Lets Enrypt not working

[markushagge]

Hello,

I start the docker image with

sudo docker run --restart=always -d -it -m1g -e LETS_ENCRYPT_ENABLED=true -e PUBLIC_DNS=diagrams.domain.tld -p 80:80 -p 443:8443 jgraph/drawio

It is also running so far, but no LetsEncrypt SSL certificates are obtained.

When I look at the output with docker logs I notice the following

The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt'.
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.

on - I think it is because of this. Is there an bug somewhere?

[Kofl]

Seems like a bug, having the same issue with the latest docker image.

If I map the lets encrypt directories to docker volumes the certificate is generated, but not trusted on the image startup:

... is not trusted. Install reply anyway? [no]:  yes
Certificate reply was installed in keystore
Append https connector to server.xml

But also then, after the container restart always a new certificate is requested. But at least a cert is requested and https works.

[m-mohamedin]

We'll have a potential fix in the next release

[m-mohamedin]

I've reverted the change. I believe the solution in #111 is better since it allows keeping the configuration between container restarts.

docker run -it -m1g -v "/opt/docker/drawiodata/letsencrypt-log:/var/log/letsencrypt/" -v "/opt/docker/drawiodata/letsencrypt-etc:/etc/letsencrypt/" -v "/opt/docker/drawiodata/letsencrypt-lib:/var/lib/letsencrypt" -e LETS_ENCRYPT_ENABLED=true -e PUBLIC_DNS=...

[Kofl]

Maybe the documentation on https://hub.docker.com/r/jgraph/drawio should also be updated, as it says:

docker run -it -m1g -e LETS_ENCRYPT_ENABLED=true -e PUBLIC_DNS=drawio.example.com --rm --name="draw" -p 80:80 -p 443:8443 jgraph/drawio

is sufficient.

[m-mohamedin]

Docs updated. Thanks