Let's Encrypt

1. You must have ports 80 and 443 directed to your host and docker container. NO OTHER ports are allowed (for security reasons) (I was able to get it working using ONLY port 443 if port 80 is disable, and vice versa...) This means if you are behind a firewall to the internet, you must have these ports forwarded. Advanced: If you are behind a complicated reverse proxy, you need /.well-known/acme-challenge/ exposed.

2. Modify your local_vip.env file to contain

   [email protected]
   VIP_LETSENCRYPT_DOMAINNAME=your_real_domain_name.com
   

   Both the domain name and email address are important. The email address is required to retrieve a lost cert, and the domain name must point to the host machine.

   Internally /etc/letsencrypt/live/${VIP_LETSENCRYPT_DOMAINNAME}/fullchain.pem and /etc/letsencrypt/live/${VIP_LETSENCRYPT_DOMAINNAME}/privkey.pem are used for your certs in the containers. This default behavior should be enough for typical use.

3. Make sure you have nginx running, ./just start uwsgi daphne nginx

4. By running ./just le-cert you are agreeing to the Let's Encrypt Terms of Service. Run ./just le-cert to get an ssl cert (that is stored internally in the ssl volume)

5. Restart nginx to load the new certificate, ./just restart nginx

6. Every 60-90 days, run ./just le-renew to get an updated cert. Make this a cron job maybe.