Configure in stateless mode

Hi guys,

I’m trying to use in stateless mode and I keep getting errors related to the authorization key being different. The setup is done in 2 separate Docker containers, one running Nginx with the authorization key received at the registration, the other container runs in stateless mode and checks the URL which is served by the Nginx container. Is the authorization key changed frequently? I registered manually and added that key in a script which further generates entries in the Nginx config for multiple domains and I can’t get certificates because this key seems to be different by the one used in the challange.

Nginx config:

server {

    listen 443 ssl;
    listen [::]:443 ssl;
    # SSL settings
    include /etc/nginx/ssl/ssl.conf;


    # LetsEncrypt Challenge
    location ~ "^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$" {
            default_type text/plain;
            return 200 "$1.authorization_key";

    # base
    location / {
            return 302;

Any idea?


Is this container persistent - i.e .is it saving the settings between runs? The account thumbprint is based on a hash of the ACME account key.

The ACME account key, if missing, is generated and then saved by to the filesystem. It is then re-used.

If you run in a container that runs from a blank state every time, it's going to keep registering new accounts, with different keys, which will have different thumbprints.

the registration was done on the VM, outside of the acme container.

so you’re saying that i need to do the registration inside the acme container and then export that key to the nginx container (shared volume) and use it as static content for the config of the virtual host?

How does the container get access to that registration?

The workflow should look like this.

1. Create persistent storage for (it is required so you can re-use the same ACME registration every run)


2. Register an ACME account using the persistent storage

$ docker run --rm -v "$(pwd)/":/ neilpang/ --register-account
[Fri Jul  6 11:18:32 UTC 2018] Registering account
[Fri Jul  6 11:18:35 UTC 2018] Registered
[Fri Jul  6 11:18:35 UTC 2018] ACCOUNT_THUMBPRINT='eKzCWnJVe60tdUezRLP9kuCcEf0IqAXKWsLRMSjxunw'

Resulting in:

$ ls -lR
total 12
drwxr-xr-x 3 root root 4096 Jul  6 21:18 ca
-rw-r--r-- 1 root root   17 Jul  6 21:20 account.conf
-rw-r--r-- 1 root root  544 Jul  6 21:20 http.header
total 4
drwxr-xr-x 2 root root 4096 Jul  6 21:18
total 12
-rw-r--r-- 1 root root  580 Jul  6 21:18 account.json
-rw------- 1 root root 1679 Jul  6 21:18 account.key
-rw-r--r-- 1 root root  128 Jul  6 21:20 ca.conf

3. Every time you run the container, it will re-use the same account and always have the same thumbprint

$ docker run --rm -v "$(pwd)/":/ neilpang/ --register-account
[Fri Jul  6 11:22:10 UTC 2018] Registering account
[Fri Jul  6 11:22:13 UTC 2018] Already registered
[Fri Jul  6 11:22:13 UTC 2018] ACCOUNT_THUMBPRINT='eKzCWnJVe60tdUezRLP9kuCcEf0IqAXKWsLRMSjxunw'

Once you reach this point, the stateless configuration should work fine because the thumbprint portion will be unchanging.

1 Like

Thanks for your reply

after i created the “” folder on the host, i ran the docker run command to create the persisten volume, it worked, i got a new ACCOUNT_THUMBPRINT but no files were written inside my local host “” folder. am i missing something?

If you enter the commands verbatim as presented in my post, then the directory should contain files after step 2.

If that’s not the case, then something is going on with Docker or permissions on your host.

you are right, i changed the directory from inside the container, to another location to be used by my local script but i will adapt that to the “/”


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.