How to Install SSL Certificate on Docker

A comprehensive guide to implementing SSL/TLS certificates on Docker containers and services.

Table of Contents

Prerequisites

Before implementing SSL certificates on Docker, ensure you have:

  • Docker installed and running
  • Docker Compose (optional but recommended)
  • SSL certificate files:
    • Certificate file (.crt)
    • Private key file (.key)
    • Certificate chain file (if applicable)
Note: These instructions work for both Linux and Windows Docker installations.

Obtaining SSL Certificate

You can obtain SSL certificates through various methods:

Certificate Options
  • Let's Encrypt (Free): Using Certbot or other ACME clients
  • Commercial CA: Purchase from trusted providers
  • Self-signed: For development/testing environments

Docker Volume Setup

Create a secure way to store and access certificates:

  1. Create a Docker volume for certificates: 
    docker volume create certs
  2. Create a temporary container to manage certificates: 
    docker run --rm -v certs:/certs -v $(pwd):/source alpine sh -c "cp /source/*.{crt,key} /certs/"

Container Configuration

Use our configuration generator to create your Docker SSL configuration:

Configuration Generator
Dockerfile
FROM nginx:alpine

COPY nginx.conf /etc/nginx/nginx.conf
COPY default.conf /etc/nginx/conf.d/default.conf

VOLUME /etc/nginx/certs
EXPOSE 443

CMD ["nginx", "-g", "daemon off;"]
Nginx Configuration
server {
    listen 443 ssl http2;
    server_name example.com;

    ssl_certificate /etc/nginx/certs/example.com.crt;
    ssl_certificate_key /etc/nginx/certs/example.com.key;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    
    location / {
        proxy_pass http://app:3000;
    }
}

Testing Configuration

Verify your SSL configuration:

  1. Start your container: 
    docker run -d --name myapp -p 443:443 -v certs:/etc/nginx/certs myapp
  2. Verify SSL connection:
    • Visit https://example.com
    • Check certificate details in browser
    • Use curl to test: 
      curl -k https://localhost

Troubleshooting

  • Certificate not found: Check volume mounting and file paths
  • Permission issues: Verify file permissions in container
  • Connection refused: Check port mappings
  • Certificate chain issues: Verify complete chain is included

Best Practices

  • Security:
    • Use Docker secrets for sensitive data
    • Implement proper file permissions
    • Regular security updates
  • Maintenance:
    • Automate certificate renewal
    • Use health checks
    • Implement logging

Docker Compose Setup

Use Docker Compose for easier SSL configuration:

Example docker-compose.yml
version: '3.8'

services:
  web:
    image: nginx:alpine
    ports:
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - certs:/etc/nginx/certs:ro
    depends_on:
      - app
  
  app:
    build: .
    expose:
      - "3000"

volumes:
  certs:
    external: true
Tip: Use Docker Compose for managing multi-container applications with SSL.

Certellix is an independent service. We are not affiliated with any commercial certificate authority.

Privacy Policy
Terms of Service
Refund Policy
Contact Us