My domain is:
malakan.co.uk.
Trying to setup the subdomain gramps.malakan.co.uk (and others once I know how to do this)
I ran this command:
certonly --webroot -w /var/www/certbot -d gramps.malakan.co.uk --force-renewal --email mattcolbear@gmail.com --agree-tos
It produced this output:
certbot | Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
certbot | Domain: gramps.malakan.co.uk
certbot | Type: unauthorized
certbot | Detail: 2606:4700:3031::ac43:9b26: Invalid response from http://gramps.malakan.co.uk/.well-known/acme-challenge/879ddo_yN9c2JEtQcp3CgUBbr_l2zw2J6OTUX6rReLk: 521
certbot |
certbot | Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
certbot |
certbot | Some challenges have failed.
certbot | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
no sure what this means
The operating system my web server runs on is (include version):
Ubuntu 24.04.1 LTS
My hosting provider, if applicable, is:
localhost
I can login to a root shell on my machine (yes or no, or I don't know):yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): docker image: certbot/certbot ( not sure which version.
I am using Docker to get some servers up. I have https setup and functional with a ssl cert for malakan.co.uk. I'm attempting to add subdomains but am having problems with certbot and nginx. I think it's to do with the path the certs are saved in but I'm new to this and am doing it a bit blind.
I see this error in docker compose logs
nginx-proxy | nginx.1 | nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/gramps.malakan.co.uk/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/gramps.malakan.co.uk/fullchain.pem, r) error:10000080:BIO routines::no such file)
What am I doing wrong here?
Files:
nginx.conf
events {
worker_connections 1024;
}http {
server_tokens off;
charset utf-8;# always redirect to https server { server_name _; listen 80 default_server; return 301 https://$host$request_uri; } server { server_name malakan.co.uk; listen 443 ssl; http2 on; # use the certificates ssl_certificate /etc/letsencrypt/live/malakan.co.uk/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/malakan.co.uk/privkey.pem; root /var/www/html; index index.php index.html index.htm; location / { proxy_pass http://helloworld:8000/; } location /.well-known/acme-challenge/ { root /var/www/certbot; } } server { server_name gramps.malakan.co.uk; listen 443 ssl; http2 on; # use the certificates ssl_certificate /etc/letsencrypt/live/gramps.malakan.co.uk/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/gramps.malakan.co.uk/privkey.pem; root /var/www/html; index index.php index.html index.htm; location / { proxy_pass http://helloworld:8000/; } location /.well-known/acme-challenge/ { root /var/www/certbot; } }
}
docker-compose.yml
services:
helloworld:
container_name: helloworld
image: crccheck/hello-world
restart: always
environment:
VIRTUAL_PORT: "8000"
VIRTUAL_HOST: gramps.malakan.co.uk
LETSENCRYPT_HOST: gramps.malakan.co.uk
LETSENCRYPT_EMAIL: # your email
networks:
- proxy-tierproxy:
container_name: nginx-proxy
image: docker.io/nginxproxy/nginx-proxy
restart: always
ports:
- 80:80
- 443:443
environment:
ENABLE_IPV6: "true"
volumes:
- ./nginx_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro
- conf:/etc/nginx/conf.d
- dhparam:/etc/nginx/dhparam
- certs:/etc/nginx/certs:ro
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
networks:
- proxy-tiercertbot:
container_name: certbot
image: certbot/certbot
volumes:
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
# command: certonly --webroot -w /var/www/certbot --keep-until-expiring -d malakan.co.uk --agree-tos
command: certonly --webroot -w /var/www/certbot -d gramps.malakan.co.uk --force-renewal --agree-tos
networks:
- proxy-tiervolumes:
certs:
conf:
dhparam:
vhost.d:
html:networks:
proxy-tier: