dokku-letsencrypt
dokku-letsencrypt copied to clipboard
Published
20 hours ago •
dokku
dokku
Unable to run letsencrypt when port 443 is mapped twice
Description of problem
NGINX configuration breaks when enabling letsencrypt on app.
How reproducible
Seems to happen every time I run the enable command!
Steps to Reproduce
-
dokku letsencrypt:enable appname - breaks!
Actual Results
root@myserver:~/# dokku letsencrypt:enable myappname-api
=====> Enabling letsencrypt for myappname-api
-----> Enabling ACME proxy for myappname-api...
Reloading nginx configuration (via systemctl): nginx.service.
-----> Getting letsencrypt certificate for myappname-api...
- Domain 'myappname-api.myserver.com'
- Domain 'api.myappname.co.uk'
2022/06/18 13:53:50 No key found for account [email protected]. Generating a P256 key.
2022/06/18 13:53:50 Saved key to /certs/accounts/acme-v02.api.letsencrypt.org/[email protected]/keys/[email protected]
2022/06/18 13:53:51 [INFO] acme: Registering account for [email protected]
!!!! HEADS UP !!!!
Your account credentials have been saved in your Let's Encrypt
configuration directory at "/certs/accounts".
You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2022/06/18 13:53:51 [INFO] [myappname-api.myserver.com, api.myappname.co.uk] acme: Obtaining bundled SAN certificate
2022/06/18 13:53:52 [INFO] [myappname-api.myserver.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/<redacted>
2022/06/18 13:53:52 [INFO] [api.myappname.co.uk] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/<redacted>
2022/06/18 13:53:52 [INFO] [myappname-api.myserver.com] acme: Could not find solver for: tls-alpn-01
2022/06/18 13:53:52 [INFO] [myappname-api.myserver.com] acme: use http-01 solver
2022/06/18 13:53:52 [INFO] [api.myappname.co.uk] acme: Could not find solver for: tls-alpn-01
2022/06/18 13:53:52 [INFO] [api.myappname.co.uk] acme: use http-01 solver
2022/06/18 13:53:52 [INFO] [myappname-api.myserver.com] acme: Trying to solve HTTP-01
2022/06/18 13:53:53 [INFO] [myappname-api.myserver.com] Served key authentication
2022/06/18 13:53:53 [INFO] [myappname-api.myserver.com] Served key authentication
2022/06/18 13:53:53 [INFO] [myappname-api.myserver.com] Served key authentication
2022/06/18 13:53:53 [INFO] [myappname-api.myserver.com] Served key authentication
2022/06/18 13:53:58 [INFO] [myappname-api.myserver.com] The server validated our request
2022/06/18 13:53:58 [INFO] [api.myappname.co.uk] acme: Trying to solve HTTP-01
2022/06/18 13:53:58 [INFO] [api.myappname.co.uk] Served key authentication
2022/06/18 13:53:59 [INFO] [api.myappname.co.uk] Served key authentication
2022/06/18 13:53:59 [INFO] [api.myappname.co.uk] Served key authentication
2022/06/18 13:53:59 [INFO] [api.myappname.co.uk] Served key authentication
2022/06/18 13:54:06 [INFO] [api.myappname.co.uk] The server validated our request
2022/06/18 13:54:06 [INFO] [myappname-api.myserver.com, api.myappname.co.uk] acme: Validations succeeded; requesting certificates
2022/06/18 13:54:07 [INFO] [myappname-api.myserver.com] Server responded with a certificate.
-----> Certificate retrieved successfully.
-----> Installing let's encrypt certificates
-----> Setting config vars
DOKKU_PROXY_PORT_MAP: http:443:443 http:80:80
-----> Setting config vars
DOKKU_PROXY_PORT_MAP: http:443:443 http:80:80 https:443:80
-----> Configuring myappname-api.myserver.com...(using built-in template)
-----> Configuring api.myappname.co.uk...(using built-in template)
-----> Creating https nginx.conf
Enabling HSTS
Reloading nginx
! Failed to validate nginx config for myappname-api. Contents below...
server {
listen [::]:443;
listen 443;
server_name myappname-api.myserver.com api.myappname.co.uk;
access_log /var/log/nginx/myappname-api-access.log;
error_log /var/log/nginx/myappname-api-error.log;
location / {
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml;
gzip_vary on;
gzip_comp_level 6;
proxy_pass http://myappname-api-443;
proxy_http_version 1.1;
proxy_read_timeout 60s;
proxy_buffer_size 4096;
proxy_buffering on;
proxy_buffers 8 4096;
proxy_busy_buffers_size 8192;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Start $msec;
}
include /home/dokku/myappname-api/nginx.conf.d/*.conf;
error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 418 420 422 423 424 426 428 429 431 444 449 450 451 /400-error.html;
location /400-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
error_page 404 /404-error.html;
location /404-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
error_page 500 501 502 503 504 505 506 507 508 509 510 511 /500-error.html;
location /500-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
}
server {
listen [::]:80;
listen 80;
server_name myappname-api.myserver.com api.myappname.co.uk;
access_log /var/log/nginx/myappname-api-access.log;
error_log /var/log/nginx/myappname-api-error.log;
include /home/dokku/myappname-api/nginx.conf.d/*.conf;
location / {
return 301 https://$host:443$request_uri;
}
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name myappname-api.myserver.com api.myappname.co.uk;
access_log /var/log/nginx/myappname-api-access.log;
error_log /var/log/nginx/myappname-api-error.log;
ssl_certificate /home/dokku/myappname-api/tls/server.crt;
ssl_certificate_key /home/dokku/myappname-api/tls/server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
keepalive_timeout 70;
location / {
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml;
gzip_vary on;
gzip_comp_level 6;
proxy_pass http://myappname-api-80;
http2_push_preload on;
proxy_http_version 1.1;
proxy_read_timeout 60s;
proxy_buffer_size 4096;
proxy_buffering on;
proxy_buffers 8 4096;
proxy_busy_buffers_size 8192;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Start $msec;
}
include /home/dokku/myappname-api/nginx.conf.d/*.conf;
error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 418 420 422 423 424 426 428 429 431 444 449 450 451 /400-error.html;
location /400-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
error_page 404 /404-error.html;
location /404-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
error_page 500 501 503 504 505 506 507 508 509 510 511 /500-error.html;
location /500-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
error_page 502 /502-error.html;
location /502-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
}
upstream myappname-api-443 {
server 172.17.0.5:443;
}
upstream myappname-api-80 {
server 172.17.0.5:80;
}
nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /home/dokku/myappname-api/nginx.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed
-----> Configuring myappname-api.myserver.com...(using built-in template)
-----> Configuring api.myappname.co.uk...(using built-in template)
-----> Creating https nginx.conf
Enabling HSTS
Reloading nginx
! Failed to validate nginx config for myappname-api. Contents below...
server {
listen [::]:443;
listen 443;
server_name myappname-api.myserver.com api.myappname.co.uk;
access_log /var/log/nginx/myappname-api-access.log;
error_log /var/log/nginx/myappname-api-error.log;
location / {
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml;
gzip_vary on;
gzip_comp_level 6;
proxy_pass http://myappname-api-443;
proxy_http_version 1.1;
proxy_read_timeout 60s;
proxy_buffer_size 4096;
proxy_buffering on;
proxy_buffers 8 4096;
proxy_busy_buffers_size 8192;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Start $msec;
}
include /home/dokku/myappname-api/nginx.conf.d/*.conf;
error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 418 420 422 423 424 426 428 429 431 444 449 450 451 /400-error.html;
location /400-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
error_page 404 /404-error.html;
location /404-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
error_page 500 501 502 503 504 505 506 507 508 509 510 511 /500-error.html;
location /500-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
}
server {
listen [::]:80;
listen 80;
server_name myappname-api.myserver.com api.myappname.co.uk;
access_log /var/log/nginx/myappname-api-access.log;
error_log /var/log/nginx/myappname-api-error.log;
include /home/dokku/myappname-api/nginx.conf.d/*.conf;
location / {
return 301 https://$host:443$request_uri;
}
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name myappname-api.myserver.com api.myappname.co.uk;
access_log /var/log/nginx/myappname-api-access.log;
error_log /var/log/nginx/myappname-api-error.log;
ssl_certificate /home/dokku/myappname-api/tls/server.crt;
ssl_certificate_key /home/dokku/myappname-api/tls/server.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
keepalive_timeout 70;
location / {
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml font/truetype application/x-font-ttf font/opentype application/vnd.ms-fontobject image/svg+xml;
gzip_vary on;
gzip_comp_level 6;
proxy_pass http://myappname-api-80;
http2_push_preload on;
proxy_http_version 1.1;
proxy_read_timeout 60s;
proxy_buffer_size 4096;
proxy_buffering on;
proxy_buffers 8 4096;
proxy_busy_buffers_size 8192;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Request-Start $msec;
}
include /home/dokku/myappname-api/nginx.conf.d/*.conf;
error_page 400 401 402 403 405 406 407 408 409 410 411 412 413 414 415 416 417 418 420 422 423 424 426 428 429 431 444 449 450 451 /400-error.html;
location /400-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
error_page 404 /404-error.html;
location /404-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
error_page 500 501 503 504 505 506 507 508 509 510 511 /500-error.html;
location /500-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
error_page 502 /502-error.html;
location /502-error.html {
root /var/lib/dokku/data/nginx-vhosts/dokku-errors;
internal;
}
}
upstream myappname-api-443 {
server 172.17.0.5:443;
}
upstream myappname-api-80 {
server 172.17.0.5:80;
}
nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /home/dokku/myappname-api/nginx.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed
Have anonymised the app name/server domains/email address etc.
Expected Results
Certificates are issued and applied correctly.
Environment Information
-----> uname: Linux vps2 5.15.0-39-generic #42-Ubuntu SMP Thu Jun 9 23:42:32 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
-----> memory:
total used free shared buff/cache available
Mem: 3829 437 342 18 3049 3080
Swap: 0 0 0
-----> docker version:
Client: Docker Engine - Community
Version: 20.10.17
API version: 1.41
Go version: go1.17.11
Git commit: 100c701
Built: Mon Jun 6 23:02:46 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.17.11
Git commit: a89b842
Built: Mon Jun 6 23:00:51 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309
docker-init:
Version: 0.19.0
GitCommit: de40ad0
-----> docker daemon info:
Client:
Context: default
Debug Mode: true
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
compose: Docker Compose (Docker Inc., v2.6.0)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 4
Running: 4
Paused: 0
Stopped: 0
Images: 82
Server Version: 20.10.17
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc version: v1.1.2-0-ga916309
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
cgroupns
