Rancher with Automated Let’s Encrypt Certificates

At Tozny, many of our web services are hosted in Docker containers housed within various Rancher environments. We needed an efficient way to automate the creation and management of our TLS/SSL certificates in these environments, so we wrote a service in-house to take care of things.

The service runs as two containers:

  1. a basic Nginx container to power Let’s Encrypt webroot verification
  2. a service container to keep everything running

The service itself:

  • automatically fetches new certificates
  • pushes certificates into Rancher via its API so load balancers pick them up automatically
  • polls the Rancher API for certificate expiration and automatically renews expiring certificates
  • easily rolls from Let’s Encrypt staging certificates for testing to Production CA verified certificates
  • verifies local certificates against Rancher API certificates

This tool has proven enormously effective for our own use, so the team has elected to open it to the public in the hope that it is useful for others.

More details are available in the project’s GitHub repository or on the public Docker Hub page.

Interesting in learning more about Tonzy’s encryption solutions? Check out TozStore or TozID, Tozny’s secure identity management solution with end-to-end encryption built in. Our SDKs and toolkits are designed to simplify and expedite the deployment of solutions that address your encryption needs.