Name Command State Ports -------------------------------------------------------------------------certbot certbot certonly --webroot ... Exit 0 db docker-entrypoint.sh --def ... Up 3306/tcp, 33060/tcpwebserver nginx -g daemon off; Up 0.0.0.0:80->80/tcp wordpress docker-entrypoint.sh php-fpm Up 9000/tcp
docker-compose up --force-recreate --no-deps certbot
Recreating certbot ... doneAttaching to certbotcertbot | Saving debug log to /var/log/letsencrypt/letsencrypt.logcertbot | Plugins selected: Authenticator webroot, Installer Nonecertbot | Renewing an existing certificatecertbot | Performing the following challenges:certbot | http-01 challenge for example.comcertbot | http-01 challenge for www.example.comcertbot | Using the webroot path /var/www/html for all unmatched domains.certbot | Waiting for verification...certbot | Cleaning up challengescertbot | IMPORTANT NOTES:certbot | - Congratulations! Your certificate and chain have been saved at:certbot | /etc/letsencrypt/live/example.com/fullchain.pemcertbot | Your key file has been saved at:certbot | /etc/letsencrypt/live/example.com/privkey.pemcertbot | Your cert will expire on 2019-08-08. To obtain a new or tweakedcertbot | version of this certificate in the future, simply run certbotcertbot | again. To non-interactively renew *all* of your certificates, runcertbot | "certbot renew"certbot | - Your account credentials have been saved in your Certbotcertbot | configuration directory at /etc/letsencrypt. You should make acertbot | secure backup of this folder now. This configuration directory willcertbot | also contain certificates and private keys obtained by Certbot socertbot | making regular backups of this folder is ideal.certbot | - If you like Certbot, please consider supporting our work by:certbot | certbot | Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donatecertbot | Donating to EFF: https://eff.org/donate-lecertbot | certbot exited with code 0
Save and close the file when you are finished editing.
Recreate the webserver service:
docker-compose up -d --force-recreate --no-deps webserver
Check your services with docker-compose ps :
You should see output indicating that your db , wordpress , and webserver services are running:
Name Command State Ports ----------------------------------------------------------------------------------------------certbot certbot certonly --webroot ... Exit 0 db docker-entrypoint.sh --def ... Up 3306/tcp, 33060/tcp webserver nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcpwordpress docker-entrypoint.sh php-fpm Up 9000/tcp
With your containers running, you can now complete your WordPress installation through the web interface.
Step 6 — Completing the Installation Through the Web Interface
With our containers running, we can finish the installation through the WordPress web interface.
In your web browser, navigate to your server’s domain. Remember to substitute example.com here with your own domain name:
Select the language you would like to use:
After clicking Continue , you will land on the main setup page, where you will need to pick a name for your site and a username. It’s a good idea to choose a memorable username here (rather than “admin”) and a strong password. You can use the password that WordPress generates automatically or create your own.
Finally, you will need to enter your email address and decide whether or not you want to discourage search engines from indexing your site:
Clicking on Install WordPress at the bottom of the page will take you to a login prompt:
Once logged in, you will have access to the WordPress administration dashboard:
With your WordPress installation complete, you can now take steps to ensure that your SSL certificates will renew automatically.
Step 7 — Renewing Certificates
Let’s Encrypt certificates are valid for 90 days, so you will want to set up an automated renewal process to ensure that they do not lapse. One way to do this is to create a job with the cron scheduling utility. In this case, we will create a cron job to periodically run a script that will renew our certificates and reload our Nginx configuration.
First, open a script called ssl_renew.sh :
Add the following code to the script to renew your certificates and reload your web server configuration. Remember to replace the example username here with your own non-root username:
This script first assigns the docker-compose binary to a variable called COMPOSE , and specifies the --no-ansi option, which will run docker-compose commands without ANSI control characters . It then changes to the ~/wordpress project directory and runs the following docker-compose commands:
docker-compose run : This will start a certbot container and override the command provided in our certbot service definition. Instead of using the certonly subcommand, we’re using the renew subcommand here, which will renew certificates that are close to expiring. We’ve included the --dry-run option here to test our script.
This will set the job interval to every five minutes, so you can test whether or not your renewal request has worked as intended. We have also created a log file, cron.log , to record relevant output from the job.
After five minutes, check cron.log to see whether or not the renewal request has succeeded:
tail -f /var/log/cron.log
You should see output confirming a successful renewal:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -** DRY RUN: simulating 'certbot renew' close to cert expiry** (The test certificates below have not been saved.)Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/example.com/fullchain.pem (success)** DRY RUN: simulating 'certbot renew' close to cert expiry** (The test certificates above have not been saved.)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You can now modify the crontab file to set a daily interval. To run the script every day at noon, for example, you would modify the last line of the file to look like this:
In this tutorial, you used Docker Compose to create a WordPress installation with an Nginx web server. As part of this workflow, you obtained TLS/SSL certificates for the domain you want associated with your WordPress site. Additionally, you created a cron job to renew these certificates when necessary.
As additional steps to improve site performance and redundancy, you can consult the following articles on delivering and backing up WordPress assets: