I have to renew my certbot certificate, each time I restart docker containers. How to solve it?

ziedHamdi · May 10, 2022, 6:37am

Each time I restart docker-compose up, I have to run this command:
docker exec -it nginx certbot -d app.weally.org

If I don't run it, the website is not accessible

It produces this output:

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Deploying certificate
Successfully deployed certificate for app.weally.org to /etc/nginx/conf.d/app.conf
Congratulations! You have successfully enabled HTTPS on https://app.weally.org

My web server is (include version): nginx:1.21-alpine (through docker)

The operating system my web server runs on is (include version): Ubuntu 21.04

My hosting provider, if applicable, is: OVH (Kimsufi)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.27.0

My nginx docker image is the following

FROM nginx:1.21.1-alpine

COPY ./data/nginx/. /etc/nginx/conf.d/.

RUN apk add python3 python3-dev py3-pip build-base libressl-dev musl-dev libffi-dev rust cargo
RUN pip3 install pip --upgrade
RUN pip3 install certbot-nginx
RUN mkdir /etc/letsencrypt

And the docker-compose config is :

  nginx:
    container_name: nginx
    image: 'nginx:1.21-alpine-modified'
    ports:
      - "80:80"
      - "443:443"
    depends_on:
      - graphql_server
      - next_server
    volumes:
      - ./data/nginx:/etc/nginx/conf.d
      - ./data/nginx/cache:/var/cache/nginx
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    networks:
      - weally
    command: tail -f /dev/null

I can't figure out, what happens to the nginx config that obliges me to rerun certbot on each restart

9peppe · May 10, 2022, 6:51am

Run ls -la /etc/nginx in the container, pls.

rg305 · May 10, 2022, 7:41am

That looks like it would always put the same "original" content.

system · June 9, 2022, 7:41am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.