Secure an NGINX Docker container with Let’s Encrypt

For web-applications, securing the communication between client and application is essential. As containerisation of such applications becomes the standard, I will be looking into one another method to achieve SSL encryption with a containerised NGINX web server using Let’s Encrypt. 

A full-blown multi-application server typically runs a web server that hosts applications. To secure the communication between this server and clients, a secure (HTTPS) connection is initiated that uses an SSL/TLS certificate and a corresponding key to encrypt the data on a per-domain basis. A trusted Certificate Authority like Let’s Encrypt can issue certificates that indicate that you are the valid owner of a domain. To proof this ownership, Let’s Encrypt uses a protocol called ACME. Tools like CertBot and acme.sh implements this protocol and can as such allow you to obtain and renew SSL/TLS certificates signed by the Let’s Encrypt CA. 

Figure 1: Infrastructure of a server with 2 public IP addresses, one hosting two applications through a proxying webserver and another with a dedicated application webserver.
Continue reading Secure an NGINX Docker container with Let’s Encrypt

Free SSL certificates: use Let’s Encrypt with ISPConfig 3

View of the Chrome Certificate info pane for tomlankhorst.nlAs you might have noticed this site uses HTTPS. Obtaining SSL certificates was always a bit of a hassle. Finding a certificate authority, doing regular payment, renewals and installing the certificate on your server. Let’s Encrypt is an initiative to provide a better way of enabling encryption on websites. It is open, automated and above all: it offers free SSL certificates. Learn to use Let’s Encrypt on an ISPConfig 3.0 server.

I assume you already have an ISPConfig server up and running. You might have a number of sites that use plain HTTP of HTTPS that you want to secure with free SSL certificates. That’s good, we’re going to do the following:

  1. Obtaining certbot
  2. Requesting free SSL certificates
  3. Configuring SSL in ISPConfig
  4. Enabling automatic periodical renewal

Continue reading Free SSL certificates: use Let’s Encrypt with ISPConfig 3