Hi,
I am sorry for posting a request on a topic that seems to have been addressed so many times, but all the workarounds I have seen did not help me. Therefore I would be extremely thankful if someone could help me with this issue:
I am (unfortunately) working on windows server, running multiple services that are dockerized, including an API, a proxy (NGINX) and a website (accessible through NGINX on port 80). I have followed different tutorials, including this one. So in my docker-compose file, I have added a certbot container that writes into a folder located in its container, which is mounted to a folder in windows. NGINX has also a location that is mounted to the same windows folder, and that is given to client addressing the service at /.well-known/acme-challenge/ . IIS is disabled as it is handled by nginx.
The docker-compose configuration is as follows (the part that concern my issue) (without the "2" for the domain):
networks:
network:
driver: bridge
services:
nginx:
image: nginx:latest
ports:
- "80:80"
volumes:
- "./nginx.conf:/etc/nginx/nginx.conf"
- "./html:/usr/share/nginx/html"
- ./certbot/www/:/var/www/certbot/:rw
networks:
- network
restart: always
certbot:
image: certbot/certbot:latest
volumes:
- ./certbot/www/:/var/www/certbot/:rw
- ./certbot/conf/:/etc/letsencrypt/:rw
networks:
- network
And the nginx conf file is as follows (without the 2 for the domain):
worker_processes 1;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
server {
listen 80 ;
server_name sensordatacrichton2.uk www.sensordatacrichton2.uk;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
root /usr/share/nginx/html;
index index.html;
}
}
}
When I run the command (without the 2 for the domain):
docker-compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ --dry-run -v -d sensordatacrichton2.uk
some challenges fail:
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain sensordatacrichton2.uk
http-01 challenge for sensordatacrichton2.uk
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: domainname.uk
Type: connection
Detail: <ip_address>: Fetching http://sensordatacrichton2.uk/.well-known/acme-challenge/ckjDC6YMCpeZ0XkXVmOxS3rpzab5jKvQU80phyEtWeI: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
So it seems that certbot is not able to write into the www/certbot folder. I have created a “.well-known” folder and a “acme-challenge” folder, then have added an index.html file there, which is accessible from here: http://sensordatacrichton2.uk/.well-known/acme-challenge/index.html
When I get into my nginx container, I can successfully create a file that then appears in windows, so I do not really understand how come certbot cannot do the same thing…
If you have any idea of how I could solve it, it would be deeply appreciated !
Many thanks in advance !
Also if needed, the route to let’s encrypt (I wonder if this is all due to a DNS issue as, although my nginx service is accessible from outside, I cannot access it from my local network (not even from the computer using localhost, not 0.0.0.0, nor 127.0.0.0)):
1 10.0.2.253
2 no-dns-yet.demon.co.uk [194.70.168.245]
3 ae12-xcr1.lns.cw.net [195.2.28.26]
4 ae1-xcr1.ltw.cw.net [195.2.24.125]
5 cloudflare-gw-xcr1.ltw.cw.net [195.2.29.90]
6 141.101.71.63
7 172.65.32.248
My domain is:
sensordatacrichton2.uk without the “2”
I ran this command:
docker-compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ --dry-run -v -d sensordatacrichton2.uk
It produced this output:
- Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain sensordatacrichton2.uk
http-01 challenge for sensordatacrichton2.uk
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: domainname.uk
Type: connection
Detail: <ip_address>: Fetching http://sensordatacrichton2.uk/.well-known/acme-challenge/ckjDC6YMCpeZ0XkXVmOxS3rpzab5jKvQU80phyEtWeI: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
*
My web server is (include version):
Nginx (docker-compose: latest)
The operating system my web server runs on is (include version):
Docker-compose, running on windows
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
Docker certbot