I've been thinking about using Letsencrypt to generate some SSL certificates for my web applications on my servers but I'm not sure where to start and whether the method to automatically renewing the certificates with certificate client will work.
I have a several Linux servers running off Docker containers so that I can run applications such MariaDB, Nextcloud, NGINX etc, and OMV (OpenMediaVault) as a NAS running a FTP server and some SMB shares.
I would like to create certificates for them using an official CA such as the free Letsencrypt compared to making my own CA and distributing it across the devices like I have already, so that the certificates signed by the CA can be verified at the client-side.
I currently have a couple of DDNS’s setup using the DDNS-LuCI-app and my aim is to generate multiple certificates for the DDN's with the addition of some sub-domains. Because my router is on almost all the time (I use smart-plugs to turn it off when I'm away from home), I want to use OpenWrt as the sole place to generate all the certificates. With that in mind, I was thinking of making a Cron job on the host servers that is hosting the Docker containers to pull the certificates into a central directory the server apps require or, host some kind of secure, LAN, network share the server apps can read the certificates from. Is this possible and a sensible way of doing it? My servers are turned on on an ad-hoc basis at the moment hence I'm steering away from automatically updating the certificates on their own servers and rather let OpenWrt handle it.