Bellsworne/SessionZeroWasm
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
SessionZeroWasm/README.letsencrypt.md
Chris Bell 438d8cb34c remove ssl staging
2025-07-03 10:25:50 -05:00

2.9 KiB
Raw Permalink Blame History

Let's Encrypt SSL Setup for SessionZero

Overview

This repository has been configured to automatically obtain and renew SSL certificates from Let's Encrypt for secure HTTPS connections. The setup uses Certbot with the Nginx plugin to handle certificate issuance and renewal.

Setup Instructions

  1. Initial Setup

    Before deploying for the first time, edit the init-letsencrypt.sh script and add your email address for Let's Encrypt notifications:

    # In init-letsencrypt.sh
email="your-email@example.com" # Add your email here

    Additionally, modify if needed:

    • domains - The domain(s) you want certificates for
    • rsa_key_size - The RSA key size (default: 4096)
    • The stagingflag variable has been set to empty string to use production certificates

    Note: When switching from staging to production certificates, you'll need to completely remove the existing certificates. You can use the included cleanup script:

    chmod +x cleanup-certificates.sh
./cleanup-certificates.sh

    Or manually clean up with:

    docker-compose down
rm -rf ./data/certbot/conf/live
rm -rf ./data/certbot/conf/archive
rm -rf ./data/certbot/conf/renewal
mkdir -p ./data/certbot/conf
docker-compose up -d

    Important: Ensure you've set stagingflag="" in the init-letsencrypt.sh script before running this cleanup.

  2. Directory Structure

    Ensure the following directories exist on your host machine:

    mkdir -p ./data/certbot/conf
mkdir -p ./data/certbot/www

  3. Starting the Service

    docker-compose up -d

    The first time you run the container, it will:

    • Start a temporary Nginx server
    • Request certificates from Let's Encrypt
    • Store certificates in the mounted volume
    • Restart Nginx with the SSL configuration

Certificate Renewal

Certificates will automatically renew when they're within 30 days of expiration. The container has a cron job that runs twice daily to check for renewals.

Troubleshooting

  1. Certificate Issuance Failed

    Check the logs:

    docker-compose logs sessionzero

    Common issues:

    • DNS not pointing to your server
    • Firewall blocking ports 80/443
    • Rate limits exceeded (use --staging flag to test)

  2. Manual Certificate Renewal

    You can force a renewal by executing:

    docker-compose exec sessionzero certbot renew --force-renewal

  3. Starting Over

    If you need to reset and start fresh:

    docker-compose down
rm -rf ./data/certbot
mkdir -p ./data/certbot/conf
mkdir -p ./data/certbot/www

Additional Information

  • Certificates are stored in /etc/letsencrypt inside the container, mounted to ./data/certbot/conf on the host
  • Webroot challenges are stored in /var/www/certbot inside the container, mounted to ./data/certbot/www on the host