acme-companion
acme-companion copied to clipboard
Published
20 hours ago •
nginx-proxy
nginx-proxy
Nginx-proxy challenges failing
trafficstars
Hello, I've been having having issues with my server returning 500 errors in response to https requests. After a bit of investigating I attempted to do a force_renew.
From this, I got the following logs:
root@docker-s-1vcpu-1gb-lon1-01:/# docker exec acme-companion /app/force_renew
Creating/renewal admin.faylee-test.com certificates... (admin.faylee-test.com)
[Fri Feb 24 00:29:20 UTC 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Feb 24 00:29:20 UTC 2023] Creating domain key
[Fri Feb 24 00:29:24 UTC 2023] The domain key is here: /etc/acme.sh/[email protected]/admin.faylee-test.com/admin.faylee-test.com.key
[Fri Feb 24 00:29:24 UTC 2023] Single domain='admin.faylee-test.com'
[Fri Feb 24 00:29:24 UTC 2023] Getting domain auth token for each domain
[Fri Feb 24 00:29:26 UTC 2023] Getting webroot for domain='admin.faylee-test.com'
[Fri Feb 24 00:29:26 UTC 2023] Verifying: admin.faylee-test.com
[Fri Feb 24 00:29:29 UTC 2023] admin.faylee-test.com:Verify error:2606:4700:3032::ac43:8e0c: Invalid response from https://admin.faylee-test.com/.well-known/acme-challenge/dOeYuGyEwe-L4h9lnYu4Md1VEJqzAOf5tFFVqPFnagY: 502
[Fri Feb 24 00:29:29 UTC 2023] Please check log file for more details: /dev/null
Creating/renewal faylee-test.com certificates... (faylee-test.com www.faylee-test.com)
[Fri Feb 24 00:29:30 UTC 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Feb 24 00:29:30 UTC 2023] Creating domain key
[Fri Feb 24 00:29:33 UTC 2023] The domain key is here: /etc/acme.sh/[email protected]/faylee-test.com/faylee-test.com.key
[Fri Feb 24 00:29:33 UTC 2023] Multi domain='DNS:faylee-test.com,DNS:www.faylee-test.com'
[Fri Feb 24 00:29:33 UTC 2023] Getting domain auth token for each domain
[Fri Feb 24 00:29:36 UTC 2023] Getting webroot for domain='faylee-test.com'
[Fri Feb 24 00:29:36 UTC 2023] Getting webroot for domain='www.faylee-test.com'
[Fri Feb 24 00:29:36 UTC 2023] Verifying: faylee-test.com
[Fri Feb 24 00:29:39 UTC 2023] faylee-test.com:Verify error:2606:4700:3032::ac43:8e0c: Invalid response from https://www.faylee-test.com/.well-known/acme-challenge/1hvpaPiBTaUccT0RUOz-uimaOLhEkhsxPYDcx_oDFFE: 500
[Fri Feb 24 00:29:39 UTC 2023] Please check log file for more details: /dev/null
To the best of my understanding, I have followed the recommendations exactly. This is my docker-compose:
version: "3.7"
services:
nginx:
container_name: "nginx"
image: "nginxproxy/nginx-proxy:latest"
volumes:
- "html:/usr/share/nginx/html"
- "vhost:/etc/nginx/vhost.d"
- "certs:/etc/nginx/certs"
- "/var/run/docker.sock:/tmp/docker.sock:ro"
ports:
- "80:80"
- "443:443"
acme:
container_name: "acme-companion"
image: "nginxproxy/acme-companion:latest"
volumes:
- "html:/usr/share/nginx/html"
- "vhost:/etc/nginx/vhost.d"
- "certs:/etc/nginx/certs"
- "acme:/etc/acme.sh"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
environment:
NGINX_PROXY_CONTAINER: "nginx"
DEFAULT_EMAIL: "[email protected]"
depends_on:
- "nginx"
strapi:
container_name: "strapi"
build:
context: ./strapi/
dockerfile: strapi.Dockerfile
environment:
VIRTUAL_HOST: "admin.faylee-test.com"
LETSENCRYPT_HOST: "admin.faylee-test.com"
nextjs:
container_name: "nextjs"
build:
context: ./nextjs/
dockerfile: nextjs.Dockerfile
target: "production"
environment:
VIRTUAL_HOST: "faylee-test.com,www.faylee-test.com"
LETSENCRYPT_HOST: "faylee-test.com,www.faylee-test.com"
volumes:
certs:
html:
vhost:
acme:
Any help would be appreciated. :)
i have this same issues,
Okay so, I do have a work around - if you set nginx up as a dockerfile and copy in a proxy.conf, you can override the server settings.
I have set up a proxy.conf like this:
# admin.MY_DOMAIN.com
upstream strapi {
# Container: strapi
# networks:
# website-template_default (reachable)
# IP address: 172.18.0.2
# exposed ports: 1337/tcp
# default port: 1337
# using port: 1337
server 172.18.0.2:1337;
}
server {
server_name admin.MY_DOMAIN.com;
access_log /var/log/nginx/access.log vhost;
listen 80 ;
include /etc/nginx/vhost.d/default;
location ^~ /.well-known/acme-challenge {
allow all;
alias /var/www/acme;
}
location / {
proxy_pass http://strapi;
}
}
server {
server_name admin.MY_DOMAIN.com;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_certificate /etc/nginx/certs/admin.MY_DOMAIN.com.crt;
ssl_certificate_key /etc/nginx/certs/admin.MY_DOMAIN.com.key;
location / {
proxy_pass http://strapi;
}
}
upstream nextjs {
# Container: nextjs
# networks:
# website-template_default (reachable)
# IP address: 172.18.0.3
# exposed ports: 3000/tcp
# default port: 3000
# using port: 3000
server 172.18.0.3:3000;
}
# MY_DOMAIN.com
server {
server_name MY_DOMAIN.com;
access_log /var/log/nginx/access.log vhost;
listen 80 ;
include /etc/nginx/vhost.d/default;
location ^~ /.well-known/acme-challenge {
allow all;
alias /var/www/acme;
}
location / {
proxy_pass http://nextjs;
}
}
server {
server_name MY_DOMAIN.com;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_certificate /etc/nginx/certs/MY_DOMAIN.com.crt;
ssl_certificate_key /etc/nginx/certs/MY_DOMAIN.com.key;
location / {
proxy_pass http://nextjs;
}
}
# www.MY_DOMAIN.com
server {
server_name www.MY_DOMAIN.com;
access_log /var/log/nginx/access.log vhost;
listen 80 ;
include /etc/nginx/vhost.d/default;
location ^~ /.well-known/acme-challenge {
allow all;
alias /var/www/acme;
}
location / {
proxy_pass http://nextjs;
}
}
server {
server_name www.MY_DOMAIN.com;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_certificate /etc/nginx/certs/www.MY_DOMAIN.com.crt;
ssl_certificate_key /etc/nginx/certs/www.MY_DOMAIN.com.key;
location / {
proxy_pass http://nextjs;
}
}
This seems to have gotten around the issue. This seems like something the image should have done on our behalf though, so I'm not sure why it was necessary.