Closed ghost closed 3 months ago
also it's not only scripts_9.0 but all versions of this script.
In addition to above comment, if you already have a letsencrypt folder in your local /shared/ssl You must first remove it and then run the modified docker image. The ssl.sh script will not clone the repo if a letsencrypt folder is present
Thanks for these tips.
I changed the ssl.sh script.
I also removed the /shared/ssl folder (renamed it to ssl_original just in case).
I did docker-compose down
and then docker-compose up -d
.
Checking inside the container with docker exec -it seafile /bin/bash
it shows
How do I force the certificate generation ? No changes to my original docker-compose.yml, which was working fine until 2 days ago.
Further investigation :
Registered! Account ID: https://acme-v02.api.letsencrypt.org/acme/acct/xxxxxxx
Creating new order...
Order created!
Verifying SUB.DOMAIN.TLD...
Traceback (most recent call last):
File "/shared/ssl/letsencrypt/acme_tiny.py", line 145, in get_crt
assert (disable_check or _do_request(wellknown_url)[0] == keyauthorization)
File "/shared/ssl/letsencrypt/acme_tiny.py", line 46, in _do_request
raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error:
Url: http://SUB.DOMAIN.TLD/.well-known/acme-challenge/UBN6w4dr8vg2qr0eZCVexBeyzoqNpGV_lIFv_WCJ68k
Data: None
Response Code: None
Is there a problem also with acme-tiny
?
I am now getting entries in /shared/ssl after running ssl.sh /shared/ssl SUB.DOMAIN.TLD
but no file SUB.DOMAIN.TLD.crt
But there is this additional message :
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/shared/ssl/letsencrypt/acme_tiny.py", line 199, in <module>
main(sys.argv[1:])
File "/shared/ssl/letsencrypt/acme_tiny.py", line 195, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact, check_port=args.check_port)
File "/shared/ssl/letsencrypt/acme_tiny.py", line 147, in get_crt
raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /var/www/challenges/UBN6w4dxxxxxxxxxx, but couldn't download http://SUB.DOMAIN.TLD/.well-known/acme-challenge/UBN6w4dr8vg2qr0eZCVexBeyzoqNpGV_lIFv_WCJ68k: Error:
Url: http://SUB.DOMAIN.TLD/.well-known/acme-challenge/UBN6w4dxxxxxxxxxx
Data: None
Response Code: None
Response: [Errno 104] Connection reset by peer
So this is what worked for me, fell free test it this way
Thank you I guess this means using own ssl certs, not the ones generated by seafile. Not done that before (I mean seafile with own cert), but I can look into it.
Thank you @HTSpecOps ! Got it working !
Let's Encrypt certification fails in new servers because the container can't download the required acme-tiny program. Please use git clone https://github.com/... instead.