Setup NGINX With Let’s Encrypt SSL Using Docker And Cloudflare

Setup NGINX With Let’s Encrypt SSL Using Docker And Cloudflare

Setting up NGINX with a free Let’s Encrypt SSL certificate is a breeze using Docker and the container maintained by The default setup will have a few different DNS options available. If using Cloudflare make sure under the dns-conf folder there is a cloudflare.ini file. If not use the below directions to setup the container and Cloudflare config.

Setup Docker Compose

Below is an example of my docker compose snippet for the Swag container:

        container_name: letsencrypt
            - NET_ADMIN        
            - PUID=1000
            - PGID=1000
            - TZ=America/New_York
            - URL=<>
            - SUBDOMAINS=wildcard
            - VALIDATION=dns
            - DNSPLUGIN=cloudflare
            - EMAIL=<>
            - DHLEVEL=2048
            - ONLY_SUBDOMAINS=true
            - STAGING=false
            - '443:443'
            - '80:80'
            - '<config location>:/config'
        restart: always
        image: linuxserver/swag

Setup Cloudflare DNS Credentials

The Cloudflare setup requires an API key which can be found in My Profile and tab API tokens after logging into Cloudflare.

# Cloudflare API credentials used by Certbot
dns_cloudflare_email = <>
dns_cloudflare_api_key = <api key>

Start Swag Container

Now start up the Swag container by running the command “docker-compose up -d” in the folder where the docker-compose file is located. Now navigate to the “config” location setup in the docker compose volume and open folder ‘dns-conf’.

Setup Cloudflare DNS file

Cloudflare.ini file should be located and the above information taken from the Cloudflare website can be setup and saved. If using another DNS provider fill in the proper file.

Restart Swag Container

Now we can restart the container so it can use the updated DNS settings. The following command will recreate the container and start it up at the same time.

docker-compose up -d --force-recreate --no-deps --build letsencrypt

Validate the Container

Open a browser and enter ‘localhost’ and it should load properly. Entering in the URL entered as an environment variable in the docker compose file should also load. Pages should work in HTTPS if not check the container logs.