Certbot failed to authenticate some domains

ansariminhaj · January 27, 2023, 6:37am

Okay I'm back trying to work out SSL! Here are the steps I took.

I run the command below to generate certificates.
sudo certbot certonly --standalone

I can see those certificates with this command:
sudo certbot certificates

OUTPUT:

Found the following certs:
Certificate Name: www.mynacode.com
Serial Number: 49006a6db81c06650aa57f0c15b118fb332
Key Type: RSA
Domains: www.mynacode.com
Expiry Date: 2023-04-27 04:47:37+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.mynacode.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.mynacode.com/privkey.pem

ansariminhaj · January 27, 2023, 6:39am

One my AWS server, I modify my nginx.conf file to reroute unsecured connection on port 80 to secure connection on port 443

upstream api {
server backend:8000;
}

server {
listen 8080;
server_name mynacode.com www.mynacode.com;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;

server_name mynacode.com www.mynacode.com;

ssl_certificate /etc/letsencrypt/live/www.mynacode.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.mynacode.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

location / {
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
root /var/www/react;
try_files $uri /index.html;
proxy_set_header Host $host;
}

location /api/ {
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
proxy_pass http://api;
proxy_set_header Host $http_host;
}
}

ansariminhaj · January 27, 2023, 6:40am

This is my docker-compose file on my AWS server:

version: '3'

services:
backend:
image: ansariuminhaj/mynacode:mynacode-backend
command: gunicorn djreact.wsgi --bind 0.0.0.0:8000
ports:
- 8000:8000
depends_on:
- pgdb
pgdb:
image: ansariuminhaj/mynacode:postgres
environment:
POSTGRES_HOST_AUTH_METHOD: trust
volumes:
- pgdata:/var/lib/postgresql/data
frontend:
image: ansariuminhaj/mynacode:mynacode-frontend
volumes:
- react_build:/frontend/build
nginx:
image: ansariuminhaj/mynacode:nginx
ports:
- 80:8080
volumes:
- ./nginx/nginx_setup.conf:/etc/nginx/conf.d/default.conf:ro
- react_build:/var/www/react
- ./certbot/www:/var/www/certbot/:ro
- ./certbot/conf/:/etc/nginx/ssl/:ro
depends_on:
- backend
- frontend
certbot:
image: certbot/certbot:latest
volumes:
- ./certbot/www/:/var/www/certbot/:rw
- ./certbot/conf/:/etc/letsencrypt/:rw

volumes:
react_build:
pgdata:

ansariminhaj · January 27, 2023, 6:41am

Last time I was running certbot on my local machine. This time, I'm running everything on my AWS server.

ansariminhaj · January 27, 2023, 6:41am

However i get this error

ERROR

nginx_1 | 2023/01/27 06:33:08 [emerg] 1#1: cannot load certificate "/etc/letsencrypt/live/www.mynacode.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/www.mynacode.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx_1 | nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/www.mynacode.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/www.mynacode.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

ansariminhaj · January 27, 2023, 6:42am

I'm a little confused, since I check path /etc/letsencrypt/live/www.mynacode.com and I see both fullchain.pem and privkey.pem files there

ansariminhaj · January 27, 2023, 6:43am

rg305 · January 27, 2023, 6:50am

I think your docker code needs to allow the nginx access to the folder where the cert is.
I don't see where is has that access:

ansariminhaj:

nginx:
image: ansariuminhaj/mynacode:nginx
ports:
- 80:8080
volumes:
- ./nginx/nginx_setup.conf:/etc/nginx/conf.d/default.conf:ro
- react_build:/var/www/react
- ./certbot/www:/var/www/certbot/:ro
- ./certbot/conf/:/etc/nginx/ssl/:ro
depends_on:
- backend
- frontend

ansariminhaj · January 27, 2023, 7:00am

volumes:
  - ./nginx/nginx_setup.conf:/etc/nginx/conf.d/default.conf:ro
  - react_build:/var/www/react
  - /etc/letsencrypt/live/www.mynacode.com/:/var/www/certbot/:ro
  - ./certbot/conf/:/etc/nginx/ssl/:ro

Will this do the trick?

rg305 · January 27, 2023, 7:05am

I'm not a Docker expert [this isn't a Docker forum]...
But, I say, it's worth the try.
If that fails, maybe a quick search engine search would show the way.

ansariminhaj · January 27, 2023, 7:19am

Okay, thank you for all your help! I will see if i can fix this

ansariminhaj · January 29, 2023, 2:43am

Fixed! I followed this tutorial (Nginx and Let’s Encrypt with Docker in Less Than 5 Minutes | by Philipp | Medium) and now my website is working on port 443.

Thank you @rg305 and @MikeMcQ

MikeMcQ · January 29, 2023, 3:35am

Great to hear. Did you intentionally drop support for mynacode.com ? There is not even a DNS A record for it.

I do see www.mynacode.com working

ansariminhaj · January 29, 2023, 7:05am

Yes, I need to add one for mynacode.com. This was intentional but I'll fix that

system · February 28, 2023, 7:05am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot failed to authenticate some domains Help	13	425	August 2, 2023
Certbot failed to authenticate some domains Help	15	6759	December 5, 2021
Certbot failed to autheticate some domains (... In Docker) Help	5	602	November 19, 2022
Certbot failed to authenticate some domains Help	3	319	December 9, 2023
Certbot failed to authenticate some domains (authenticator: webroot) Help	17	1214	September 15, 2023

Certbot failed to authenticate some domains

Related topics