forked from lephleg/nano-node-docker
-
Notifications
You must be signed in to change notification settings - Fork 4
Additional Notes on SSL setup
amamel edited this page Sep 29, 2021
·
3 revisions
-
The VIRTUAL_HOST (along with LETSENCRYPT_HOST and DEFAULT_HOST) must a reachable domain for Let's Encrypt to be able to validate the challenge and provide the certificate. Be sure to configure your DNS records properly before triggering the installation.
-
Every hour (3600 seconds) the certificates are checked and every certificate that will expire in the next 30 days (90 days / 3) are renewed.
-
To display informations about your existing certificates, use the following command:
$ docker exec nginx-proxy-letsencrypt /app/cert_status
- To force the nginx-proxy-letsencrypt container to renew all certificates that are currently in use use the following command:
$ docker exec nginx-proxy-letsencrypt /app/force_renew
- If you're using an third-party firewall like UFW and have already applied the iptables security fix How to fix the Docker and UFW security flaw (highly recommended), you should also verify that the port 443 required by the SSL setup is accepting incoming connections. In case of UFW the required commands to enable the port and reload your firewall are the following:
$ sudo ufw allow 443
$ sudo ufw reload