search

JonasAlfredsson / docker-nginx-certbot

Automatically create and renew website certificates for free using the Let's Encrypt certificate authority.
https://hub.docker.com/r/jonasal/nginx-certbot
MIT License
969 stars 169 forks source link

How to create certificates? #254

Closed ArthurKa closed 5 months ago

ArthurKa commented 5 months ago

I run container but there is an empty folder /etc/letsencrypt inside. I enforce to recreate certificate manually by docker kill --signal=HUP nginx-certbot and docker exec -it nginx-certbot /scripts/run_certbot.sh force. And there is still an empty folder /etc/letsencrypt. What am I doing wrong?

JonasAlfredsson commented 5 months ago

Hi,

  1. You have started the image according to the description here and have created yourself some valid configuration files?
  2. Can you share the configuration files here?
  3. Can you include the log output here?
ArthurKa commented 5 months ago

Oh, now I see. When I put configuration all in one file it creates certificate. 

server {
  server_name asd.com www.asd.com;
  listen 443 ssl default_server reuseport;
  listen [::]:443 ssl default_server reuseport;

  ssl_certificate /etc/letsencrypt/live/test-name/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/test-name/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/test-name/chain.pem;

  ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;

  return 200 'Hello!';
  add_header Content-Type text/plain;
}

But when I split it on 2 and try to include 

server {
  server_name asd.com www.asd.com;
  include includes/ssl.conf;

  return 200 'Hello!';
  add_header Content-Type text/plain;
}
listen 443 ssl default_server reuseport;
listen [::]:443 ssl default_server reuseport;

ssl_certificate /etc/letsencrypt/live/test-name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test-name/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/test-name/chain.pem;

ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;

It says

2024/06/03 09:03:59 [emerg] 67#67: cannot load certificate "/etc/letsencrypt/live/test-name/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/test-name/fullchain.pem, r) error:10000080:BIO routines::no such file)
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/test-name/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/test-name/fullchain.pem, r) error:10000080:BIO routines::no such file)

Is that correct behavior?

JonasAlfredsson commented 5 months ago

The code tries to add the server names to the certificate file name it finds in the same file, so yes, it is the current requirements for this container to work correctly.

ArthurKa commented 5 months ago

Got it, thank you very much! Certificate recreation will also need them in this file? It will now work if I split on 2 files?

JonasAlfredsson commented 5 months ago

No, the SSL config needs to be in the same file as the server names, else the scripts won't know what certificates it needs to request.

ArthurKa commented 5 months ago

Got it. Thank you very much for your help and such a good repo and nxingx-certbot container. Really like it 🌟

JonasAlfredsson commented 5 months ago

Thank you, and I am glad you find it useful :)