I use this docker package https://github.com/fiorix/freegeoip which includes acme/autocert integration allowing us to request, receive, and use Let’s Encrypt certificates for domains configured to use this package.
I was using an SSL certificate recently without issue, but for some reason, it appears to have stopped working recently, and I have no idea why. I’m no expert on docker packages, nor do I know anything about the Go language… so does anyone know how to troubleshoot / see why Let’s Encrypt integration in docker containers using acme/autocert is not working?
I can run the package interactively, but all I get from the output is:
In the docker container itself? How do I access the files in the docker container?
I tried modifying the command to run the docker container with this:
-v /var/www/geoservices/logs:/var/log
I would assume that would use my server’s /var/www/geoservices/logs directory for the docker container’s /var/log directory. Unfortunately, that didn’t work, and I don’t see any logs from the docker container in /var/www/geoservices/logs. My server’s let’s encrypt logs are in /var/log/letsencrypt, but these aren’t the docker logs, so they show nothing of value.
Thanks, I didn’t know that. I was able to connect to the docker container directly using a bash shell, but I don’t see anything Let’s Encrypt related in /var/log for the container… or anywhere in that container… I looked everywhere for something Let’s Encrypt related but found nothing.
Can you see anything about how the Let’s Encrypt client is set up inside the container? Could you conceivably run it interactively?
(There’s no guarantee that any particular kind of logging is happening—so we might ultimately end up pointing you to the people who developed the Docker image to ask them to add more logging or error reporting.)
Oh, another thing that I just noticed is that you have the port 443 redirection in place, which is a likely explanation for a failure here. There was a change last month which no longer allows port 443 to be used for validation for new issuances:
If this image was developed prior to that change and hasn't updated its software and/or documentation, that would be a very likely reason for the validation failures!
Wouldn’t it just try to validate over port 80 then? I have port 80 for that domain redirect to the one I’m using for http in the docker image (33333), so I’d imagine it should still work?
I didn’t find anything certbot related, so I don’t know how it works or how it’s used in this docker image. I’m guessing it uses built in GO functionality that acme/autocert somehow takes care of it all.
