I can't get a certificate

Hello everyone.

=====

My domain is: biz.freemyip.com

I ran this command: $ cerbot certonly
$ 1
$ biz.freemyip.com

It produced this output: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Could not bind TCP port 80 because it is already in use by another process on
this system (such as a web server). Please stop the program in question and then
try again.


My web server is (include version): docker-proxy

The operating system my web server runs on is (include version): Linux server 5.15.0-56-generic #62-Ubuntu SMP x86_64 GNU/Linux

My hosting provider, if applicable, is: njal.la

I can login to a root shell on my machine (yes or no, or I don't know): Yes i can

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO, sir

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0

=====

I tried to install nextcloud on VPS following this way:

$ apt install docker.io docker-compose

$ git clone GitHub - nextcloud/docker: ⛴ Docker image of Nextcloud

$ cd docker/.examples/docker-compose/with-nginx-proxy/postgres/fpm/

$ vim db.env POSTGRES_PASSWORD=MySecretPassword

$ vim docker-compose.yml VIRTUAL_HOST=yourhost.domain.com LETSENCRYPT_HOST=yourhost.domain.com LETSENCRYPT_EMAIL=youremail@yourmail.com

$ docker-compose up -d

"When installed this way, NextCloud itself will go and get the Let's Encrypt certificate, install it, and add a task to the scheduler that will automatically renew the certificate every few months,” this instruction said.
"You just had to go to your domain and continue installing NextCloud through the web interface."
But instead I see an error: net::ERR_CONNECTION_TIMED_OUT

Later I tried to manually create a certificate with certbot, also without success. As far as I understand, the problem is in docker.
(I ran this command: $ cerbot certonly
$ 1
$ biz.freemyip.com

It produced this output: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Could not bind TCP port 80 because it is already in use by another process on
this system (such as a web server). Please stop the program in question and then
try again.

                                                                                • )

    Judging by similar topics here on the forum, I realized that this can be done manually. But I'm a noob. So I will be glad, if not a direct algorithm of actions, then links that can shed light on my problem.

    Thanks in advance and good luck everyone.

2 Likes

Hi @DemoDemo, and welcome to the LE community forum :slight_smile:

That message seems pretty clear.

Let's begin at the beginning.
What shows?:
certbot certificates

Was that run inside the docker container?
[it doesn't look that way to me]

6 Likes

Hi @rg305 , thanks :slight_smile:

$ certbot certonly

Output


No certificates found.


I tried it in a container called fpm_letsencrypt-companion_1. the result is similar.
here is a list of all containers, their status and ports. Apparently i need to change the port settings?

$ docker ps

CONTAINER ID
IMAGE
COMMAND
CREATED
STATUS
PORTS NAMES

75d3f34b160a
fpm_web
"/docker-entrypoint.…"
2 days ago
Up 21 minutes
80/tcp fpm_web_1

2acfbb396ee1
nginxproxy/acme-companion
"/bin/bash /app/entr…"
2 days ago
Restarting (1) 50 seconds ago fpm_letsencrypt-companion_1

e2538b1752c2
nextcloud:fpm-alpine
"/entrypoint.sh php-…"
2 days ago
Restarting (14) 54 seconds ago fpm_app_1

7a24df389a3a
nextcloud:fpm-alpine
"/cron.sh"
2 days ago
Up 21 minutes
9000/tcp fpm_cron_1

2669cacb0c8b
redis:alpine
"docker-entrypoint.s…"
2 days ago
Up 21 minutes
6379/tcp fpm_redis_1

e1576a5744c8
fpm_proxy
"/app/docker-entrypo…"
2 days ago
Up 21 minutes
0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp fpm_proxy_1

5d766e080ba3
postgres:alpine
"docker-entrypoint.s…"
2 days ago
Up 21 minutes
5432/tcp fpm_db_1

1 Like

What protocol are you serving on Port 80?

$ nmap -Pn -p80,443 biz.freemyip.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-09-09 17:19 PDT
Nmap scan report for biz.freemyip.com (80.78.27.240)
Host is up (0.15s latency).
rDNS record for 80.78.27.240: 504e1bf0.host.njalla.net

PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https

As curl -Ii http://biz.freemyip.com just sits forever, so I do not believe that Port 80 is serving the HTTP Protocol.

