nginx-certbot icon indicating copy to clipboard operation
nginx-certbot copied to clipboard

Published 20 hours ago verified publisher icon wmnnd

Running init-letsencrypt inside a docker container

Open FynnHunt opened this issue 4 years ago • 3 comments

I am trying to run init-letsencrypt inside of a docker container which I use to launch and maintain other docker containers on my host (by volume mounting the docker.sock). This is the docker-compose setup of the container I am trying to run init-letsencrypt inside of -

`version: "3"
services:
...
  pod:
    image: ...
    container_name: ...
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/ubuntu/mothership-pod-config/env.list:/home/ubuntu/mothership-pod-config/env.list
      - /home/ubuntu/mothership-pod-config/nginx:/nginx
      - /etc/letsencrypt:/etc/letsencrypt
      - /var/www/certbot:/var/www/certbot
    ports:
      - "3000:3000"`

The whole nginx-certbot setup is inside my /nginx/ folder in the container, this is where the script is run from.

My assumption here is that by mounting the docker.sock and having access over docker running on the host means that when running docker-compose inside the container the commands will be sent through to the host. I think I have volume mounted the neccessary folders in to the container but I might be missing something?

The problem I am seeing when running init-letsencrypt.sh inside the container is from certbot -

### Creating dummy certificate for ...
Creating network "nginx_backbone" with driver "bridge"
Creating network "nginx_default" with the default driver
Creating nginx_certbot_run ... done
Generating a RSA private key
..........................................................................................................................................++++
................................................++++
writing new private key to '/etc/letsencrypt/live/.../privkey.pem'
req: Can't open "/etc/letsencrypt/live/.../privkey.pem" for writing, No such file or directory

### Starting nginx ...
Creating nginx_nginx_1 ... done

### Deleting dummy certificate for ...
Creating nginx_certbot_run ... done

### Requesting Let's Encrypt certificate for ...
Creating nginx_certbot_run ... done
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ...
http-01 challenge for ...
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain ...
Challenge failed for domain ...
http-01 challenge for ...
http-01 challenge for ...
Cleaning up challenges
Some challenges have failed.

Note: I have replaced my domain and other non relevant information with "...".

I might be missing something here but it looks like certbot is failing to write to /etc/letsencrypt/live ? Is this a permissions problem as I am attempting to run the script from within a container? Any help will be greatly appreciated!

Additional note: I tried checking the certbot log file in /var/log/letsencrypt/letsencrypt.log and it did not exist.

FynnHunt avatar Nov 12 '20 13:11 FynnHunt

Additional note: I tried checking the certbot log file in /var/log/letsencrypt/letsencrypt.log and it did not exist. I also can't find a log, which is a problem when trying debug ;(

hajo62 avatar Jan 02 '21 16:01 hajo62

Did you managed to fix it ?

JacquesMironneau avatar Dec 04 '21 15:12 JacquesMironneau

Make sure to run the script with staging=1 atleast once to create all required structure.

Vivekgupta98 avatar May 20 '23 23:05 Vivekgupta98