install wildcard lets encrypt ssl certificate on laravel sail

Question

I created a SaaS app using laravel 8 with first-party package laravel sail (Docker) and tenancy for laravel

package for the SaaS. I need to install wildcard lets encrypt SSL on the main app and all tenant apps will be on HTTPS. I tried to install certbot image like this

  certbot:
    image: certbot/certbot:latest

the image installed but I do not know what to do after that.

I tried without docker using certbot instructions it's installed and everything succeeded but the website doesn't open and all request timeout.

Update:

this is the ports section in my docker-compose.yml file

ports:
    - '443:443'

I ran docker ps and all services are up and running.

I ran sudo ufw status and this is the result

Answer 1

TLDR: Laravel sail is not for production. Use a different docker configuration, if you need an example you can find it here: https://github.com/thomasmoors/laravel-docker

Also wildcard certificates are not achievable by using HTTP-01 challenges, you need a DNS-01 challenge, which you do by adding a txt record to your dns config.

---

Wildcard certificates by Let's Encrypt are only possible with a DNS-01 challenge. This however requires you to paste a TXT record to your DNS registry. So no go for wildcard unless you have an api to change your dns. It might be worth a try to look at this: https://stackexchange.github.io/dnscontrol/ However I do not know if your domain provider supports this.

For regular (non-wildcard) certificates:

By default Laravel Sail runs using the built in php artisan serve command-webserver, which has no support for ssl certificates. So you need to add a reverse proxy like nginx. Because of this I believe sail not to be production ready and also not intended. I have made an example of a non-sail docker-compose config for laravel: https://github.com/thomasmoors/laravel-docker

Certbot works by placing a file on your webserver which will be retrieved for the challenge. However it looks like your current configuration does not share a volume between your webserver and Certbot. Also you need to allow certbot to modify your nginx config.

The default location for you code is /var/www/html, so you should enable Certbot to write to that directory by adding a volume for the Certbot service as well:

upstream sentry_docker {
        server 192.168.1.94:9005;
}

server {

    server_name example.dev;



     location / {


               proxy_pass http://sentry_docker;
               proxy_set_header Host $host;
}




    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.dev/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.dev/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}







server {
    if ($host = example.dev) {
        return 301 https://$host$request_uri;
    } # managed by Certbot



    server_name example.dev;
    listen 80;
    return 404; # managed by Certbot


}

     certbot:
        image: certbot/certbot:latest
        volumes:
          - .:/var/www/html
          - ./data/nginx:/etc/nginx/conf.d

Answer 2

There are not enough information to help you but I can suggest to check out this guide https://github.com/Daanra/laravel-lets-encrypt and double check your configuration. If the website doesn't show up, according to the error, the problem might be related to the network (firewall) or something else (the application not running and binding itself to the port 80 for http requests and 443 for https).