clock_gettime(MONOTONIC) failed

[HorridoJoho]

Bug description

The container is not able to connect to the outside world through cUrl. As of now i manually used certbot to update and copy over my certificates. I am running on a Raspberry PI 4.

I found the following behavior in the container:

<CENSORED>@<CENSORED>:~ $ sudo docker-compose exec nginx-proxy-acme /bin/sh
/app # cat /etc/resolv.conf
# Generated by resolvconf
domain fritz.box
nameserver 192.168.<CENSORED>
/app # ping 192.168.<CENSORED>
PING 192.168.<CENSORED> (192.168.<CENSORED>): 56 data bytes
ping: clock_gettime(MONOTONIC) failed
/app # nslookup google.de
nslookup: clock_gettime(MONOTONIC) failed

acme-companion image version

nginx-proxy-acme    | Info: running acme-companion version v2.1.0-28-g1785bc5

nginx-proxy's Docker configuration

version: "2.4"

volumes:
  nextcloud-data:
  proxy-certs:
  proxy-vhost:
  proxy-html:
  proxy-acme:
  proxy-dhparam:
  proxy-conf:
  pihole:
  pihole-dnsmasq:

networks:
  default:
    driver: bridge

services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - proxy-conf:/etc/nginx/conf.d
      - proxy-vhost:/etc/nginx/vhost.d
      - proxy-html:/usr/share/nginx/html
      - proxy-dhparam:/etc/nginx/dhparam
      - proxy-certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
    environment:
      - ENABLE_IPV6=true
    network_mode: bridge

  nginx-proxy-acme:
    image: nginxproxy/acme-companion
    container_name: nginx-proxy-acme
    depends_on:
      - nginx-proxy
    volumes_from:
      - nginx-proxy
    volumes:
      - proxy-certs:/etc/nginx/certs:rw
      - proxy-acme:/etc/acme.sh
      - /var/run/docker.sock:/var/run/docker.sock:ro
    network_mode: bridge

  pihole:
    image: pihole/pihole:2021.10
    depends_on:
      - nginx-proxy
    ports:
      - 53:53/tcp
      - 53:53/udp
    environment:
      - TZ=Europe/Berlin
      - WEBPASSWORD=<CENSORED>
      - VIRTUAL_HOST=pihole.<CENSORED>.de
    volumes:
      - pihole:/etc/pihole
      - pihole-dnsmasq:/etc/dnsmasq.d
    network_mode: bridge

  nextcloud:
    image: nextcloud:21.0.3-apache
    depends_on:
      - nginx-proxy
    environment:
      - VIRTUAL_HOST=cloud.<CENSORED>.de
      - LETSENCRYPT_HOST=cloud.<CENSORED>.de
    volumes:
      - nextcloud-data:/var/www/html
    network_mode: bridge

  nextcloud-cron:
    image: nextcloud:21.0.3-apache
    depends_on:
      - nextcloud
    volumes:
      - nextcloud-data:/var/www/html
    entrypoint: /cron.sh
    network_mode: none

rendered nginx configuration

sudo docker-compose exec nginx-proxy nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
    worker_connections  10240;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}
daemon off;

# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    font/woff                                        woff;
    font/woff2                                       woff2;

    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/wasm                                 wasm;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

