Dockerised nginx fails to load fullchain.pem

My domain is: dnaiq.co

I ran this command: sudo docker run -it --rm -p 443:443 -p 80:80 --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" quay.io/letsencrypt/letsencrypt:latest certonly

It produced this output:Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/dnaiq.co/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/dnaiq.co/privkey.pem
Your cert will expire on 2020-12-23.

My web server is (include version): nginx 1.17.4

The operating system my web server runs on is (include version): ubuntu 18

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot --version 1.8

the certs have all been generated and are accessible in the /etc/letsencrypt/live/dnaiq.co/ directory . the volume is accessible via dockerised nginx using a CLI and can see the certs and touch the directory they are in

but when nginx starts i get this error message when attempting to retrieve the SSL:

2020/09/25 11:49:47 [emerg] 1#1: cannot load certificate "/etc/letsencrypt/live/dnaiq.co/fullchain.pem": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/dnaiq.co/fullchain.pem": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

2 Likes

Hi @harry1,

The contents of that directory are symlinks to /etc/letsencrypt/archive, which also needs to be accessible in Docker—could you check on that?

3 Likes

thank you very much - that was it

2 Likes