search

ixc / letsencrypt-docker

Automatically create or renew certificates on startup and daily thereafter.
26 stars 15 forks source link

Wild card DOMAINS example? #8

Closed derekdon closed 6 years ago

derekdon commented 6 years ago

While testing out the letsencrypt-docker/docker-cloud.yml example in docker cloud. I keep getting "Your connection is not private" - NET::ERR_CERT_AUTHORITY_INVALID.

letsencrypt:
  environment:
    - 'DOMAINS=example.com,www.example.com,sync.example.com,data.example.com'
    - EMAIL=admin@example.com
    - 'HAPROXY_IMAGE=dockercloud/haproxy:1.6.3'
    - OPTIONS=--staging

Checking the logs I can see it completes the challenges for these,

Congratulations! Your certificate and chain have been saved at...

I'm not sure what I'm doing wrong, perhaps I should be using a wildcard?

If I inspect the cert on the error page I can see it states Fake LE Intermediate X1:

Subject: example.com
Issuer: Fake LE Intermediate X1
Expires on: Apr 16, 2018
Current date: Jan 16, 2018
PEM encoded chain:
...

I've commented out the - OPTIONS=--staging option and forced the certs to be regenerated using:

certbot renew --force-renewal

...but I'm still seeing the issue after re-deploying both the haproxy and this.

derekdon commented 6 years ago

Just re-built the entire stack and with the removal of - OPTIONS=--staging it works now! No more warnings when I hit the https endpoint. Happy to close this now, however could you confirm how you define wildcard domains for this image in order to get a wildcard cert? Maybe it's simply this:

letsencrypt:
  environment:
    - 'DOMAINS=example.com,*.example.com'