Kernel Version: 5.15.0-39-generic
Operating System: Ubuntu 22.04 LTS
OSType: linux
Architecture: x86_64
CPUs: 3
Total Memory: 3.74GiB
Name: vps2
ID: 76JA:4GJ4:MXWF:ESIP:EBVY:FNFX:IOEC:WT3O:V7X4:YEMY:RXJF:GDDT
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
-----> git version: git version 2.34.1
-----> sigil version: 0.9.0build+bc921b7
-----> herokuish version:
herokuish: 0.5.36
buildpacks:
heroku-buildpack-multi v1.2.0
heroku-buildpack-ruby v240
heroku-buildpack-nodejs v196
heroku-buildpack-clojure v87
heroku-buildpack-python v211
heroku-buildpack-java v70
heroku-buildpack-gradle v36
heroku-buildpack-scala v92
heroku-buildpack-play v26
heroku-buildpack-php v218
heroku-buildpack-go v162
heroku-buildpack-nginx v16
buildpack-null v3
-----> dokku version: dokku version 0.27.5
-----> plugn version: plugn: 0.12.0build+3a27594
-----> dokku plugins:
00_dokku-standard 0.27.5 enabled dokku core standard plugin
20_events 0.27.5 enabled dokku core events logging plugin
app-json 0.27.5 enabled dokku core app-json plugin
apps 0.27.5 enabled dokku core apps plugin
builder 0.27.5 enabled dokku core builder plugin
builder-dockerfile 0.27.5 enabled dokku core builder-dockerfile plugin
builder-herokuish 0.27.5 enabled dokku core builder-herokuish plugin
builder-null 0.27.5 enabled dokku core builder-null plugin
builder-pack 0.27.5 enabled dokku core builder-pack plugin
buildpacks 0.27.5 enabled dokku core buildpacks plugin
certs 0.27.5 enabled dokku core certificate management plugin
checks 0.27.5 enabled dokku core checks plugin
common 0.27.5 enabled dokku core common plugin
config 0.27.5 enabled dokku core config plugin
cron 0.27.5 enabled dokku core cron plugin
docker-options 0.27.5 enabled dokku core docker-options plugin
domains 0.27.5 enabled dokku core domains plugin
enter 0.27.5 enabled dokku core enter plugin
git 0.27.5 enabled dokku core git plugin
letsencrypt 0.15.0 enabled Automated installation of let's encrypt TLS certificates
logs 0.27.5 enabled dokku core logs plugin
network 0.27.5 enabled dokku core network plugin
nginx-vhosts 0.27.5 enabled dokku core nginx-vhosts plugin
plugin 0.27.5 enabled dokku core plugin plugin
postgres 1.19.3 enabled dokku postgres service plugin
proxy 0.27.5 enabled dokku core proxy plugin
ps 0.27.5 enabled dokku core ps plugin
redis 1.20.0 enabled dokku redis service plugin
registry 0.27.5 enabled dokku core registry plugin
repo 0.27.5 enabled dokku core repo plugin
resource 0.27.5 enabled dokku core resource plugin
run 0.27.5 enabled dokku core run plugin
scheduler 0.27.5 enabled dokku core scheduler plugin
scheduler-docker-local 0.27.5 enabled dokku core scheduler-docker-local plugin
scheduler-null 0.27.5 enabled dokku core scheduler-null plugin
shell 0.27.5 enabled dokku core shell plugin
ssh-keys 0.27.5 enabled dokku core ssh-keys plugin
storage 0.27.5 enabled dokku core storage plugin
trace 0.27.5 enabled dokku core trace plugin
=====> myappname-api app-json information
App json computed selected: app.json
App json global selected: app.json
App json selected:
=====> myappname-api app information
App created at: 1655560452
App deploy source:
App deploy source metadata:
App dir: /home/dokku/myappname-api
App locked: false
=====> myappname-api builder information
Builder build dir:
Builder computed build dir:
Builder computed selected:
Builder global build dir:
Builder global selected:
Builder selected:
=====> myappname-api builder-dockerfile information
Builder dockerfile computed dockerfile path: Dockerfile
Builder dockerfile global dockerfile path: Dockerfile
Builder dockerfile dockerfile path:
=====> myappname-api builder-pack information
Builder pack computed projecttoml path: project.toml
Builder pack global projecttoml path: project.toml
Builder pack projecttoml path:
=====> myappname-api buildpacks information
Buildpacks computed stack: gliderlabs/herokuish:latest-20
Buildpacks global stack:
Buildpacks list:
Buildpacks stack:
=====> myappname-api ssl information
Ssl dir: /home/dokku/myappname-api/tls
Ssl enabled: true
Ssl hostnames: myappname-api.example.com api.myappname.co.uk
Ssl expires at: Sep 16 12:54:05 2022 GMT
Ssl issuer: C = US, O = Let's Encrypt, CN = R3
Ssl starts at: Jun 18 12:54:06 2022 GMT
Ssl subject: subject=CN = myappname-api.example.com
Ssl verified: self signed
=====> myappname-api checks information
