In order to get the let's encrypt certificates I have to validate that I'm the owner of the domain. This is no problem if you run your own app in a container in OpenShift Online. But in this case I'm just pulling the image from the official docker registry and run it directly in OpenShift Online.
The only way I can think of right now, is to login to a running pod and install/run a webserver there. But this seems kinda hacky to me and I'm not even sure if this would be possible in the environment the third party image provides.
Does anyone know how to do this in OpenShift Online v3?
Solved it myself. The solution was to use the DNS-01 Challenge with certbot.
With this approach you need to create a TXT Record for the domain you want to secure and add a key that you get from certbot as a value for the TXT Record. Certbot then validates your domain ownership by reading the key from the TXT Record. This is how it worked:
First I ran this command:
which returns a subdomain that looks like this:
_acme-challenge.mysubdomainand a key that looks like this:M7MsmY-YywYddXfAVwaKje...Then I created a TXT Record for mydomain.com with these values:
I used the web interface of my domain registrar to create the TXT Record.
It took some time for TXT record to become publicly available. I used this command on my laptop to check if the TXT Record was ready:
It's ready as soon as it returns the key. When it's ready you can go back to the
certbotterminal window and hit ENTER to start the validation process.If everything works out certbot saves the certificate/privatekey under:
You can create a secure route with the new certifacate/privatekey like this: