seafile-docker/scripts_9.0/ssl.sh uses git clone git://github.com/... instead of git clone https://github.com/...

[ghost]

Let's Encrypt certification fails in new servers because the container can't download the required acme-tiny program. Please use git clone https://github.com/... instead.

[ghost]

also it's not only scripts_9.0 but all versions of this script.

[HTSpecOps]

In addition to above comment, if you already have a letsencrypt folder in your local /shared/ssl You must first remove it and then run the modified docker image. The ssl.sh script will not clone the repo if a letsencrypt folder is present

[slfhstr]

Thanks for these tips. I changed the ssl.sh script. I also removed the /shared/ssl folder (renamed it to ssl_original just in case). I did docker-compose down and then docker-compose up -d. Checking inside the container with docker exec -it seafile /bin/bash it shows

• the ssl folder is not recreated in /shared
• manually creating the folder doesn't assist with generation of certificates.

How do I force the certificate generation ? No changes to my original docker-compose.yml, which was working fine until 2 days ago.

[slfhstr]

Further investigation :

Registered! Account ID: https://acme-v02.api.letsencrypt.org/acme/acct/xxxxxxx
Creating new order...
Order created!
Verifying SUB.DOMAIN.TLD...
Traceback (most recent call last):
  File "/shared/ssl/letsencrypt/acme_tiny.py", line 145, in get_crt
    assert (disable_check or _do_request(wellknown_url)[0] == keyauthorization)
  File "/shared/ssl/letsencrypt/acme_tiny.py", line 46, in _do_request
    raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error:
Url: http://SUB.DOMAIN.TLD/.well-known/acme-challenge/UBN6w4dr8vg2qr0eZCVexBeyzoqNpGV_lIFv_WCJ68k
Data: None
Response Code: None

Is there a problem also with acme-tiny ? I am now getting entries in /shared/ssl after running ssl.sh /shared/ssl SUB.DOMAIN.TLD but no file SUB.DOMAIN.TLD.crt

But there is this additional message :

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/shared/ssl/letsencrypt/acme_tiny.py", line 199, in <module>
    main(sys.argv[1:])
  File "/shared/ssl/letsencrypt/acme_tiny.py", line 195, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact, check_port=args.check_port)
  File "/shared/ssl/letsencrypt/acme_tiny.py", line 147, in get_crt
    raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /var/www/challenges/UBN6w4dxxxxxxxxxx, but couldn't download http://SUB.DOMAIN.TLD/.well-known/acme-challenge/UBN6w4dr8vg2qr0eZCVexBeyzoqNpGV_lIFv_WCJ68k: Error:
Url: http://SUB.DOMAIN.TLD/.well-known/acme-challenge/UBN6w4dxxxxxxxxxx
Data: None
Response Code: None
Response: [Errno 104] Connection reset by peer

[HTSpecOps]

So this is what worked for me, fell free test it this way

1. Pull latest image and docker run it without ssl
2. Get inside the docker using docker exec
3. Find the ssl.sh script and using Vi to edit the file such that it use https to clone the GitHub of acme-tiny
4. Save ssl.sh and exit docker
5. Save the modified docker image using Docker Commit (check docker documentation for examples)
6. Go inside your local shared/ssl, put your ssl certificate in there and then Remove the folder named "letsencrypt" -> I use duckdns.org for domaine name so I use the docker image from infinityofspace/certbot_dns_duckdns to get my certificates
7. Now docker run your newly committed image with SSL enabled

[slfhstr]

Thank you I guess this means using own ssl certs, not the ones generated by seafile. Not done that before (I mean seafile with own cert), but I can look into it.

[slfhstr]

Thank you @HTSpecOps ! Got it working !