tarelda
commented
3 months ago Issue probably stems from /scripts/ssl.sh . You can inspect your own /shared/ssl/letsencrypt.log with grep 'nginx' /shared/ssl/letsencrypt.log, but it will probably also have a line like this /scripts/ssl.sh: line 21: nginx: command not found . This means that ssl.sh is not reloading nginx, because it can't find it in PATH. I guess during container updates something caused it to mess up loading of bash environment in cron (because it should get it from /etc/environment, but it is definitely not). There are two solutions modify /scripts/ssl.sh:21 to point directly to /usr/sbin/nginx or source /etc/environment at the beginning.
In my case it looks like this:
#!/bin/bash
set -e
ssldir=${1:?"error params"}
domain=${2:?"error params"}
mkdir -p /var/www/.well-known/acme-challenge/
chmod 755 /var/www/.well-known/acme-challenge/
ln -sf /var/www/.well-known/acme-challenge/ /var/www/challenges
domain_num=$(/root/.acme.sh/acme.sh --home /shared/ssl/ --list | grep "$domain" | grep -v "grep" | wc -l)
if [ $domain_num -eq 0 ]; then
/root/.acme.sh/acme.sh --debug --issue --home /shared/ssl/ --server letsencrypt -d ${domain} -w /var/www/
/root/.acme.sh/acme.sh --home /shared/ssl/ --install-cert -d ${domain} --key-file /shared/ssl/${domain}.key --fullchain-file /shared/ssl/${domain}.crt
else
/root/.acme.sh/acme.sh --debug --home /shared/ssl/ --renew -d ${domain} --days 60
fi
/usr/sbin/nginx -s reload
echo "Nginx reloaded."
Version 11.0.6
Had been running for 3 months. Today the SSL expired. I did docker compose down & up. The new certificate is deployed but it was Issued on May 31st. So on a normal 2 month interval, but it wasn't being used until container restarted.
I did upgrade to version 11.0.9 today
Here's logs showing certificate was valid. Seafile-mysql also showed Warning for the 3 months of running.
This is the beginning of the log. April 2nd.
This is today. July 1st