search

autopilotpattern / nginx

An Nginx container for container-native deployment and automatic backend discovery
Mozilla Public License 2.0
57 stars 25 forks source link

ssl no longer works #55

Open deserat opened 6 years ago

deserat commented 6 years ago

dc scale nginx=1 using latest and 1.13-r7.0.1 produces the following output. 

2017/12/13 01:18:13 # INFO: Using main config file /etc/acme/dehydrated/config.staging
2017/12/13 01:18:14 + Generating account key...
2017/12/13 01:18:18 + Registering account key with ACME server...
2017/12/13 01:18:19   + ERROR: An error occurred while sending post-request to https://acme-staging.api.letsencrypt.org/acme/new-reg (Status 400)
2017/12/13 01:18:19 
2017/12/13 01:18:19 Details:
2017/12/13 01:18:19 {
2017/12/13 01:18:19   "type": "urn:acme:error:malformed",
2017/12/13 01:18:19   "detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",
2017/12/13 01:18:19   "status": 400
2017/12/13 01:18:19 }
2017/12/13 01:18:19 
2017/12/13 01:18:19 rm: cannot remove '/etc/acme/dehydrated/domains.txt': No such file or directory
2017/12/13 01:18:19 
2017/12/13 01:18:19 
2017/12/13 01:18:19 Error registering account key. See message above for more information.
2017/12/13 01:18:19 check.nginx-ssl exited with error: check.nginx-ssl: exit status 1

I built an new image and added... LICENSE="https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" to the config.staging and config.production. That results in 

2017/12/13 01:32:12 ACME leader claimed
2017/12/13 01:32:12 # INFO: Using main config file /etc/acme/dehydrated/config.staging
2017/12/13 01:32:12 ERROR: Lock file '/etc/acme/dehydrated/lock' present, aborting.
2017/12/13 01:32:12 check.nginx-ssl exited with error: check.nginx-ssl: exit status 1
2017/12/13 01:32:22 curl: (7) Failed to connect to prod.curry4dronedrop.com port 443: Connection refused
2017/12/13 01:32:22 check.nginx-public-ssl exited with error: check.nginx-public-ssl: exit status 7
2017/12/13 01:32:22 curl: (6) Could not resolve host: prod.curry4dronedrop.com"
2017/12/13 01:32:22 curl: (7) Failed to connect to localhost port 443: Connection refused
2017/12/13 01:32:22 check.nginx-public-ssl exited with error: check.nginx-public-ssl: exit status 7
2017/12/13 01:32:22 Renewing Consul session 7ef0d31e-0e88-12ba-0343-4cbe4e9cc8fe... complete

being repeated endlessly in the docker log. I've validated the domain is resolvable from both inside and outside the the container.

LibertyBeta commented 6 years ago

I can also replicate this with a new cert, not a renewal. Why haven't we moved to using something like certbot?