# configuration file /etc/nginx/conf.d/default.conf:
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
  default $http_x_forwarded_port;
  ''      $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
  default upgrade;
  '' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
# Set appropriate X-Forwarded-Ssl header based on $proxy_x_forwarded_proto
map $proxy_x_forwarded_proto $proxy_x_forwarded_ssl {
  default off;
  https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                 '"$request" $status $body_bytes_sent '
                 '"$http_referer" "$http_user_agent" '
                 '"$upstream_addr"';
access_log off;
                ssl_protocols TLSv1.2 TLSv1.3;
                ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
                ssl_prefer_server_ciphers off;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
        server_name _; # This is just an invalid value which will never trigger on a real hostname.
        server_tokens off;
        listen 80;
        listen [::]:80;
        access_log /var/log/nginx/access.log vhost;
        return 503;
}
# <CENSORED>.local
upstream <CENSORED>.local {
        ## Can be connected with "bridge" network
        # pi_nextcloud_1
        server 172.17.0.4:80;
}
server {
        server_name <CENSORED>.local;
        listen 80 ;
        listen [::]:80 ;
        access_log /var/log/nginx/access.log vhost;
        location / {
                proxy_pass <CENSORED>.local;
        }
}
# cloud.<CENSORED>.de
upstream cloud.<CENSORED>.de {
        ## Can be connected with "bridge" network
        # pi_nextcloud_1
        server 172.17.0.4:80;
}
server {
        server_name cloud.<CENSORED>.de;
        listen 80 ;
        listen [::]:80 ;
        access_log /var/log/nginx/access.log vhost;
        # Do not HTTPS redirect Let'sEncrypt ACME challenge
        location ^~ /.well-known/acme-challenge/ {
                auth_basic off;
                auth_request off;
                allow all;
                root /usr/share/nginx/html;
                try_files $uri =404;
                break;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}
server {
        server_name cloud.<CENSORED>.de;
        listen 443 ssl http2 ;
        listen [::]:443 ssl http2 ;
        access_log /var/log/nginx/access.log vhost;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_certificate /etc/nginx/certs/cloud.<CENSORED>.de.crt;
        ssl_certificate_key /etc/nginx/certs/cloud.<CENSORED>.de.key;
        add_header Strict-Transport-Security "max-age=31536000" always;
        location / {
                proxy_pass http://cloud.<CENSORED>.de;
        }
}
# pihole.<CENSORED>.de
upstream pihole.<CENSORED>.de {
        ## Can be connected with "bridge" network
        # pi_pihole_1
        server 172.17.0.5:80;
}
server {
        server_name pihole.<CENSORED>.de;
        listen 80 ;
        listen [::]:80 ;
        access_log /var/log/nginx/access.log vhost;
        location / {
                proxy_pass http://pihole.<CENSORED>.de;
        }
}

Containers logs

nginx-proxy:

Attaching to nginx-proxy
nginx-proxy         | Warning: A custom dhparam.pem file was provided. Best practice is to use standardized RFC7919 DHE groups instead.
nginx-proxy         | forego      | starting dockergen.1 on port 5000
nginx-proxy         | forego      | starting nginx.1 on port 5100
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: using the "epoll" event method
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: nginx/1.21.3
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: built by gcc 8.3.0 (Debian 8.3.0-6)
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: OS: Linux 5.10.60-v7l+
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: getrlimit(RLIMIT_NOFILE): 1048576:1048576
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: start worker processes
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: start worker process 23
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: start worker process 24
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: start worker process 25
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: start worker process 26
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:43 Generated '/etc/nginx/conf.d/default.conf' from 1 containers
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:43 Running 'nginx -s reload'
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 1 (SIGHUP) received from 29, reconfiguring
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: reconfiguring
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:43 Watching docker events
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: using the "epoll" event method
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: start worker processes
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: start worker process 33
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: start worker process 34
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: start worker process 35
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: start worker process 36
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 23#23: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 24#24: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 23#23: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 24#24: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 26#26: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 26#26: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 23#23: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 24#24: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 26#26: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 25#25: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 25#25: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 25#25: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 17 (SIGCHLD) received from 23
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: worker process 23 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 17 (SIGCHLD) received from 26
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: worker process 26 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 17 (SIGCHLD) received from 25
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: worker process 25 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 17 (SIGCHLD) received from 24
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: worker process 24 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Generated '/etc/nginx/conf.d/default.conf' from 4 containers
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Running 'nginx -s reload'
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 1 (SIGHUP) received from 38, reconfiguring
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: reconfiguring
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Received event start for container 735f76bde07b
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Received event start for container c079826ec388
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Received event start for container b46d7cc237ef
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: using the "epoll" event method
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: start worker processes
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: start worker process 39
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: start worker process 40
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: start worker process 41
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: start worker process 42
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 33#33: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 35#35: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 33#33: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 35#35: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 33#33: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 35#35: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 34#34: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 34#34: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 34#34: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 36#36: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 36#36: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 36#36: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 17 (SIGCHLD) received from 36
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: worker process 36 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 17 (SIGCHLD) received from 34
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: worker process 34 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 17 (SIGCHLD) received from 33
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: worker process 33 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 17 (SIGCHLD) received from 35
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: worker process 35 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Received event start for container d45e31a3b5bc
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:46 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: signal 1 (SIGHUP) received from 55, reconfiguring
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: reconfiguring
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: using the "epoll" event method
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: start worker processes
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: start worker process 56
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: start worker process 57
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: start worker process 58
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: start worker process 59
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 39#39: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 42#42: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 42#42: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 39#39: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 39#39: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 42#42: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 40#40: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 40#40: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 40#40: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 41#41: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 41#41: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 41#41: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: signal 17 (SIGCHLD) received from 40
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: worker process 40 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: worker process 41 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: signal 17 (SIGCHLD) received from 39
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: worker process 39 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: signal 17 (SIGCHLD) received from 42
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: worker process 42 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: signal 29 (SIGIO) received

