search

gilyes / docker-nginx-letsencrypt-sample

Dockerized Nginx + Let's Encrypt sample
https://gilyes.com/docker-nginx-letsencrypt
384 stars 185 forks source link

Everything works fine except www prefixed address #12

Closed dikey94 closed 6 years ago

dikey94 commented 6 years ago

Hi. thanks for the project.

Everything works fine except www prefixed address - I get "insecure connection". Any ideas? Thanks.

Damian

piscue commented 6 years ago

did you declared the host also with www?

dikey94 commented 6 years ago

Here is my website.conf:

upstream website { server website:3000; }

server { listen 80; server_name website.pl www.website.pl;

  location / {

      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_pass http://website;
      #proxy_redirect     off;
  }

}

dikey94 commented 6 years ago

And a part of docker-compose.yml:

website: restart: always image: r.cfcr.io/dikey94/damiankuligcom/website:master container_name: website volumes:

  • ./public:/usr/src/app/public
  • ./shared:/usr/src/app/shared
  • ./import:/usr/src/app/import
  • "./volumes/nginx-website/conf.d/:/etc/nginx/conf.d" env_file: .env environment:
  • RAILS_ENV=production
  • VIRTUAL_HOST=website.pl
  • VIRTUAL_NETWORK=nginx-proxy
  • VIRTUAL_PORT=80
  • LETSENCRYPT_HOST=website.pl
  • LETSENCRYPT_EMAIL=admin@website.pl depends_on:
  • db links:
  • db expose:
  • "3000"
piscue commented 6 years ago

you also need to declare the www part on the VIRTUAL_HOST variable:

dikey94 commented 6 years ago

Sure. I've updated my docker-compose.yml file.

https://website.pl works, https://www.website.pl doesn't work.

Is it necessary to update the cert in any way?

Thank you.

piscue commented 6 years ago

The cert has to accept also the domain with all of their alias (in your case with www)

docker-compose down && docker-compose up -d

should update the certificate, take a look on the logs

dikey94 commented 6 years ago

This is what I found:

debian@serwer-1:~/website-prod$ docker-compose logs -f Attaching to nginx-gen, letsencrypt-nginx-proxy-companion, website, nginx, websiteprod_db_1 nginx-gen | 2018/05/27 14:45:34 Generated '/etc/nginx/conf.d/default.conf' from 5 containers nginx-gen | 2018/05/27 14:45:34 Sending container 'nginx' signal '1' nginx-gen | 2018/05/27 14:45:34 Watching docker events nginx-gen | 2018/05/27 14:45:34 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification '' nginx-gen | 2018/05/27 14:45:34 Received signal: hangup nginx-gen | 2018/05/27 14:45:34 Received signal: hangup nginx-gen | 2018/05/27 14:45:34 Generated '/etc/nginx/conf.d/default.conf' from 5 containers nginx-gen | 2018/05/27 14:45:34 Sending container 'nginx' signal '1' letsencrypt-nginx-proxy-companion | Sleep for 3600s letsencrypt-nginx-proxy-companion | 2018/05/27 14:45:34 Generated '/app/letsencrypt_service_data' from 5 containers letsencrypt-nginx-proxy-companion | 2018/05/27 14:45:34 Running '/app/signal_le_service' letsencrypt-nginx-proxy-companion | 2018/05/27 14:45:34 Watching docker events letsencrypt-nginx-proxy-companion | 2018/05/27 14:45:34 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service' letsencrypt-nginx-proxy-companion | /etc/nginx/certs/website.pl /app letsencrypt-nginx-proxy-companion | Reloading nginx docker-gen (using separate container nginx-gen)... letsencrypt-nginx-proxy-companion | Reloading nginx (using separate container 6bb03f3369f7bfb7841e79cc9bf4e0c01cd09d9b7b18a7cd3755eddf3c1f8343)... letsencrypt-nginx-proxy-companion | Creating/renewal website.pl certificates... (website.pl) letsencrypt-nginx-proxy-companion | 2018-05-27 14:45:35,098:INFO:simp_le:1564: Certificates already exist and renewal is not necessary, exiting with status code 1. letsencrypt-nginx-proxy-companion | /app letsencrypt-nginx-proxy-companion | Sleep for 3600s

dikey94 commented 6 years ago

debian@serwer-1:~/website-prod$ docker-compose exec letsencrypt-nginx-proxy-companion /app/force_renew /etc/nginx/certs/website.pl /app Creating/renewal website.pl certificates... (website.pl) 2018-05-27 15:05:28,709:INFO:simp_le:1479: Generating new certificate private key ACME server returned an error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains: website.pl: see https://letsencrypt.org/docs/rate-limits/

dikey94 commented 6 years ago

I'm sorry for the mess.

I think this is the limit:

We also have a Duplicate Certificate limit of 5 certificates per week. A certificate is considered a duplicate of an earlier certificate if they contain the exact same set of hostnames, ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [www.example.com, example.com], you could request four more certificates for [www.example.com, example.com] during the week. If you changed the set of names by adding [blog.example.com], you would be able to request additional certificates. https://letsencrypt.org/docs/rate-limits/

Is there any way to get the certificate only for www.website.pl?

Thanks.

dikey94 commented 6 years ago

All right - I have figured it out. We need to declare the www part also in LETSENCRYPT_HOST. @piscue thank for the support!