This Docker image is based on the awesome smallstep/cli and smallstep/certificates projects from smallstep.
$ docker run --name ca.internal --restart unless-stopped -v step:/home/step -d katoni/simple-acme-server Download Root CA from container:
$ docker cp ca.internal:/home/step/certs/root_ca.crt . Install the Root CA into your Trusted Root Certification Authorities store.
Containers in the same network can access the ACME server with this URL: https://ca.internal/acme/development/directory
Example with Traefik reverse proxy:
services: traefik: image: traefik command: - "--log.level=DEBUG" - "--providers.docker=true" - "--entrypoints.http.address=:80" - "--certificatesResolvers.internal.acme.email=your-email@your-domain.org" - "--certificatesResolvers.internal.acme.httpChallenge=true" - "--certificatesResolvers.internal.acme.httpChallenge.entryPoint=http" - "--certificatesResolvers.internal.acme.caServer=https://ca.internal/acme/development/directory" volumes: - /var/run/docker.sock:/var/run/docker.sock - ./ca.pem:/ca.pem environment: LEGO_CA_CERTIFICATES: /ca.pem Note: Docker Desktop (since version 1.12.1) recognizes certs stored under Trust Root Certification Authorities or Intermediate Certification Authorities. However, there appears to be an issue (docker/for-win#4804), so we have to manually mount the root CA. Use LEGO_CA_CERTIFICATES to configure the lego client to use our custom CA certificate.