How to handle declarative Nginx Configuration with Let's Encrypt?

kg flag

I manage an nginx instance, that does http loadbalancing and TLS-Termination.

So far I generated TLS certificates manually using certbot --nginx and selecting the Host I would like to lease a certificate for.

I would like my server to poll a git repository, that serves as the single source of truth for my nginx configuration (GitOps).

How would I handle the automatic ACME generation & renewal of TLS certificates for my nginx config (preferably using Let's Encrypt certs)?

I suppose would need something (certbot?) to:

  • detect which server blocks need ssl certificates,
  • trigger the ACME challenge,
  • store the cert in the given location or predict the default location when writing the nginx config.
  • renew the cert before it expires

How does one handle this challenge?

http {

  # upstreams pointing to kubernetes clusters
  upstream development {
    server 192.168.XX.XX;
    server 192.168.XX.XX;
    server 192.168.XX.XX;

  upstream staging {
    server 192.168.XX.XX;
    server 192.168.XX.XX;
    server 192.168.XX.XX;

  # example config for one application running on development cluster
  server {
    proxy_set_header Host $host;

    location / {
      proxy_pass https://development;
    listen 443 ssl;
    ssl_certificate /path/to/fullchain.pem;   # how would I generate those without manual intervention?
    ssl_certificate_key /path/to/privkey.pem; # how would I generate those without manual intervention?
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

Footnote: I am aware that I could just do TCP loadbalancing and handle TLS termination by the upstream, but I would like to manage a single loadbalancer that can do path-based routing to different upstreams (also SSL peak seems a bit icky).

TLDR: I am looking for a declarative way to manage my nginx config, that also takes care of certificate management.

I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.