$ curl -Ii http://biz.freemyip.com

And using this online tool https://check-host.net/ yields "Connection refused" Permanent link to this check report

3 Likes

What shows?:
netstat -pant | grep -i listen

4 Likes
netstat -pant | grep -i listen
tcp        0      0 127.0.0.54:53           0.0.0.0:*               LISTEN      91/systemd-resolved
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      91/systemd-resolved
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      335/docker-proxy
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      105/sshd: /usr/sbin
tcp        0      0 127.0.0.1:45433         0.0.0.0:*               LISTEN      101/containerd  
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      314/docker-proxy
tcp6       0      0 :::80                   :::*                    LISTEN      341/docker-proxy
tcp6       0      0 :::22                   :::*                    LISTEN      105/sshd: /usr/sbin
tcp6       0      0 :::443                  :::*                    LISTEN      320/docker-proxy
1 Like

how can I find out?

1 Like

By find out which program is binding to Port 80.

2 Likes

Looks like Docker is proxying those ports.

5 Likes

this problem can be solved by editing the docker-compose.yml ?

$ less docker-compose.yml 

version: '3'              

services:                                         
    db:                                               
         image: postgres:alpine                         
         restart: always                               
         volumes:                                         
             - db:/var/lib/postgresql/data:Z              
         env_file:                                         
              - db.env    
                              
  redis:
       image: redis:alpine
       restart: always
                             
   app:                                           
        image: nextcloud:fpm-alpine                     
        restart: always                                 
        volumes:                                          
            - nextcloud:/var/www/html:z 
        environment:                                     
             - POSTGRES_HOST=db                             
             - REDIS_HOST=redis                           
        env_file:                                         
             - db.env                                      
        depends_on:
             - db
             - redis

   web:
        build: ./web
        restart: always
        volumes:
            - nextcloud:/var/www/html:z,ro
        environment:
            - VIRTUAL_HOST=biz.freemyip.com
            - LETSENCRYPT_HOST=biz.freemyip.com                       - LETSENCRYPT_EMAIL=Mrdemocrat@tuta.io
       depends_on:
            - app
       networks:
            - proxy-tier                                   
            - default

  cron:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
        - nextcloud:/var/www/html:z
    entrypoint: /cron.sh
    depends_on:
       - db
       - redis

  proxy:                                            
      build: ./proxy
      restart: always                                 
      ports:                                            
           - 80:80
           - 443:443
      labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
       volumes:
           - certs:/etc/nginx/certs:z,ro
           - vhost.d:/etc/nginx/vhost.d:z
           - html:/usr/share/nginx/html:z
           - /var/run/docker.sock:/tmp/docker.sock:z,ro
       networks:
           - proxy-tier

   letsencrypt-companion:
      image: nginxproxy/acme-companion
      restart: always
      volumes:
          - certs:/etc/nginx/certs:z
          - acme:/etc/acme.sh:z
          - vhost.d:/etc/nginx/vhost.d:z
          - html:/usr/share/nginx/html:z
          - /var/run/docker.sock:/var/run/docker.sock:z,ro
      networks:
          - proxy-tier
      depends_on:                                       
          - proxy              
                     
# self signed
#    omgwtfssl:
#          image: paulczar/omgwtfssl
#          restart: "no"
#          volumes:
#              - certs:/certs
#          environment:
#              - SSL_SUBJECT=servhostname.local
#              - CA_SUBJECT=my@example.com
#              - SSL_KEY=/certs/servhostname.local.key  
#              - SSL_CSR=/certs/servhostname.local.csr
#              - SSL_CERT=/certs/servhostname.local.crt
#          networks:
#              - proxy-tier

volumes:
    db:
    nextcloud:
    certs:
    acme:
    vhost.d:                                        
    html:                  
                       
    networks:
        proxy-tier:

Have you looked at the README instructions and followed them precisely on Github?

Preface: I am not by any means a pro with docker / Nextcloud, but I noticed this..

Pertinent to you? :

docker run -d -p 8080:80 nextcloud

or (also in readme):

  app:
    image: nextcloud
    restart: always
    ports:
      - 8080:80

^ May help your port 80 being blocked issue when doing a LE web port validation. (?)
This should expose port 80 but run on 8080.

As mentioned, I do not know enough about how NC and LE work together in docker. Figured I would put my 2 cents here for you, though.

1 Like

That may be the other way around.
[but I'm also not a docker pro]

5 Likes

On an unrelated side note:
I prefer using the cube root of 31 instead of 22/7ths - LOL

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.