Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command: docker run -it -v /STORAGE/Sites/certs:/.lego -v /STORAGE/Sites/#####.#####.com:/tmp/webroot xenolf/lego --email="#####@###.com" --webroot /tmp/webroot --domains="#####.#####.com" run
It produced this output: 2018/06/29 16:20:51 No key found for account #####@###.com. Generating a curve P384 EC key.
2018/06/29 16:20:51 Saved key to /.lego/accounts/acme-v01.api.letsencrypt.org/#####@###.com/keys/#####@###.com.key
2018/06/29 16:20:53 [INFO] acme: Registering account for #####@###.com
2018/06/29 16:20:53 !!! HEADS UP !!!
2018/06/29 16:20:53
Your account credentials have been saved in your Let’s Encrypt
configuration directory at “/.lego/accounts/acme-v01.api.letsencrypt.org/#####@###.com”.
You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let’s Encrypt so making regular
backups of this folder is ideal.
2018/06/29 16:20:53 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2018/06/29 16:20:53 Do you accept the TOS? Y/n
Y
2018/06/29 16:21:17 [INFO][#####.#####.com] acme: Obtaining bundled SAN certificate
2018/06/29 16:21:18 [INFO][#####.#####.com] AuthURL: https://acme-v01.api.letsencrypt.org/acme/authz/DRvfqsfI3FcV8ecRj4zIUi1PCplpRXjuP18r3fMYpIA
2018/06/29 16:21:18 [INFO][#####.#####.com] acme: Trying to solve HTTP-01
2018/06/29 16:21:18 [#####.#####.com] Could not obtain certificates
[#####.#####.com] error presenting token: Could not create required directories in webroot for HTTP challenge -> mkdir /tmp/webroot/.well-known/acme-challenge: permission denied
My web server is (include version): Mac OS Server 5.2
The operating system my web server runs on is (include version): Mac OS X 10.11.6
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Please help! SSL Certificate expired days ago, renewal status is still pending for days now.
It looks like this directory (which presumably contains your web site's content) can't be written to by the user as whom you're running docker. This is a requirement for the method that you're using, so you'll need to change the permissions on this directory or else run docker as a different user.
Thanks for your response schoen. Ran the command in bash actually…
bash-3.2# docker run -it -v /STORAGE/Sites/certs:/.lego -v /STORAGE/Sites/#####.#####.com:/tmp/webroot xenolf/lego --email="#####@###.com" --webroot /tmp/webroot --domains="#####.#####.com" run
Was thinking maybe the certificate has expired already, that’s why it’s getting denied permission? Is there a way to re-create, start cert request from scratch, maybe?
xenolf/lego --email="#####@###.com" --webroot /tmp/webroot --domains="#####.#####.com" run
with just bash, forming a command like
docker run -it -v /STORAGE/Sites/certs:/.lego -v /STORAGE/Sites/#####.#####.com:/tmp/webroot bash
and then you would have a shell prompt with the same environment that the lego command would have had. In that case you can run id to see if you are still considered root inside of docker, and you can also try running mkdir to see if you can create /tmp/webroot/.well-known and then /tmp/webroot/.well-known/acme-challenge inside of docker.