certbot

certbot is a command to manage SSL certificates.

use docker-compose.yml

...
  certbot:
    restart: "no"
    image: certbot/certbot:latest
    profiles: ["_"]
    volumes:
      - ./certbot/etc/:/etc/letsencrypt/
      - ./certbot/var/:/var/lib/letsencrypt/
      - ./certbot/public/:/public/  # dir for webroot (shared with nginx)
...

By the following nginx config, retrieving new certificate becomes easy.

server {
  listen 80;
  location /.well-known/ {
    root /srv/http/certbot/;  # dir for webroot (specified in docker-compose.yml)
  }
  location / {
    return 301 https://$host$request_uri;
  }
}

docker-compose run certbot certonly --webroot -w /public -d <DOMAIN> --agree-tos

docker-compose run certbot renew