Manage and back up TLS certificates for localhost
.
Warning: This template is intended to manage certificates for development use only. Do not use this for production.
Click the Use this template button on the top page of this template repository to create your own repository for managing and backing up your certificates.
Important: Don't forget to make your repository private.
First, set a comma-separated list of domains to the environment variable
DOMAINS
in your own .env
file, for example:
DOMAINS=example.com,*.example.com
Then, run this command to obtain or renew a certificate for that domains:
docker compose run --rm certbot
Run this command to get an archive of certificates and Certbot configurations for them from the Docker volumes:
docker compose run --rm backup
Run this command to store certificates and Certbot configurations for them extracted from a backup in the Docker volumes:
docker compose run --rm restore
Before pushing a backup to your remote repository with Git, be sure to encrypt it. First, generate a key of age:
age-keygen -o key.txt
Keep this key in a safe place. Of course, do not push it to a remote repository.
Next, encrypt the backup with the recipient generated with that key:
./encrypt.sh age1xxx...
Then, an encrypted backup certs.tar.age
is generated. This file is safe to
push to a remote repository.
Important: As explained below, decrypting an encrypted backup requires the key generated above. If this key is lost and the Docker volumes is also deleted, you will have no way to access your certificates.
To decrypt an encrypted backup, use the key corresponding to the recipient specified when encrypting. Run this command to decrypt with that key:
./decrypt.sh key.txt
Then, a decrypted backup certs.tar
is generated. Restoring this file with the
command described above will allow Certbot to manage the certificates again.
See LICENSE for the license of this template.