[Errno 21] Is a directory: '/var/log/letsencrypt/letsencrypt.log' certbot | Either run as root,

Hello Guys
[Errno 21] Is a directory: '/var/log/letsencrypt/letsencrypt.log'
certbot | Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
certbot | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-936th5v1/log or re-run Certbot with -v for more details.

I start docker compose with certbot
certbot:
image: certbot/certbot
container_name: certbot
volumes:
- ./certbot/cert:/etc/letsencryp
- ./certbot/lib:/var/lib/letsencrypt
- ./certbot/www:/var/www/certbot
- ./certbot/logs:/var/log/letsencrypt/letsencrypt.log
- ./certbot/tmp:/tmp/certbot-log-16g9gk7g/log
command: certonly --webroot -w /var/www/certbot --email tsg-go@mail.ru --rsa-key-size 4096 --agree-tos --force-renewal -d tsgame-go.com -d www.tsgame-go.com
networks:
- webnet
logs not write problem it require root
Whats a problem here

Certbot will write to a file named letsencrypt.log in a folder named /var/log/letsencrypt

You have defined that file as a docker volume (which is a folder instead)

Further, --force-renewal should not be used. This will likely lead to you becoming rate limited and thus blocked from getting certs (possibly for up to a week).

3 Likes

I see recomendation and use

Saving debug log to /home/dolary/game-go/certbot/logs/letsencrypt.log
certbot | Skipped user interaction because Certbot doesn't appear to be running in a terminal. You should probably include --non-interactive or --force-interactive on the command line.
certbot | Account registered.
certbot | Requesting a certificate for tsgame-go.com and www.tsgame-go.com
certbot |
certbot | Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
certbot | Domain: www.tsgame-go.com
certbot | Type: unauthorized
certbot | Detail: During secondary validation: 89.35.125.9: Invalid response from http://www.tsgame-go.com/.well-known/acme-challenge/dehzdLCeHGvt_qB-IFMLfk6espTXvn2RNVWd7GzDh_U: 404
certbot |
certbot | Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
certbot |
certbot | Some challenges have failed.
certbot | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /home/dolary/game-go/certbot/logs/letsencrypt.log or re-run Certbot with -v for more details.
it is answer

You have two A records in your DNS for that domain. They point to different servers or at least get responses from different nginx configurations.

tsgame-go.com. 0 IN A 185.129.49.158
tsgame-go.com. 0 IN A 89.35.125.9

The server at each of those IP must respond correctly to the challenge. One of yours does but the other does not. Getting a cert for a multiple IP system (like a load balancer or similar) takes special care.

Usually this error is because you forgot to remove an unused IP address. Most systems only have one IP that points to their current server.

2 Likes

MikeMcQ than you Yes I remove it and get success

2 Likes

That seems misspelled.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.