Checks disabled list: none
Checks skipped list: none
=====> myappname-api cron information
Cron task count: 0
=====> myappname-api docker options information
Docker options build: --link dokku.postgres.myappname-api-postgres:dokku-postgres-myappname-api-postgres --link dokku.redis.myappname-api-redis:dokku-redis-myappname-api-redis
Docker options deploy: --link dokku.postgres.myappname-api-postgres:dokku-postgres-myappname-api-postgres --link dokku.redis.myappname-api-redis:dokku-redis-myappname-api-redis --restart=on-failure:10
Docker options run: --link dokku.postgres.myappname-api-postgres:dokku-postgres-myappname-api-postgres --link dokku.redis.myappname-api-redis:dokku-redis-myappname-api-redis
=====> myappname-api domains information
Domains app enabled: true
Domains app vhosts: myappname-api.example.com api.myappname.co.uk
Domains global enabled: true
Domains global vhosts: example.com
=====> myappname-api git information
Git deploy branch: master
Git global deploy branch: master
Git keep git dir: false
Git rev env var: GIT_REV
Git sha:
Git last updated at:
/var/lib/dokku/plugins/enabled/letsencrypt/report: line 2: /var/lib/dokku/plugins/available/letsencrypt/command-functions: No such file or directory
/var/lib/dokku/plugins/enabled/letsencrypt/report: line 6: cmd-letsencrypt-report-single: command not found
Have anonymised the output
How (deb/make/rpm) and where (AWS, VirtualBox, physical, etc.) was Dokku installed?:
Via install script on Dokku main site
wget https://raw.githubusercontent.com/dokku/dokku/v0.27.5/bootstrap.sh
sudo DOKKU_TAG=v0.27.5 bash bootstrap.sh
On virtual machine.
A few things:
- The letsencrypt plugin had bad report output. That has been fixed, so please run
dokku plugin:update letsencryptto get the fix there. - It seems like maybe you already had something proxying the port 443. I think thats the source of issues here, so we'll want to do
dokku proxy:ports-remove $APP http:443:443, where$APPis your app name- this might have some errors if the nginx config is still broken, so you can
dokku nginx:clear-config $APPfirst (which I think will just delete the config) and thendokku nginx:build-config $APPafter the port removal
- this might have some errors if the nginx config is still broken, so you can
- it would be great to know if you had any port config settings prior to enabling letsencrypt
@josegonzalez
Thanks for the fast response!
Preface: I ran the update command again before running these steps as you asked.
- Looks like there was some config, but Dokku seemed to configure that by itself (I didn't set it up myself - app generated from an ASP.NET Dockerfile).
root@server:~# dokku proxy:ports $APP
-----> Port mappings for $APP
-----> scheme host port container port
http 443 443
http 80 80
-
dokku nginx:clear-config $APPdoesn't seem to be a command? I can 'fix' the config by runningdokku letsencrypt:disable $APPhowever. -
Running without removing the proxy port still breaks, with latest plugin.
-
Removing the proxy port as specified by your instructions and then re-enabling letsencrypt works great, thanks for the workaround!
Still seems like this should be something that gets handled automatically, perhaps even throwing a warning if there was something already proxying the port rather than blowing up the NGINX config.
Ah sorry, instead of nginx:clear-config, it should have been proxy:clear-config.
I've also run into this issue with a brand new installation of dokku. proxy:clear-config didn't fix the issue for me and I've run the plugin update.
After running letsencrypt:enable the /home/dokku/app/nginx.conf contains:
server {
listen [::]:80;
listen 80;
server_name app.domain;
access_log /var/log/nginx/app-access.log;
error_log /var/log/nginx/app-error.log;
include /home/dokku/app/nginx.conf.d/*.conf;
location / {
return 301 https://$host:443$request_uri;
}
include /home/dokku/app/nginx.conf.d/*.conf;
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
.........
I can only think it's the duplication of the line: include /home/dokku/app/nginx.conf.d/*.conf; that causes the issue?
@dyerc its been a while since your comment but please file a new ticket if you're still seeing this.
Closing this. Dokku itself shouldn't allow re-using a scheme:host-port combination, so I'll be fixing that bug upstream.