Docker container with RabbitMQ with AMQPS and MQTTS enabled with automatic renewal of ssl certificates from LetsEncrypt. The only thing needed is a hostname for your server. This example uses mycoolserver.dyndns.com but it could be any hostname.
Start AMQPS on port 5671, MQTTS on port 8883 and the management interface of RabbitMQ on port 443
HOSTNAME=mycoolserver.dyndns.com docker-compose up
Open a browser to https://rabbitmq.mycoolserver.dyndns.com and check that you see the RabbitMQs management interface and that it has a valid SSL certificate.
docker-compose exec rabbitmq bash -c \
'openssl s_client -connect ${HOSTNAME}:5671 \
-CAfile /var/lib/https/rabbitmq.${HOSTNAME}/production/chained.pem \
-cert /var/lib/https/rabbitmq.${HOSTNAME}/production/signed.crt \
-key /var/lib/https/rabbitmq.${HOSTNAME}/production/domain.key'
docker-compose exec rabbitmq bash -c \
'openssl s_client -connect ${HOSTNAME}:8883 \
-CAfile /var/lib/https/rabbitmq.${HOSTNAME}/production/chained.pem \
-cert /var/lib/https/rabbitmq.${HOSTNAME}/production/signed.crt \
-key /var/lib/https/rabbitmq.${HOSTNAME}/production/domain.key'
The rabbitmq.conf loads the the following certificates from https://github.com/SteveLTN/https-portal
[
{ssl, [{versions, ['tlsv1.2', 'tlsv1.1']}]},
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [
{cacertfile,"/var/lib/https/rabbitmq.${HOSTNAME}/production/chained.pem"},
{certfile, "/var/lib/https/rabbitmq.${HOSTNAME}/production/signed.crt"},
{keyfile, "/var/lib/https/rabbitmq.${HOSTNAME}/production/domain.key"},
{versions, ['tlsv1.2', 'tlsv1.1']}
]},
{loopback_users, []}
]},
{rabbitmq_mqtt, [
{ssl_listeners, [8883]},
{tcp_listeners, [1883]}
]}
].