Docker certbot failed,Connection refused

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
bookstack.quantox.dev

I ran this command:
docker-compose run --rm certbot -v certonly --webroot --webroot-path /var/www/certbot/ -d bookstack.quantox.dev
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for bookstack.quantox.dev
Performing the following challenges:
http-01 challenge for bookstack.quantox.dev
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain bookstack.quantox.dev
http-01 challenge for bookstack.quantox.dev

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: bookstack.quantox.dev
Type: connection
Detail: *******: Fetching http://bookstack.quantox.dev/.well-known/acme-challenge/4CMOd8_q2m3f2pwZ54WfPAK0LUai-dbHxo5GYGfYIQ0: Connection refused

My web server is (include version):
Nginx
The operating system my web server runs on is (include version):
Ubuntu 20.04
My hosting provider, if applicable, is:
Cloudflare
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
docker image latest

It looks like the webserver you have running in your docker-compose set up, did not start properly.

Either that, or your domain is not pointing to the right server.

2 Likes

I am not sure about that. I am running this server on AWS Ec2 Instance. How to check if domain is not pointing to the right or wring server?

You could run curl ifconfig.me and confirm that the output is 18.158.222.31.

If the IP address is correct, then check that nginx is running before you run certbot, and that port 80 on the nginx container is being exposed to the host.

2 Likes

I checked all that. This is part of the docker-compose file
webserver:
image: nginx:alpine
container_name: webserver
restart: unless-stopped
tty: true
ports:
- "443:443"
- "80:80"
volumes:
- ./:/var/www
- ./nginx/conf.d/:/etc/nginx/conf.d/
- ./certbot/www:/var/www/certbot
- ./certbot/conf/:/etc/letsencrypt

Is the webserver container running right now? I can't access it.

1 Like

certbot:
image: docker.io/certbot/certbot:latest
volumes:
- ./certbot/www:/var/www/certbot
- ./certbot/conf/:/etc/letsencrypt

I will double check and will respond soon.

Note that I'm not a docker expert, but shouldn't the certbot docker command also have some volume options? For the /var/www/certbot/ path as wel as for /etc/letsencrypt/, so the certificates will be saved persistently instead of ephemeral?

2 Likes