Hi guys, I am struggling getting nginx to run with a Certbot created certificate in docker. I issued it and it worked just fine. Then mounted the letsencrypt folder for nginx to access those links towards the archive but the log outputs that the file is not found… What am I missing here? Is that a permission issue or are the links problematic? Looking forward to any help!
docker-compose setup:
version: '3.1'
services:
nginx-container:
container_name: 'nginx'
image: nginx:latest
ports:
- "80:80"
- "443:443"
volumes:
- /files/conf.d/default.conf:/etc/nginx/conf.d/default.conf
- /files/html:/usr/share/nginx/html
- /files/dh-param/dhparam.pem:/etc/ssl/certs/dhparam.pem
- /files/letsencrypt/live:/etc/letsencrypt/live:ro
networks:
- nginx-proxy
networks:
nginx-proxy:
driver: bridge
Nginx default.conf:
server {
listen 80;
listen [::]:80;
server_name site.com
location / {
rewrite ^ https://$host$request_uri? permanent;
}
#for certbot challenges (renewal process)
location ~ /.well-known/acme-challenge {
allow all;
root /data/letsencrypt;
}
}
#https://site.com
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name tomkerkhoff.de;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
return 301 https://therealsite.com$request_uri;
}
Nginx log:
2018/11/18 13:17:31 [warn] 1#1: the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/default.conf:56
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/default.conf:56
2018/11/18 13:17:31 [emerg] 1#1: BIO_new_file("/etc/letsencrypt/live/site.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/site.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/site.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/site.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
root@Kerksbox:/opt/ng
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Same issue. The problem is that *.pem files in live folder is only symlinks to the
../../archive
files. Add the whole/etc/letsencrypt
folder as a volume.It looks like you’re mounting your certificate directory as read-only, which may mean that Lets Encrypt is not able to write your certificate out once it’s been generated:
Try removing the
:ro
and re-running the container, that may fix the issue.