From c483a25e3bbc45ac02afc617a58fdf72cc073258 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ciar=C3=A1n=20Ainsworth?= <sporiff@funkwhale.audio>
Date: Tue, 17 Jan 2023 10:09:56 +0100
Subject: [PATCH] docs: add Docker certbot instructions

Part-of: <https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/2319>
---
 .../installation_docs/docker.md               | 34 ++++---------------
 1 file changed, 7 insertions(+), 27 deletions(-)

diff --git a/docs/administrator_documentation/installation_docs/docker.md b/docs/administrator_documentation/installation_docs/docker.md
index e5504262e..c916fa52e 100644
--- a/docs/administrator_documentation/installation_docs/docker.md
+++ b/docs/administrator_documentation/installation_docs/docker.md
@@ -262,39 +262,19 @@ That's it! The container mounts your custom nginx files and uses its values to s
 
 ## 6. Set up TLS
 
-To enable your users to connect to your pod securely, you need to set up {abbr}`TLS (Transport Layer Security)`. To do this, we recommend using the <acme.sh> script.
+To enable your users to connect to your pod securely, you need to set up {abbr}`TLS (Transport Layer Security)`. To do this, we recommend using [certbot](https://certbot.eff.org/).
 
-1. Log in as the superuser account to run these commands.
+1. Install certbot
 
    ```{code-block} sh
-   su
+   apt-get update
+   apt-get install certbot python3-certbot-nginx
    ```
 
-2. Create the `/etc/certs` folder to store the certificates.
+2. Run certbot
 
    ```{code-block} sh
-   mkdir /etc/certs
+   sudo certbot --nginx -d $FUNKWHALE_HOSTNAME
    ```
 
-3. Download and run `acme.sh`. Replace `my@example.com` with your email address.
-
-   ```{code-block} sh
-   curl https://get.acme.sh | sh -s email=my@example.com
-   ```
-
-4. Generate a certificate. Replace `example.com` with your Funkwhale pod name. Use `/srv/funkwhale/front` as your web root folder.
-
-   ```{code-block} sh
-   acme.sh --issue -d example.com -w /srv/funkwhale/front
-   ```
-
-5. Install the certificate to your Nginx config. Replace `example.com` with your Funkwhale pod name.
-
-   ```{code-block} sh
-   acme.sh --install-cert -d example.com \
-   --key-file       /etc/certs/key.pem  \
-   --fullchain-file /etc/certs/cert.pem \
-   --reloadcmd     "service nginx force-reload"
-   ```
-
-That's it! acme.sh renews your certificate every 60 days, so you don't need to worry about renewing it.
+That's it! certbot renews your certificate every 60 days, so you don't need to worry about renewing it.