By Tom126
Hi guys, I am struggling getting nginx to run with a Certbot created certificate in docker. I issued it and it worked just fine. Then mounted the letsencrypt folder for nginx to access those links towards the archive but the log outputs that the file is not found… What am I missing here? Is that a permission issue or are the links problematic? Looking forward to any help!
docker-compose setup:
version: '3.1'
services:
nginx-container:
container_name: 'nginx'
image: nginx:latest
ports:
- "80:80"
- "443:443"
volumes:
- /files/conf.d/default.conf:/etc/nginx/conf.d/default.conf
- /files/html:/usr/share/nginx/html
- /files/dh-param/dhparam.pem:/etc/ssl/certs/dhparam.pem
- /files/letsencrypt/live:/etc/letsencrypt/live:ro
networks:
- nginx-proxy
networks:
nginx-proxy:
driver: bridge
Nginx default.conf:
server {
listen 80;
listen [::]:80;
server_name site.com
location / {
rewrite ^ https://$host$request_uri? permanent;
}
#for certbot challenges (renewal process)
location ~ /.well-known/acme-challenge {
allow all;
root /data/letsencrypt;
}
}
#https://site.com
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name tomkerkhoff.de;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
return 301 https://therealsite.com$request_uri;
}
Nginx log:
2018/11/18 13:17:31 [warn] 1#1: the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/default.conf:56
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/default.conf:56
2018/11/18 13:17:31 [emerg] 1#1: BIO_new_file("/etc/letsencrypt/live/site.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/site.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/site.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/site.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
root@Kerksbox:/opt/ng
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
It looks like you’re mounting your certificate directory as read-only, which may mean that Lets Encrypt is not able to write your certificate out once it’s been generated:
...
- /files/letsencrypt/live:/etc/letsencrypt/live:ro
Try removing the :ro and re-running the container, that may fix the issue.
Same issue. The problem is that *.pem files in live folder is only symlinks to the ../../archive files.
Add the whole /etc/letsencrypt folder as a volume.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.