Installing SSL an cert on a LAMP Docker container (Apache)

This is a WIP / rough draft.

In this post I’ll run over installing an SSL cert for a web server (Apache), that is running inside a docker container (the docker container is running on a Linux server AWS Amazon Linux EC2).

  • SSH into server (thats running docker)
  • Install Certbot and generate SSL cert for the website (on host machine, that docker runs on)
  • Map cert files into Docker volume ( so inside Docker container can see them)
  • Inside the Docker container, setup Apache to use the cert files (eg default.conf , or apache.conf or whatever files your using for apache config )

to install certbot on amazon linux

(see Jens Answer)

once installed run:

sudo /opt/certbot/bin/certbot certonly

choose 1 to use a local server on port 80 ( this can interfere if you have something on port 80 already , I dont have anything on port 80).

importantant Then add the domains (space separated) that the cert is for in my case

if you want and , you must add both space separated


Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter ‘c’ to cancel):

relevant certs/files will be saved to these locations by default

Certificate is saved at: /etc/letsencrypt/live/
Key is saved at: /etc/letsencrypt/live/

still to write up below:

Make sure cert files can be seen inside Docker with volume (eg docker-compose.yml)

      - ./apache/default.conf:/etc/apache2/sites-enabled/000-default.conf
      - /etc/letsencrypt/live/
      - /etc/letsencrypt/live/

Once the cert files on the host, and mapped this into docker (above) , apache container , can see them like so

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile "/etc/apache2/sites-enabled/fullchain.pem"
    SSLCertificateKeyFile "/etc/apache2/sites-enabled/privkey.pem"

other very rough , useful notes

important to log in to ec2 instance as root ssh in (normal ) , then ‘sudo su -‘

docker-compose up --force-recreate --build

had to run above as changes to Dockerfile, docker-compoose.yml

main files had to change for SSL to work (/live docker-compose.yml , Dockerfile, default.conf (apache) )

Leave a Comment