
Show HN: Moving My HTTP Website to HTTPS Using LetsEncrypt, HAProxy and Docker - gejose
https://blog.georgejose.com/moving-my-http-website-to-https-using-letsencrypt-haproxy-and-docker-deb56ff6be9b
======
stephenr
Wat.

You have take your website offline AND rebuild the haproxy container every
time you need to renew a cert?

There is a use case for containers. This is not it.

~~~
gejose
So in my actual production website, I'm using a ssl certificate that's valid
for quite a while that I bought off namecheap.

You could still get around having to take your website offline if you're using
letsencrypt by using a docker volume and having it read the certificate from
your host machine. I wanted to keep the post short & didn't want to get into
volumes. There are several ways to automatically renew a letsencrypt
certificate. The last part in
[https://www.digitalocean.com/community/tutorials/how-to-
secu...](https://www.digitalocean.com/community/tutorials/how-to-secure-
apache-with-let-s-encrypt-on-ubuntu-16-04) explains how you can automatically
renew using a cron job.

The advantage of using Docker for my setup is being able to plop the whole
thing on a different service and having it run exactly the same way (as long
as it's provided an ssl certificate).

~~~
stephenr
That still sounds like you need downtime for cert renewals. I personally keep
HAproxy bound to 80/443 and use rules in it to send the http/dns-sni
verification checks from LE to certbot in standalone mode.

I still don't understand what docker is giving you here though. nodejs and
haproxy run on more platforms and a wider range of linux kernels than docker.
You could 'plop the whole thing' onto many more servers if it was just nodejs
and haproxy than you can like this.

