[hanklazard]

I’ve been running it in a docker container plugged into the nginx reverse proxy and letsencrypt companion containers. The latter claims to automatically update certs though I haven’t had it running long enough to test it. Unless you’re set on using Caddy, it’s a pretty straightforward option.

Instructions here: https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-compan...

[forty]

The issue with this kind of solution is that you need to pass your docker socket to the container. Not great.

[hanklazard]

Can you elaborate on why this is a problem? I'm fairly new to docker (and not a programmer / dev), so I'll take any tips I can get!

[forty]

It basically ruins most isolation/security benefits containers provide, since having root access to this socket allows to nearly have root access to the host. This is something you want to really avoid.

I don't really have a good solution to this "reload service when certificates are updated" problem that doesn't involve heavier container orchestration.