Changed domain, and cerbot fails in many ways

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
app.weally.org

I ran this command:

1. weally@vps-cb318f69:~/production/weally_conf$ docker exec -it nginx certbot -d app.weally.org --config-dir ~/.certbot/config --logs-dir ~/.certbot/logs --work-dir ~/.certbot/work
2. weally@vps-cb318f69:~/production/weally_conf$ docker exec -it nginx certbot -d app.weally.org

It produced this output:

  1. Saving debug log to /home/weally/.certbot/logs/letsencrypt.log
    Unable to recover files from /home/weally/.certbot/work/temp_checkpoint
    Incomplete or failed recovery for /home/weally/.certbot/work/temp_checkpoint
    Unable to revert temporary config
    Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /home/weally/.certbot/logs/letsencrypt.log or re-run Certbot with -v for more details.
    2.Saving debug log to /var/log/letsencrypt/letsencrypt.log
    The following error was encountered:
    [Errno 30] Read-only file system: '/etc/letsencrypt/.certbot.lock'
    Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.

What is weired, is that I could not find the above folders (I wanted to chown them or delete them to restart from scratch)

My web server is (include version): nginx:1.21-alpine (through docker)

The operating system my web server runs on is (include version): Ubuntu 21.04

My hosting provider, if applicable, is: OVH (Kimsufi)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.27.0

Actually I found out my problem.

I was confused since I'm running certbot from docker with this config file:

FROM nginx:1.21.1-alpine

COPY ./data/nginx/. /etc/nginx/conf.d/.

RUN apk add python3 python3-dev py3-pip build-base libressl-dev musl-dev libffi-dev rust cargo
RUN pip3 install pip --upgrade
RUN pip3 install certbot-nginx
RUN mkdir /etc/letsencrypt

In docker-compose.yml I added read only constraints on config folders then forgot about it (:ro):

  nginx:
    container_name: nginx
    image: 'nginx:1.21-alpine-modified'
    ports:
      - "80:80"
      - "443:443"
    depends_on:
      - graphql_server
      - next_server
    volumes:
      - ./data/nginx:/etc/nginx/conf.d:ro
      - ./data/nginx/cache:/var/cache/nginx
      - ./data/certbot/conf:/etc/letsencrypt:ro
      - ./data/certbot/www:/var/www/certbot
    networks:
      - weally
    command: tail -f /dev/null
1 Like

Oh, come on. You know you can actually run nginx in a non-daemonized mode, like systemd does? :smiley:

I'd like to see that entrypoint, there's always a new way to write nginx+certbot containers :smiley:

1 Like