP for example.

Manually renew a certificate

Linuxserver swag container renews the certificates at night. If you don't have your server up at those hours your certificate won't be renewed automatically and you need to react to the prometheus alert manually. To do so get into the container and run certbot renew.

Configure a wildcard dns when the provider is not supported

If you’d like to obtain a wildcard certificate from Let’s Encrypt or run certbot on a machine other than your target webserver, you can use one of Certbot’s DNS plugins.

They support some DNS providers and a generic protocol if your DNS provider is not in the first list and it doesn't either support RFC 2136 you need to set the manual renewal of certificates. Keep in mind though that Let's Encrypt doesn't support HTTP validation for wildcard domains.

To do so you first need to install certbot. Of the different ways to do it, the cleanest for this case is to use docker (given that you're already using it and don't mind shutting down your web application service so that let's encrypt docker can bind to ports 80 or 443). I'd prefer not to bring down the service for this purpose. Even if it is just once each 2 months, because I feel that the automation of this process will be more difficult in the end. The option we have left is to install it with pip but as we want a clean environment, it's better to use pipx.

pipx install certbot