frankenphp icon indicating copy to clipboard operation
frankenphp copied to clipboard
verified publisher icon php

on every deploy FrankenPHP renews the SSL certificate causing block from LE authority server

Open arlanram opened this issue 1 year ago • 6 comments

What happened?

when updating docker image containing Laravel using Octane with FrankenPHP it obtains a new certificate, after some attempts LE blocks from renewing and https is no longer available

how to deploy a new version of Laravel application with FrankenPHP without obtaining a new certificate?

please help!

Build Type

Docker (Alpine)

Worker Mode

Yes

Operating System

GNU/Linux

CPU Architecture

x86_64

PHP configuration

default of php.ini.production of dunglas/frankenphp:1.2.2-php8.3.9-alpine

and custom.ini

[PHP]
expose_php=0
memory_limit=-1
post_max_size=10M
upload_max_filesize=10M
max_execution_time=0
error_reporting=E_ALL

[Opcache]
opcache.enable=1
opcache.dups_fix=1
opcache.enable_cli=1
opcache.save_comments=1
opcache.validate_timestamps=0
opcache.memory_consumption=512
opcache.file_update_protection=0
opcache.interned_strings_buffer=64
opcache.max_accelerated_files=32531

Relevant log output

LE tells that max certificates amount is reached try after 168 hours and so on...

arlanram avatar Jul 18 '24 08:07 arlanram

@dunglas please look and help

arlanram avatar Jul 18 '24 09:07 arlanram

Hi, I'm on vacation but my company provides paid support if it's urgent. You can contact us at [email protected]

dunglas avatar Jul 18 '24 10:07 dunglas

Hi, It's not exactly your question (I had the same), but you could find a workaround here : https://letsencrypt.org/docs/duplicate-certificate-limit/#workaround

AnthonyDG avatar Jul 20 '24 07:07 AnthonyDG

I think you need to create docker volumes on /data and /config directories

kido1611 avatar Jul 22 '24 05:07 kido1611

There are also storage plugins that can use s3 or other things to keep the certificate backed up and load it on a fresh start.

you need to create docker volumes on /data and /config directories

This works in a pinch, but note that caddy will lock the files if you have more than one instance running. From experience, this will result in deadlock sometimes, preventing servers from coming online.

withinboredom avatar Jul 22 '24 06:07 withinboredom

You can find some modules to store the certificates in the cloud or in local volumes. In this Caddy Wiki @mholt created this post explaining how to load balancing caddy

sneycampos avatar Aug 08 '24 09:08 sneycampos

FrankenPHP is not well documented

searched a lot from all sources to configure properly production environment, Caddy always getting a problem with SSL issues and f8p as well

i will open a PR to resolve this misunderstandings!

arlanram avatar Sep 16 '24 07:09 arlanram