search

CausticLab / rgon-proxy

the base image of the rancher nginx-letsencrypt proxy
5 stars 1 forks source link

ACME startup hangs in interactive mode #47

Closed emcniece closed 7 years ago

emcniece commented 7 years ago

Just pulled the new dev build (79f37543), and the entrypoint gets stuck at a prompt:

9/6/2017 11:27:50 AMcp: can't create '/var/lib/acme/conf/': No such file or directory
9/6/2017 11:27:50 AMcp: can't create '/var/lib/acme/conf/': No such file or directory
9/6/2017 11:27:50 AM/etc/nginx/certs/default/default.pass.key: No such file or directory
9/6/2017 11:27:50 AM140301941623692:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/etc/nginx/certs/default/default.pass.key','w')
9/6/2017 11:27:50 AM140301941623692:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
9/6/2017 11:27:50 AMError opening Private Key /etc/nginx/certs/default/default.pass.key
9/6/2017 11:27:50 AM140470972701580:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/etc/nginx/certs/default/default.pass.key','r')
9/6/2017 11:27:50 AM140470972701580:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
9/6/2017 11:27:50 AMunable to load Private Key
9/6/2017 11:27:50 AMrm: can't remove '/etc/nginx/certs/default/default.pass.key': No such file or directory
9/6/2017 11:27:50 AMError opening Private Key /etc/nginx/certs/default/default.key
9/6/2017 11:27:50 AM140704876325772:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/etc/nginx/certs/default/default.key','r')
9/6/2017 11:27:50 AM140704876325772:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
9/6/2017 11:27:50 AMunable to load Private Key
9/6/2017 11:27:50 AM/etc/nginx/certs/default/default.csr: No such file or directory
9/6/2017 11:27:50 AMsed: /var/lib/acme/conf/responses: No such file or directory
9/6/2017 11:27:50 AMsed: /var/lib/acme/conf/responses: No such file or directory
9/6/2017 11:27:50 AM
9/6/2017 11:27:50 AM
9/6/2017 11:27:50 AM------------------------- Select ACME Server -----------------------
9/6/2017 11:27:50 AMPlease choose an ACME server from which to request certificates. Your
9/6/2017 11:27:50 AMprincipal choices are the Let's Encrypt Live Server, and the Let's
9/6/2017 11:27:50 AMEncrypt Staging Server.
9/6/2017 11:27:50 AM
9/6/2017 11:27:50 AMYou can use the Let's Encrypt Live Server to get real certificates.
9/6/2017 11:27:50 AM
9/6/2017 11:27:50 AMThe Let's Encrypt Staging Server does not issue publically trusted
9/6/2017 11:27:50 AMcertificates. It is useful for development purposes, as it has far
9/6/2017 11:27:50 AMhigher rate limits than the live server.
9/6/2017 11:27:50 AM
9/6/2017 11:27:50 AM
9/6/2017 11:27:50 AM  1) Let's Encrypt (Live) - I want live certificates
9/6/2017 11:27:50 AM  2) Let's Encrypt (Staging) - I want test certificates
9/6/2017 11:27:50 AM  3) Enter an ACME server URL

Need to confirm that the ACME_API environment variable is setting properly in the LE config.

emcniece commented 7 years ago

This appears to be an issue with directory creation and Acmetool initialization.

On first run, when the volume for acmetool doesn't exist the entrypoint.sh copy_config_files function won't copy /app/acme/conf/responses because the /var/lib/acme/conf directory doesn't exist.

This can be worked around by restarting the container when it gets to this point, but...

This can be solved by first executing mkdir -p /var/lib/acme/conf.