Because nginx-proxy and the companion container use separate environment variables, you can use a traditionally signed certificate for some hosts (see previous section) and letsencrypt certificates for others. For example, you might use a wildcard certificate for "*.demo.example.com" hosts and a letsencrypt certificate for a district's "vanity domain" (usas.sampletown.org and usps.sampletown.org).
Issues with LetsEncrypt
LetsEncrypt no longer supports ACMEv1 for certificate management. If your site stops automatically renewing/generating certificates, this may appear in the logs:
docker-compose logs --tail=50 le ... le_1 | 2020-01-09 11:48:43,395:INFO:simp_le:1382: Generating new account key le_1 | ACME server returned an error: urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
To resolve this, make sure you have the latest jrcs/lets encrypt-nginx-proxy-companion image if/when you update the jwilder/nginx-proxy alpine image. See https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion
We recommend making adjustments to the timeout configuration.