Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output: Attaching to certbot
certbot | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot | Certificate not yet due for renewal
certbot |
certbot | You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
certbot | (ref: /etc/letsencrypt/renewal/ft1.hedgx.io.conf)
certbot |
certbot | What would you like to do?
certbot | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certbot | 1: Keep the existing certificate for now
certbot | 2: Renew & replace the certificate (may be subject to CA rate limits)
certbot | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certbot | An unexpected error occurred:
certbot | EOFError
certbot | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
certbot | Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
My web server is (include version): NGIX
The operating system my web server runs on is (include version): Ubuntu 20.04
My hosting provider, if applicable, is: Oracle
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
If you are running Certbot in Docker non-interactively, you will need to pass --non-interactive to Certbot. I suspect the EOF is probably from Certbot trying to get user input during that "What would you like to do?" prompt.
That seemed to help. Now when I run docker-compose up the webserver falls over looking for an nginx conf file. I'm not sure whether its a certbot issue or an nginx issue, This is my output.
webserver | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
webserver | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
webserver | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
webserver | 10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf is not a file or does not exist
webserver | /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
webserver | /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
webserver | /docker-entrypoint.sh: Configuration complete; ready for start up
webserver | 2022/10/11 17:31:07 [emerg] 1#1: cannot load certificate "/etc/letsencrypt/live/hedgx.io/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/hedgx.io/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
webserver | nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/hedgx.io/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/hedgx.io/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
This is my latest output- Certbot webroot exit's 0 however it doesn't seem that certbot is downloading a certificate to the server
ubuntu@instance-20221009-1127:/ft_userdata$ docker-compose ps
Name Command State Ports
----------------------------------------------------------------------------------------------------------------------------
certbot certbot certonly --webroot ... Exit 0
freqtrade freqtrade trade --logfile ... Up 0.0.0.0:8080->8080/tcp,:::8080->8080/tcp
webserver /docker-entrypoint.sh ngin ... Up 0.0.0.0:443->443/tcp,:::443->443/tcp, 0.0.0.0:80->80/tcp,:::80->80/tcp
ubuntu@instance-20221009-1127:/ft_userdata$ docker-compose logs certbot
Attaching to certbot
certbot | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot | Simulating a certificate request for ft1.hedgx.io
certbot | The dry run was successful.
ubuntu@instance-20221009-1127:/ft_userdata$ docker-compose exec webserver ls -la /etc/letsencrypt/live
ls: /etc/letsencrypt/live: No such file or directory
CAN SOMEONE PLEASE EXPLAIN TO ME WHY THIS IS HAPPENING? YOUR SOFTWARE DOESN'T WORK WITH DOCKER COMPOSE. CAN SOMEONE PLEASE RESPOND WITH AN ANSWER.
certbot | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot | Simulating a certificate request for ft1.hedgx.io
certbot |
certbot | Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
certbot | Domain: ft1.hedgx.io
certbot | Type: connection
certbot | Detail: 140.238.194.78: Fetching http://ft1.hedgx.io/.well-known/acme-challenge/TBnzT-LavCVBPDvqybUkDN1P0qghwHDV-FdslH62llU: Connection refused
certbot |
certbot | Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
certbot |
certbot | Some challenges have failed.
certbot | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
I have been trying to resolve this issue for over 20 days now and no-one from Certbot has responded to my repeated requests for assistance. Why is this?
Attaching to certbot
certbot | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot | Simulating a certificate request for ft1.hedgx.io
certbot |
certbot | Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
certbot | Domain: ft1.hedgx.io
certbot | Type: connection
certbot | Detail: 140.238.194.78: Fetching http://ft1.hedgx.io/.well-known/acme-challenge/TBnzT-LavCVBPDvqybUkDN1P0qghwHDV-FdslH62llU: Connection refused
certbot |
certbot | Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
certbot |
certbot | Some challenges have failed.
certbot | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Mostly it looks like you have problems setting up docker. I don't know it well enough to advise but I can explain what you saw in your post #7. When you use the --dry-run option that just tests the cert request but does not get a cert. The --staging option gets a cert but one that is not valid for practical purposes. These options are helpful when setting up a new system to avoid stricter rate limits on the production system. But, once your system is stable you need to remove them to get a production cert.
For your other docker setup problems, perhaps this certbot topic will help
As for your most recent problem "connection refused" that is because the Let's Encrypt servers cannot reach your domain to verify control. You could use the Let's Debug test system to ensure connectivity (it currently gets refused also).
This issue has been fixed and you can connect through port 80 if you run your test. I have also verified that new ssl certificates are in the correct folders installed using certbot classic. As soon as I start certbot with docker it would appear to knock out iptables.