Overview
I’m always looking for the easy way. Certbot already makes retrieving TLS certificates from Let’s Encrypt easy. But it’s getting those certificates “into production” that tends to be less easy. This is the easy way to get Let’s Encrypt TLS certificates into production with Hashicorp’s Nomad.
This is an overview of what we’ll be doing:
- Using Nomad’s docker driver to run docker container jobs.
- Using a cerbot docker image that performs a DNS-01 Challenge using Hetzner’s DNS API.
- Using Nomad host volumes to share certificates between nomad tasks.
- Using Nomad lifecycle block to initialize certificates before Nginx startup.
- Using Nginx as a reverse proxy/SSL termination
Here is what we won’t be doing: