3 Mins Read

2 January 2026

How to Create HTTPS with Docker, NGINX, and Certbot

This guide explains how to quickly secure your web application with HTTPS using Docker, NGINX, and Let’s Encrypt (Certbot). The setup is lightweight, production-ready, and works well for small services and modern microservice-based applications.

Let’s Encrypt is a free, automated certificate authority that provides SSL/TLS certificates. NGINX acts as a reverse proxy, handling HTTPS termination and routing traffic to your application. Docker allows all services to run in isolated containers, making deployment consistent and easy to maintain.

The main goal of this approach is to improve application security by enabling HTTPS and managing communication between containers and the host through NGINX.

Create an Application with Docker

The first step is to create a simple application service using Docker Compose. For demonstration purposes, we use a Hello World container that runs on port 80.

services:
  helloworld:
    container_name: helloworld
    image: crccheck/hello-world
    ports:
      - "80:8000"

Start the container with the following command:

docker compose up -d helloworld

At this point, the application is running but still accessible only via HTTP.

Configure NGINX as a Reverse Proxy

Next, create an NGINX configuration file. In this file, define your server name and configure proxy_pass to forward requests to the Docker service by its container name.

NGINX will act as a gateway between the public internet and your application, allowing you to later attach SSL certificates without modifying the app itself.

After preparing the configuration file, create a new NGINX service in docker-compose.yml and mount the configuration file into the container.

Obtain an SSL Certificate with Certbot

Before running Certbot, make sure your domain is properly configured. You need to create an A record that points to your domain (for example, mysite.com) to your server’s IP address.

Certbot validates domain ownership using the following route:

/.well-known/acme-challenge/

To support this, configure NGINX to serve files from a shared directory, such as:

/var/www/certbot

Then, add two volumes to the NGINX service in docker-compose.yml:

  • One for Certbot challenge files

  • One for storing SSL certificates

Once Certbot runs successfully, it will generate SSL certificates for your domain. After verifying the Certbot logs, update the NGINX configuration to enable HTTPS using the newly issued certificates.

Final Notes and Automatic Renewal

At this stage, your application is fully secured with HTTPS using Docker, NGINX, and Let’s Encrypt.

To keep certificates up to date, you can enable automatic renewal by running Certbot on a schedule. This can be done using:

  • cron on Linux

  • Task Scheduler on Windows

This setup provides a reliable and scalable foundation for running secure web applications in Docker-based environments.

Full Example: Docker Compose and NGINX with Certbot

version: "3.9"

services:
  helloworld:
    container_name: helloworld
    image: crccheck/hello-world
    ports:
      - "8000:8000"       # Internal port mapped for NGINX
    restart: always

  nginx:
    image: nginx:latest
    container_name: nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d
      - ./certbot/www:/var/www/certbot
      - ./certbot/conf:/etc/letsencrypt
    depends_on:
      - helloworld
    restart: always

  certbot:
    image: certbot/certbot
    container_name: certbot
    volumes:
      - ./certbot/www:/var/www/certbot
      - ./certbot/conf:/etc/letsencrypt
    entrypoint: >
      sh -c "trap exit TERM; while :; do sleep 12h & wait $${!}; certbot renew; done"

Tags:Docker