acme-companion:

Attaching to nginx-proxy-acme
nginx-proxy-acme    | Info: running acme-companion version v2.1.0-28-g1785bc5
nginx-proxy-acme    | Generating a RSA private key
nginx-proxy-acme    | .........................................................................................................................................................++++
nginx-proxy-acme    | ................................................................................................................................................................++++
nginx-proxy-acme    | writing new private key to '/etc/nginx/certs/default.key.new'
nginx-proxy-acme    | -----
nginx-proxy-acme    | 3069907856:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
nginx-proxy-acme    | Info: a default key and certificate have been created at /etc/nginx/certs/default.key and /etc/nginx/certs/default.crt.
nginx-proxy-acme    | Warning: /etc/nginx/certs/default.key does not exist. Skipping ownership and permissions check.
nginx-proxy-acme    | Warning: /etc/nginx/certs/default.crt does not exist. Skipping ownership and permissions check.
nginx-proxy-acme    | Info: Custom Diffie-Hellman group found, generation skipped.
nginx-proxy-acme    | Reloading nginx proxy (e6789e9226c76e0abc966fd2c726404e43cffcbe016bbc451dac2b9331cf0ded)...
nginx-proxy-acme    | 2021/11/27 12:24:22 Generated '/etc/nginx/conf.d/default.conf' from 5 containers
nginx-proxy-acme    | 2021/11/27 12:24:22 [notice] 55#55: signal process started
nginx-proxy-acme    | 2021/11/27 12:24:23 Generated '/app/letsencrypt_service_data' from 5 containers
nginx-proxy-acme    | 2021/11/27 12:24:23 Running '/app/signal_le_service'
nginx-proxy-acme    | 2021/11/27 12:24:23 Watching docker events
nginx-proxy-acme    | 2021/11/27 12:24:23 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Can not init api.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Registering account: https://acme-v02.api.letsencrypt.org/directory
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Giving up sending to CA server after 20 retries.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Register account Error:
nginx-proxy-acme    | Error: no ACME account was found or registered for  and https://acme-v02.api.letsencrypt.org/directory, certificate creation aborted.
nginx-proxy-acme    | Sleep for 3600s

Docker host

RaspberryPI OS based on Buster (Linux 5.10.60-v7l+ #1449 SMP Wed Aug 25 15:00:44 BST 2021 armv7l GNU/Linux)

Client:
 Version:           18.09.1
 API version:       1.39
 Go version:        go1.11.6
 Git commit:        4c52b90
 Built:             Fri, 13 Sep 2019 10:45:43 +0100
 OS/Arch:           linux/arm
 Experimental:      false

