Connect with us

Hi, what are you looking for?


Setup NGINX with Let’s Encrypt SSL using Docker and Cloudflare

Setting up NGINX with a free Let’s Encrypt SSL certificate is a breeze using Docker and the container maintained by The default setup will have a few different DNS options available. If using Cloudflare make sure under the dns-conf folder there is a cloudflare.ini file. If not use the below directions to setup the container and Cloudflare config.

Reverse Proxy Flow

Setup Docker Compose

Below is an example of my docker compose snippet for the Let’s Encrypt container:

        container_name: letsencrypt
            - NET_ADMIN        
            - PUID=1000
            - PGID=1000
            - TZ=America/New_York
            - URL=<>
            - SUBDOMAINS=wildcard
            - VALIDATION=dns
            - DNSPLUGIN=cloudflare
            - EMAIL=<>
            - DHLEVEL=2048
            - ONLY_SUBDOMAINS=true
            - STAGING=false
            - '443:443'
            - '80:80'
            - '<config location>:/config'
        restart: always
        image: linuxserver/letsencrypt

Setup Cloudflare DNS Credentials

The Cloudflare setup requires an API key which can be found in My Profile and tab API tokens after logging into Cloudflare.

# Cloudflare API credentials used by Certbot
dns_cloudflare_email = <>
dns_cloudflare_api_key = <api key>

Start Let’s Encrypt Container

Now start up the Let’s Encrypt container by running the command “docker-compose up -d” in the folder where the docker-compose file is located. Now navigate to the “config” location setup in the docker compose volume and open folder ‘dns-conf’.

Setup Cloudflare DNS file

Cloudflare.ini file should be located and the above information taken from the Cloudflare website can be setup and saved. If using another DNS provider fill in the proper file.

Restart Let’s Encrypt Container

Now we can restart the container so it can use the updated DNS settings. The following command will recreate the container and start it up at the same time.

docker-compose up -d --force-recreate --no-deps --build letsencrypt

Validate the Container

Open a browser and enter ‘localhost’ and it should load properly. Entering in the URL entered as an environment variable in the docker compose file should also load. Pages should work in HTTPS if not check the container logs.



  1. t

    November 23, 2020 at 9:32 pm

    If I would have access to your web-servers ip-address, I could still access all your services without knowing your domain. Docker is exposing these ports by default. Is it possible to constrain access to these and only allow connections through the cloudflare network?

    • Carl

      November 25, 2020 at 1:09 am

      Yes, Docker is exposing ports for whatever containers I have running but they are not accessible outside of the network due to the NGINX proxy only accepting connections on specific ports. At the router level only ports for the NGINX container are forwarded.

Leave a Reply

Your email address will not be published.

You May Also Like


Plex updated it’s support of collections at the end of 2017 by letting the user choose to group movies in a collection ie. Star...


Configure the TP-Link AX50 router so that it can be shared between both Windows and Linux. The router has USB sharing built into the...


Cloudflare has plenty to offer even to free users. I looked into some methods of improving the TTL or time to first byte as...


In a prior post I detailed how to backup a SQL database from a MariaDB Docker container. Since I also have a few Docker...

Copyright © 2021 Carl Peterson. Theme by MVP Themes, powered by WordPress.