search

wmnnd / nginx-certbot

Boilerplate configuration for nginx and certbot with docker-compose
MIT License
3.16k stars 1.17k forks source link

Running init-letsencrypt inside a docker container #97

Open FynnHunt opened 4 years ago

FynnHunt commented 4 years ago

I am trying to run init-letsencrypt inside of a docker container which I use to launch and maintain other docker containers on my host (by volume mounting the docker.sock). This is the docker-compose setup of the container I am trying to run init-letsencrypt inside of - 

`version: "3"
services:
...
  pod:
    image: ...
    container_name: ...
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/ubuntu/mothership-pod-config/env.list:/home/ubuntu/mothership-pod-config/env.list
      - /home/ubuntu/mothership-pod-config/nginx:/nginx
      - /etc/letsencrypt:/etc/letsencrypt
      - /var/www/certbot:/var/www/certbot
    ports:
      - "3000:3000"`

The whole nginx-certbot setup is inside my /nginx/ folder in the container, this is where the script is run from.

My assumption here is that by mounting the docker.sock and having access over docker running on the host means that when running docker-compose inside the container the commands will be sent through to the host. I think I have volume mounted the neccessary folders in to the container but I might be missing something?

The problem I am seeing when running init-letsencrypt.sh inside the container is from certbot -

### Creating dummy certificate for ...
Creating network "nginx_backbone" with driver "bridge"
Creating network "nginx_default" with the default driver
Creating nginx_certbot_run ... done
Generating a RSA private key
..........................................................................................................................................++++
................................................++++
writing new private key to '/etc/letsencrypt/live/.../privkey.pem'
req: Can't open "/etc/letsencrypt/live/.../privkey.pem" for writing, No such file or directory

### Starting nginx ...
Creating nginx_nginx_1 ... done

### Deleting dummy certificate for ...
Creating nginx_certbot_run ... done

### Requesting Let's Encrypt certificate for ...
Creating nginx_certbot_run ... done
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ...
http-01 challenge for ...
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain ...
Challenge failed for domain ...
http-01 challenge for ...
http-01 challenge for ...
Cleaning up challenges
Some challenges have failed.

Note: I have replaced my domain and other non relevant information with "...".

I might be missing something here but it looks like certbot is failing to write to /etc/letsencrypt/live ? Is this a permissions problem as I am attempting to run the script from within a container? Any help will be greatly appreciated!

Additional note: I tried checking the certbot log file in /var/log/letsencrypt/letsencrypt.log and it did not exist.

hajo62 commented 3 years ago

Additional note: I tried checking the certbot log file in /var/log/letsencrypt/letsencrypt.log and it did not exist. I also can't find a log, which is a problem when trying debug ;(

paasshme commented 2 years ago

Did you managed to fix it ?

Vivekgupta98 commented 1 year ago

Make sure to run the script with staging=1 atleast once to create all required structure.