tyranron
commented
4 years ago @ebricca in different environments issuing certificates is quite different. For example, we're using cert-manager in Kubernetes and haven't touched cert-bot ever. This is the infrastracture problem. The single docker image shouldn't try to solve infrastracture problem, because the problem is on one abstraction layer above the image. Pasting cert-bot inside docker image will complicate it, make it violating Docker Way, and as the result make it quite opionated about usage, so uncomfortable for users which doesn't use cert-bot.
Use the second way you've described and use cert-bot as sidecar container in your deployment, if you require it in-place.
it would be great if the container could generate itself letsencrypt certificates via certbot --standalone (port 80 only - keeps port 443 available)
see also: https://docs.bigbluebutton.org/2.2/setup-turn-server.html#generating-tls-certificates
this might be right as the coturn service seems to need a restart on a key change --deploy-hook "systemctl restart coturn"
else the other way would be to link the coturn and certbot docker images together like https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71 and solve the service restart in another way