certbot实现自动更新证书

version: '3.8'

services:
  nginx:
    image: nginx:alpine
    container_name: nginx_web
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      # 挂载配置和网站文件
      - ./conf/nginx.conf:/etc/nginx/nginx.conf
      - ./conf/conf.d:/etc/nginx/conf.d
      - ./html:/usr/share/nginx/html
      - ./logs:/var/log/nginx
      # 关键：将certbot生成/续期的证书共享给nginx
      - ./certs:/etc/letsencrypt
    networks:
      - web_network

  certbot:
    image: certbot/certbot:latest
    container_name: certbot_renew
    restart: unless-stopped
    volumes:
      # 同样挂载证书目录，确保数据持久化
      - ./certs:/etc/letsencrypt
      # 挂载webroot验证目录到nginx的默认静态文件路径
      - ./html:/usr/share/nginx/html
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew --webroot -w /usr/share/nginx/html; sleep 12h & wait $${!}; done;'"
    networks:
      - web_network

networks:
  web_network:
    driver: bridge

手动更新证书：

docker exec certbot_renew certbot renew --webroot -w /usr/share/nginx/html