'adding lets encrypt on nginx using docker
without creating ssl certificate, django app and nginx using docker works fine
While trying to install lets encrypt certificate with the following command, I run into this issue. what is being missed?
docker-compose -f docker-compose-deploy.yml run --rm certbot certonly --manual --webroot-path /var/www/certbot/ -d example.com
Following problem keeps persisting
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: example.com
Type: connection
Detail: Fetching http://example.com/.well-known/acme-challenge/bkNM7S88bVGypFpUHsnNdasfaRgA3GKqTGX2jciYD4H_I: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Docker-compose file looks like this:
proxy:
build:
context: ./proxy
restart: always
depends_on:
- app
ports:
- 80:8000
- 443:443
volumes:
- static-data:/vol/static
- ./certbot/conf/:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
certbot:
image: certbot/certbot:latest
volumes:
- ./certbot/conf/:/etc/letsencrypt
- ./certbot/www/:/var/www/certbot
NGINX conf file :
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://example.com$request_uri;
}
location /static {
alias /vol/static;
}
}
server {
listen 443 ssl;
server_name example.com;
location / {
proxy_pass http://example.com;
}
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
uwsgi_pass ${APP_HOST}:${APP_PORT};
include /etc/nginx/uwsgi_params;
client_max_body_size 10M;
}
}
Solution 1:[1]
The error message indicate lets encrypt server can't access the challenge. Port 80 is maybe blocked by your router or the network in general, where your web server is connected, is not accessible from internet.
About your configuration itself, I can't tell much. I haven't it done before manually. I have a similar use case, but I use the image nginxproxy/acme-companion (respectively the legacy version jrcs/letsencrypt-nginx-proxy-companion). It is well documented and easy to handle. Most of the part is happen automatically, especially the nginx configuration and the cert refreshing.
Solution 2:[2]
Certbot creates challenge files at /var/www/ not at /var/www/certbot/ anymore.
I have solved my problem with this config:
location /.well-known/acme-challenge/ {
root /var/www; # no 'certbot' dir here
}
Docker-compose for Nginx and Certbot section (named volume):
volumes:
- certbot_challenges:/var/www/.well-known/acme-challenge
Command in Certbot section (webroot-path=/var/www):
command: certonly -v --dry-run --webroot --webroot-path=/var/www
--preferred-challenges http-01 --email [email protected]
--agree-tos --no-eff-email --non-interactive --force-renewal
-d example.com -d www.example.com
Solution 3:[3]
The default constructor builds an empty string with a length of 0 characters. https://www.cplusplus.com/reference/string/string/string/
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Frank |
| Solution 2 | |
| Solution 3 | DYZ |