devops.

docker-compose-log-rotation-disk-fill

Certbot Dns 01 Cloudflare Wildcard

certbot renewal failure modes: the 6 ways auto-renewal silently breaks and how to detect them before the cert expires

Renewal is the part indie operators forget about until the browser shows a red padlock. Covers the 6 most common silent-failure modes: (1) the systemd timer that was masked by a package upgrade, (2) the HTTP-01 challenge that fails because a new nginx location block shadows `/.well-known/acme-challenge/`, (3) the DNS-01 hook script that exits 0 but didn't actually propagate, (4) the snap-vs-apt certbot binary path drift after a distro upgrade, (5) the disk-full `/var/log/letsencrypt` that aborts renewal, (6) the rate-limit hit from too-frequent dry runs. Unique angle: failure-driven, not happy-path — each section is 'how to detect this BEFORE the cert expires.' Take-away: a 10-line monitoring script (curl + `openssl s_client` + a Telegram or email webhook) plus a `certbot renew --dry-run` cron pattern that catches all 6 modes 30+ days ahead.

Step 1: Bootstrap a baseline docker-compose stack with app and reverse proxy

nginx websocket proxy_read_timeout docker-compose

Walk through why nginx's default 60s `proxy_read_timeout` silently kills long-lived WebSocket connections behind a docker-compose reverse proxy, and the exact `Upgrade`/`Connection` headers plus 3600s timeout block that fixes it in production.

Nginx + Let's Encrypt on a Single VPS: From Fresh Ubuntu to HTTPS in 20 Minutes

Cold-start walkthrough for issuing your first Let's Encrypt certificate with certbot --nginx on a fresh Ubuntu VPS. Covers nginx repo choice, the HTTP-01 server block, and the four files certbot rewrites.

Auto-Renew Let's Encrypt Certs with certbot.timer and Nginx

Wire up certbot.timer for Let's Encrypt auto-renewal on Nginx — systemd unit, post-renew reload hook, and --expand for adding SANs without downtime.

One Let's Encrypt Cert for Many Subdomains: nginx + certbot SAN Setup

Issue a single Let's Encrypt SAN certificate covering many subdomains with nginx and certbot. Renewal, rate limits, and deploy hooks for solo operators.