Home

Welcome to the letsencrypt-nginx-proxy-companion wiki!

---

letsencrypt-nginx-proxy-companion is a lightweight companion container for nginx-proxy.

It handles the automated creation, renewal and use of Let's Encrypt certificates for proxyed Docker containers.

Features:

• Automated creation/renewal of Let's Encrypt (or other ACME CAs) certificates using simp_le.
• Let's Encrypt / ACME domain validation through http-01 challenge only.
• Automated update and reload of nginx config on certificate creation/renewal.
• Support creation of Multi-Domain (SAN) Certificates.
• Creation of a Strong Diffie-Hellman Group at startup.
• Work with all versions of docker.

Requirements:

• Your host must be publicly reachable on both port 80 and 443.
• Check your firewall rules and do not attempt to block port 80 as that will prevent http-01 challenges from completing.
• For the same reason, you can't use nginx-proxy's HTTPS_METHOD=nohttp.
• The (sub)domains you want to issue certificates for must correctly resolve to the host.
• Your DNS provider must answers correctly to CAA record requests.
• If your (sub)domains have AAAA records set, the host must be publicly reachable over IPv6 on port 80 and 443.

Usage:

Basic (two containers).

Advanced (three containers).

with Docker Compose

Additional configuration:

Let's Encrypt / ACME

Container configuration

Persistent data

Standlone certificates (Beta)

Troubleshooting:

Invalid / failing authorizations