You normally use an external letsencrypt client to obtain the certificate and then pass it to the docker container. In some cases, you can't use an external acme client and/or you can't do HTTP-01 auth.
The included `acme.sh` client will help you to setup DNS-01 auth and in keeping the cert updated.
Please check [here](https://github.com/acmesh-official/acme.sh/wiki/dnsapi) for supported dns providers.
Each provider will use different environment variables, you have to add these variables to the container's environment.
### OVH
A quick way to create required credentials for OVH:
- login to your [OVH accuont](https://www.ovh.com/manager/)
- paste in your browser an URL like the following one:
If you want to change the passive ports range (which by default is 50000-50050), you can do so via environment variables (PASSIVEPORTS_START and PASSIVEPORTS_END).
In any case, you also have to enable a matching range of exposed ports.
Please note that you have to restart the container (or send sighup to proftpd) whenever the certificate is renewed.
We mount the complete letsencrypt directory because the in live/ftp.mydomain.com we have symlinks to the actual live certificates and in the container these will refer to non-existant files.
Also FTP active mode doesn't work until you configure networking as "host".
