Yes, this part seems to run fine. Here's the output of the init sript in full when I try to run it:
./init-letsencrypt.sh
Existing data found for collabora.alamko.de. Continue and replace existing certificate? (y/N) y
### Creating dummy certificate for collabora.alamko.de ...
Creating collabora_certbot_run ... done
Generating a RSA private key
..............++++
.................................................................................................................................................................................................................................++++
writing new private key to '/etc/letsencrypt/live/collabora.alamko.de/privkey.pem'
-----
### Starting nginx ...
Recreating collabora_nginx_1 ... done
### Deleting dummy certificate for collabora.alamko.de ...
Creating collabora_certbot_run ... done
### Requesting Let's Encrypt certificate for collabora.alamko.de ...
Creating collabora_certbot_run ... done
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for collabora.alamko.de
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: collabora.alamko.de
Type: connection
Detail: Fetching http://collabora.alamko.de/.well-known/acme-challenge/K8Z7iSo6w37diqNpqDIBRVLci-zVhTU54Wdf4AEPrN0: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
### Reloading nginx ...
2021/06/03 19:50:13 [emerg] 38#38: cannot load certificate "/etc/letsencrypt/live/collabora.alamko.de/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/collabora.alamko.de/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/collabora.alamko.de/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/collabora.alamko.de/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
root@ubuntu-4gb-hel1-1:~/Projects/collabora#
Chances exist your nginx won't run even with the fake self signed certs due to some other reason. However, you won't be able to debug that by running the entire script, as it'll delete the fake certs also, which would make nginx dysfunctional again if certbot doesn't work. The fact LE still reports a "connection refused" leads me to believe nginx has some other issue.
You should run the separate fake cert part and then run nginx -T again:
I copied your code block to a .sh script and ran it:
./lecommunity.sh
Creating collabora_certbot_run ... done
Generating a RSA private key
...................++++
........................................................................................++++
writing new private key to '/etc/letsencrypt/live/collabora.alamko.de/privkey.pem'
However, when the script finishes there's no running nginx docker container for me to exec into and check nginx -T. The script just runs with the above output?
That's because that part of the script doesn't do anything with the nginx container? It uses the certbot container to just write some fake certs to the place the actual certbot certificates would end up.
You should be able to do your nginx magic to get docker to do something with nginx -T. I don't use docker (luckily..), so no idea how you'd do that.
Edit: Probably something like docker-compose up --force-recreate -d nginx ? Got that from the script too, wasn't that hard to find........
OK, thanks again. I was able to run the container with your suggestion. After running it I exec into it and ran nginx -T. Below is the output. Let me know if this gives any new info or if there's any other info I can provide?
OK, now that your nginx is actually running, you can debug the "connection refused" problem. Because if it's actually running right now, from the world wide web it still seems to be down:
osiris@erazer ~ $ curl -LIv collabora.alamko.de
* Trying 2a01:4f9:c011:b5a::1:80...
* connect to 2a01:4f9:c011:b5a::1 port 80 failed: Connection refused
* Trying 135.181.152.187:80...
* connect to 135.181.152.187 port 80 failed: Connection refused
* Failed to connect to collabora.alamko.de port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to collabora.alamko.de port 80: Connection refused
osiris@erazer ~ $
Please make sure the world wide web can access your nginx docker container on port 80 and also on port 443 (as there's a redirect from 80 to 443 in place).
Right. This is what I was saying when I opened the post. Those redirects shouldn't be there! They existed from when I ran the same docker nginx before - that's what I used for redirects. Now, even when I stop the container the redirects remain in place which I find baffling.
I have no redirects set up, except those in the conf file when I run nginx
The redirects are not the issue right now.. Please read carefully: your entire webserver is not accessible from the world wide web. It does NOT redirect at all, as I can't even connect to port 80.
The part where I mentioned the redirect in my previous post is just to make sure you also make sure port 443 is properly open and not just port 80. Nothing more.
Hi, the only file I want to be used in there is app.conf, none of the others. I have since deleted oldapp.conf.
You really need a fully functional HTTP config before trying to enable HTTPS.
Could you expand on this? Is this within the realm of the nginx service I've been working on and quoting throughout the post replies, or do you mean something else entirely?
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
81da6cee9527 nginx:1.19 "/docker-entrypoint.…" 4 seconds ago Up 2 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp collabora_nginx_1
The ports on the container map to that of host on 443 and 80.