I have Docker running on my Ubuntu server and I’ve setup Portainer with a SSL certificate using Certbot to point example.com:8443 to the sub-domain portainer.example.com.

Certification creation

certbot certonly --nginx \
--email webmaster@example.com \
--no-eff-email \
--agree-tos \
-d portainer.example.com

Running Portainer in Docker

docker run -d -p 8443:9000 -p 8000:8000 --name portainer --restart always \
-v /etc/letsencrypt/live/portainer.example.com:/certs/live/portainer.example.com \
-v /etc/letsencrypt/archive/portainer.example.com:/certs/archive/portainer.example.com \
-v portainer_data:/data portainer/portainer \
--ssl \
--sslcert /certs/live/portainer.example.com/fullchain.pem \
--sslkey /certs/live/portainer.example.com/privkey.pem

To my knowledge a NGINX reverse proxy can handle SSL certificates whilst leaving downstream applications or Docker containers on plain HTTP. My question is, do I apply SSL certificates to both the reverse proxy and Portainer Docker container or use the SSL certificate at on reverse proxy alone?

Hi

Yes reverse proxy can handle ssl certificates, please check this link and try Nginx - Documentation

There is no mention of SSL in that guide. I will assume if setting SSL certificates with NGINX then defining SSL certificates on the container itself is obsolete?

yes, as the portainer container is behind nginx proxy