CapRover

CapRover

  • Docs
  • GitHub
  • Slack Group

›Do More

Basics

  • Getting Started
  • CaptainDuckDuck Upgrade
  • Captain Definition File
  • Deployment Methods
  • App Configuration
  • Persistent Apps
  • CLI Commands
  • One-Click Apps
  • Complete Webapp Tutorial

Do More

  • Resource Monitoring
  • NGINX Config
  • Service Update Override
  • App Scaling & Cluster
  • Pre-deploy Script
  • Play with CapRover
  • Run Locally
  • Change ACME Server

Recipes and Tips

  • Sample Apps
  • Database Connection
  • Best Practices
  • Backup & Restore
  • Static React App
  • Stateless with Persistent data
  • Docker Compose
  • CI/CD Integration

    • Intro
    • Deploy from GitHub
    • Deploy from GitLab

Help

  • Server Purchase
  • Disk Clean-Up
  • Firewall & Port Forwarding
  • Troubleshooting
  • Help and Support
Edit

Configure Certbot to use a new ACME Server

NOTE:

Most (almost all) users do not need to modify Certbot configs. CapRover automatically manages it for you. You can skip this page.

First step

Normally, the directory /captain/data/letsencrypt/etc should contain the volume used by Certbot, to configure Certbot, add a cli.ini file in this directory:

$ cd /captain/data/letsencrypt/etc/
$ nano cli.ini

Configure the right things

We will take as an example ZeroSSL's ACME server to guide you over the steps needed to make Certbot work correctly with it,

first (at least for ZeroSSL, you need to get EAB credentials which are here) we add our email and we tell Certbot to accept the TOS of the service:

email = foo@example.com
agree-tos = true

then we add the server (and if needed the EAB credentials):

server = https://acme.zerossl.com/v2/DV90 # (change it with your ACME server)
eab-kid = some-short-string
eab-hmac-key = a-big-key

Restart certbot

Then to apply our changes we need to update Certbot's service:

$ docker service update captain-certbot

And you're done !

CAA Record

Remember to add a CAA record in your DNS to avoid any problem when generating SSL certs

for example, ZeroSSL need you to have:

<your domain>. 3600 IN CAA 0 issue "sectigo.com"
<your domain>. 3600 IN CAA 0 issuewild "sectigo.com"
← Run LocallySample Apps →
  • First step
  • Configure the right things
  • Restart certbot
  • CAA Record
CapRover
Docs
Getting Started
Community
TwitterSlack Group
More
GitHubStar
Copyright © 2023 githubsaturn