Domain was not successfully self-verified when launching the 3 dockers

[SuperITMan]

Hello,

I'm using your project since one month and I find it awesome ! Thanks for this :)

Yesterday, I decided to use your project as you recommended, in 3 different dockers. Unfortunately, it does not work. Impossible to get my sites in https and when I go on them via http, I obtain an error 503... I precise that this works when I launch only two containers.

This is the error I obtained when letsencrypt should generate the certificate :

Sleep for 3600s 2016/08/12 22:44:09 Generated '/app/letsencrypt_service_data' from 1 containers 2016/08/12 22:44:09 Running '/app/update_certs' 2016/08/12 22:44:09 Watching docker events Sleep for 3600s 2016/08/12 22:44:10 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/update_certs' 2016/08/12 22:44:33 Received event start for container 23ffd9ec7191 2016/08/12 22:44:48 Debounce minTimer fired 2016/08/12 22:44:49 Generated '/app/letsencrypt_service_data' from 2 containers 2016/08/12 22:44:49 Running '/app/update_certs' Reloading nginx proxy (using separate container nginx-gen)... Creating/renewal tfe.ags.ovh certificates... (tfe.ags.ovh) 2016-08-12 22:44:49,723:INFO:simp_le:1211: Generating new account key 2016-08-12 22:44:50,597:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org 2016-08-12 22:44:50,858:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org 2016-08-12 22:44:51,098:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org 2016-08-12 22:44:52,041:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): letsencrypt.org 2016-08-12 22:44:52,706:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org 2016-08-12 22:44:52,963:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org 2016-08-12 22:44:53,219:INFO:requests.packages.urllib3.connectionpool:207: Starting new HTTP connection (1): tfe.ags.ovh 2016-08-12 22:44:53,223:WARNING:simp_le:1303: tfe.ags.ovh was not successfully self-verified. CA is likely to fail as well! 2016-08-12 22:44:53,243:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org 2016-08-12 22:44:53,488:INFO:simp_le:1313: Generating new certificate private key root@Jessie:~# docker logs nginx 2016/08/12 22:44:39 [emerg] 1#1: no servers are inside upstream in /etc/nginx/conf.d/default.conf:36 2016/08/12 22:44:50 [emerg] 1#1: no servers are inside upstream in /etc/nginx/conf.d/default.conf:36 tfe.ags.ovh 172.17.0.1 - - [12/Aug/2016:22:44:53 +0000] "GET /.well-known/acme-challenge/3RwZLyVHFKdnC_j3Nn7U_21fS2ExYoKURg1Yc7DLbok HTTP/1.1" 503 213 "-" "python-requests/2.8.1" tfe.ags.ovh 66.133.109.36 - - [12/Aug/2016:22:44:54 +0000] "GET /.well-known/acme-challenge/3RwZLyVHFKdnC_j3Nn7U_21fS2ExYoKURg1Yc7DLbok HTTP/1.1" 503 213 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

For the 3 dockers, I made theses commands :

• # Launch nginx docker run -d -it -p 80:80 -p 443:443 \ --name nginx \ -v /etc/nginx/conf.d \ -v /etc/nginx/vhost.d \ -v /usr/share/nginx/html \ -v /etc/nginx/certs:/etc/nginx/certs:ro \ --restart="always" \ nginx
• # Download template curl https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl > /tmp/templates/nginx.tmpl
• # Launch docker-gen for nginx docker run -d \ --name nginx-gen \ --volumes-from nginx \ -v /tmp/templates/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro \ -v /var/run/docker.sock:/tmp/docker.sock:ro \ jwilder/docker-gen \ -notify-sighup nginx -watch -only-exposed -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
• # Launch letsencrypt-companion docker run -it -d \ --name nginx-letsencrypt \ -e "NGINX_DOCKER_GEN_CONTAINER=nginx-gen" \ --volumes-from nginx \ -v /etc/nginx/certs:/etc/nginx/certs:rw \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ jrcs/letsencrypt-nginx-proxy-companion

I have no idea of the reason why it does not work but if some one of you has one it would be really cool !

I hope I give all necessary infos :)

PS: Sorry for my English, it's not my mother tonge

[ryneeverett]

I've started seeing this on new instances as well. Edit: I messed up the volumes so /etc/nginx/vhost.d/default wasn't available. Can't reproduce.

[SuperITMan]

Hello, I don't understand why the subject is closed. Am I alone to have this issue ?

Thanks for your time.

[ryneeverett]

@SuperITMan There are several things that could go wrong to produce that output. Could you show us the nginx configuration generated? docker exec -it nginx cat /etc/nginx/conf.d/default.conf

[faultylee]

@SuperITMan I was struggling with this earlier too, the key is no servers are inside upstream in /etc/nginx/conf.d/default.conf:36. If you open your 'default.conf' you should see empty upstream configuration. If that's the case remove -only-exposed from your docker-gen command

-notify-sighup nginx -watch-only-exposed-wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf

Ref: https://github.com/jwilder/nginx-proxy/issues/479 EDIT Also https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/pull/81

[JrCs]

If the upstream configuration is empty it's that the "backend" web server doesn't expose any port ? If it is the case add a --expose port when you start the backend container

[faultylee]

@JrCs I think you meant --expose port. Some how with -only-exposed docker-gen didn't pickup those with default EXPOSE from Dockerfile. Anyway I'm not really an expert here but removing -only-exposed resolved my issue I had that day

[ryneeverett]

Some how with -only-exposed docker-gen didn't pickup those with default EXPOSE from Dockerfile.

I expose ports with EXPOSE and have not had this problem.

[faultylee]

@ryneeverett you're right, my bad. I left out EXPOSE in my Dockerfile. Thanks

[stefanfritsch]

I have the same issue,

1. If I use the provided example with tutum/apache-php it works, but only without -only-exposed.
2. If I try it with a different server even that doesn't work.

I expose the port (8787) in the Dockerfile, I have an expose in the docker-compose.yml but with -only-exposed nothing happens. Without it the server appears in upstream but marked as "down".

Here's the dockerfile:

FROM rocker/hadleyverse
MAINTAINER Stefan Fritsch <fritsch@stat-up.com>

RUN apt-get update \
        && apt-get -y install nginx-light nano procps jags r-cran-rjags \
        && apt-get clean

RUN echo "fr_FR.UTF-8 UTF-8" >> /etc/locale.gen \
        && echo "de_DE.UTF-8 UTF-8" >> /etc/locale.gen \
        && locale-gen
RUN update-locale

EXPOSE 8787

WORKDIR /

CMD ["/init"]

and here the docker-compose.yml (nginx&co. run on the same network, and as mentioned apache-php works)

version: '2'
networks:
  default:
    external:
      name: external
services:
  rstudio-server:
    build: .
    image: stefanfritsch/rstudio_statup:3.3.2
    restart: unless-stopped
    mem_limit: 60000m
    container_name: rstudio-server
    environment:
    - VIRTUAL_HOST=rstudio.stat-up.com
    - LETSENCRYPT_HOST=rstudio.stat-up.com
    - LETSENCRYPT_EMAIL=it@stat-up.com
    expose:
    - "8787"

[JrCs]

Try with publishing the port.