I try to create a lets encrypt cert within my nginx docker container that gets successfully built within my gitlab ci pipeline:
FROM nginx:stable-alpine
FROM certbot/certbot:latest
ADD nginx.conf /etc/nginx/nginx.conf
ADD nginx-ssl.conf /etc/nginx/nginx-ssl.conf
COPY angular/dist/angular /usr/share/nginx/dev.domain.com
RUN certbot certonly --agree-tos --email tech@domain.com --webroot -w /usr/share/nginx/dev.comain.com -d dev.domain.com -d www.dev.domain.com || echo "ERROR: certbot certonly failed!"
RUN ls /etc/letsencrypt && (cat var/log/letsencrypt/letsencrypt.log || echo "ERROR: letsencrypt.log not found!") && rm /etc/nginx/nginx.conf && mv /etc/nginx/nginx-ssl.conf /etc/nginx/nginx.conf
EXPOSE 80 443
Unfortunately, this fails within my kubernetes cluster pod deployment with the following error:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll nee
d to manually configure your web server to use the resulting certificate.
Has anyone an idea on why the command “RUN certbot certonly (…)” gets ignored in regard to the docker context?
The nginx serving of my angular app without ssl on port 80 works perfectly…
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
server_name dev.domain.com www.dev.domain.com;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/dev.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dev.domain.com/privkey.pem; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
root /usr/share/nginx/dev.domain.com;
index index.html index.htm;
include /etc/nginx/mime.types;
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
location / {
try_files $uri $uri/ /index.html;
}
}
server {
if ($host = www.dev.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = dev.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name dev.domain.com www.dev.domain.com;
return 404; # managed by Certbot
}
}
I wasn’t currently able to test the nginx-ssl.conf because of this error, so I infered it from another server of mine with working certbot nginx auto config.