Docker certbot unable to renew ssl

MatteoPossamai · May 29, 2023, 7:37pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:
I have my VPS online with my project live, with a SSL certificate, that I need to renew because I need SSH in order for it ti properly function. Here is the problem: I am not able to renew it.

In my docker compose file, there is the nginx configuration, and here is the code:

  nginx:
    restart: always
    build: ./nginx/
    environment:
      - CERTBOT_EMAIL=my.email@gmail.com
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - www-certs:/etc/letsencrypt

Here is the docker image configurations:

FROM staticfloat/nginx-certbot:latest

# Copy our custom nginx config
COPY ./default.conf /etc/nginx/conf.d/default.conf

And then I set up all the nginx configurations in the default.conf file in the following way:

server {

    listen 80;
    listen [::]:80;
    server_name api.my-table.it www.api.my-table.it localhost;

    location /.well-known/acme-challenge/ {
        root /var/www/html;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}


server {

    listen 443 ssl;
    listen [::]:443 ssl;
    server_name api.my-table.it www.api.my-table.it localhost 127.0.0.1;

    ssl_certificate     /etc/letsencrypt/live/api.my-table.it/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/api.my-table.it/privkey.pem;

    charset utf-8;

    proxy_connect_timeout 600;
    proxy_send_timeout 600;
    proxy_read_timeout 600;
    send_timeout 600;


    # max upload size
    client_max_body_size 512M;  

    # add the responde for the ACME challenge
    location /.well-known/acme-challenge/ {
        root /var/www/html;
    }

    location / {
        proxy_pass http://my_table:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

And when I hit docker-compose up all starts to load, but the challenge fails. Now I will copy some of the output code I get:

nginx_1     | Waiting for verification...
nginx_1     | 2023/05/29 19:08:28 [error] 23#23: *1 open() "/var/www/html/.well-known/acme-challenge/Ze82Yq4XNerlLnxaH479HG1NfcOIdEwZfEyH-I4nxqg" failed (2: No such file or directory), client: 54.149.190.27, server: api.my-table.it, request: "GET /.well-known/acme-challenge/Ze82Yq4XNerlLnxaH479HG1NfcOIdEwZfEyH-I4nxqg HTTP/1.1", host: "api.my-table.it"
nginx_1     | 54.149.190.27 - - [29/May/2023:19:08:28 +0000] "GET /.well-known/acme-challenge/Ze82Yq4XNerlLnxaH479HG1NfcOIdEwZfEyH-I4nxqg HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx_1     | 2023/05/29 19:08:28 [error] 23#23: *2 open() "/var/www/html/.well-known/acme-challenge/Ze82Yq4XNerlLnxaH479HG1NfcOIdEwZfEyH-I4nxqg" failed (2: No such file or directory), client: 23.178.112.106, server: api.my-table.it, request: "GET /.well-known/acme-challenge/Ze82Yq4XNerlLnxaH479HG1NfcOIdEwZfEyH-I4nxqg HTTP/1.1", host: "api.my-table.it"
nginx_1     | 23.178.112.106 - - [29/May/2023:19:08:28 +0000] "GET /.well-known/acme-challenge/Ze82Yq4XNerlLnxaH479HG1NfcOIdEwZfEyH-I4nxqg HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx_1     | 2023/05/29 19:08:28 [error] 23#23: *3 open() "/var/www/html/.well-known/acme-challenge/Ze82Yq4XNerlLnxaH479HG1NfcOIdEwZfEyH-I4nxqg" failed (2: No such file or directory), client: 3.19.218.166, server: api.my-table.it, request: "GET /.well-known/acme-challenge/Ze82Yq4XNerlLnxaH479HG1NfcOIdEwZfEyH-I4nxqg HTTP/1.1", host: "api.my-table.it"
nginx_1     | 3.19.218.166 - - [29/May/2023:19:08:28 +0000] "GET /.well-known/acme-challenge/Ze82Yq4XNerlLnxaH479HG1NfcOIdEwZfEyH-I4nxqg HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
nginx_1     | Challenge failed for domain api.my-table.it
nginx_1     | http-01 challenge for api.my-table.it
nginx_1     | Cleaning up challenges

It looks like there is no correct /var/www/html/ directory, but I dont' know why, since I created the certificate, and never touched it again

Can someone please help me figuring out and fix it? Please

rg305 · May 29, 2023, 10:02pm

Try changing the root to some path within that volume.

should be something like:
root /etc/letsencrypt/challenges;

You may have to create that folder:
mkdir /etc/letsencrypt/challenges

OR
add access to that volume
[but I would NOT recommend doing that]

system · June 28, 2023, 10:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to renew certificates with certbot renew inside docker container Help	12	6265	February 18, 2022
Certbot renew doesn't work :( Help	12	506	May 19, 2024
SSL Renew Issue Help	15	646	January 19, 2023
I cant renew certificates without stopping nginx on docker Help	5	3151	November 26, 2021
Error when renewing cert Help	7	827	November 4, 2021

Docker certbot unable to renew ssl

Related topics