pontus
commented
4 years ago Apparently the support for this was lost in reshuffling at some point, so we need #73 for this.
Once done, one can either bring purchased certificates oneself or use let's encrypt (recommended) outside the container (pointing to config/updates as webroot).
Actual usage depends on client, but with certbot one would set up with certbot certonly --webroot, possibly specifying the additional directories if not run as root (often a good idea).
Unless one wants to provide setup scripts, e.g. ansible, for this as well, it's fine running interactively, one will then end up with the various files needed and can add a cronjob to run renew and copy files to the expected places (cert.pem, key.pem, ca.pem).
How do we get a certificate to run https?