Server:
 Engine:
  Version:          18.09.1
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.11.6
  Git commit:       4c52b90
  Built:            Fri Sep 13 09:45:43 2019
  OS/Arch:          linux/arm
  Experimental:     false

docker-compose version 1.21.0, build unknown
docker-py version: 3.4.1
CPython version: 3.7.3
OpenSSL version: OpenSSL 1.1.1d  10 Sep 2019

[buchdag]

Hi @HorridoJoho

This looks like it might be an issue with alpine itself :

• https://gitlab.alpinelinux.org/alpine/aports/-/issues/12091
• https://github.com/alpinelinux/docker-alpine/issues/135
• https://raspberrypi.stackexchange.com/questions/121159/docker-alpinelatest-image-fails-to-get-date-so-everything-fails

I've just updated the image to alpine 3.15.0, could you try again with a freshly pulled nginxproxy/acme-companion:latest ?

[HorridoJoho]

Hi @buchdag,

thanks for your response.

Looks like i have to continue updating my certificates manually for now. A topic i read again and again is it may be related to libseccomp2 stuff. Even updated this with a .deb package from debian repos manually. But newer versions need a bunch of dependencies updated which i don't feel comfortable with doing manually.

Maybe it is time to update my little pi with a distro directly from debian which has more up to date libraries than the pi os. Not sure about that yet tho.

Attaching to nginx-proxy-acme
nginx-proxy-acme    | Info: running acme-companion version v2.1.1
nginx-proxy-acme    | Generating a RSA private key
nginx-proxy-acme    | ............................................................................................++++
nginx-proxy-acme    | ..........................++++
nginx-proxy-acme    | writing new private key to '/etc/nginx/certs/default.key.new'
nginx-proxy-acme    | -----
nginx-proxy-acme    | 3070202768:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
nginx-proxy-acme    | Info: a default key and certificate have been created at /etc/nginx/certs/default.key and /etc/nginx/certs/default.crt.
nginx-proxy-acme    | Warning: /etc/nginx/certs/default.key does not exist. Skipping ownership and permissions check.
nginx-proxy-acme    | Warning: /etc/nginx/certs/default.crt does not exist. Skipping ownership and permissions check.
nginx-proxy-acme    | Info: Custom Diffie-Hellman group found, generation skipped.
nginx-proxy-acme    | Reloading nginx proxy (4e8bbf700638ceff1f0324f2162099a2d2e4a7c325ed22d2ea69d7c4ce403563)...
nginx-proxy-acme    | 2021/12/08 23:10:54 Generated '/etc/nginx/conf.d/default.conf' from 5 containers
nginx-proxy-acme    | 2021/12/08 23:10:54 [notice] 49#49: signal process started
nginx-proxy-acme    | 2021/12/08 23:10:54 Generated '/app/letsencrypt_service_data' from 5 containers
nginx-proxy-acme    | 2021/12/08 23:10:54 Running '/app/signal_le_service'
nginx-proxy-acme    | 2021/12/08 23:10:54 Watching docker events
nginx-proxy-acme    | 2021/12/08 23:10:55 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Registering account: https://acme-v02.api.letsencrypt.org/directory
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Giving up sending to CA server after 20 retries.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Register account Error:
nginx-proxy-acme    | Error: no ACME account was found or registered for  and https://acme-v02.api.letsencrypt.org/directory, certificate creation aborted.
nginx-proxy-acme    | Sleep for 3600s

[buchdag]

If my memory is correct it might also be linked to this change in alpine 3.13, so maybe more a 32 bits OS issue. AFAIK Raspbian / Raspberry Pi OS is still 32 bits only. It's been a long time since I used my Pi(s), but now that Ubuntu is available on them I honestly can't recommend using Raspbian / Raspberry Pi OS for server stuff like this.