Invalid response Docker

Hi there. Some time ago I followed this guide on how to create certificates with Docker. I managed to create a few certificates. Now after some time, I am trying to create a certificate for a new subdomain, however I keep failing even though I use the same method as before.

My domain is:

matrix.jeanclaudegraf.ch

I ran this command:

sudo docker run -it --rm
-v /docker-volumesII/etc/letsencrypt:/etc/letsencrypt
-v /docker-volumesII/var/lib/letsencrypt:/var/lib/letsencrypt
-v ${pwd}/letsencrypt-site:/data/letsencrypt
-v /docker-volumesII/var/log/letsencrypt:/var/log/letsencrypt
certbot/certbot
certonly --webroot
--register-unsafely-without-email --agree-tos
--webroot-path=/data/letsencrypt
--staging
-d www.matrix.jeanclaudegraf.ch -d matrix.jeanclaudegraf.ch

It produced this output:

Status: Downloaded newer image for certbot/certbot:latest
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for matrix.jeanclaudegraf.ch
http-01 challenge for www.matrix.jeanclaudegraf.ch
Using the webroot path /data/letsencrypt for all unmatched domains.
Waiting for verification...
Challenge failed for domain www.matrix.jeanclaudegraf.ch
Challenge failed for domain matrix.jeanclaudegraf.ch
http-01 challenge for www.matrix.jeanclaudegraf.ch
http-01 challenge for matrix.jeanclaudegraf.ch
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version):

Nginx 1.17.3

The operating system my web server runs on is (include version):

Debian Buster 10

My hosting provider, if applicable, is:

self-hosted

I can login to a root shell on my machine (yes or no, or I don't know):

yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

v0.37.1

My nginx.conf config:

server {
listen 80;
listen [::]:80;
server_name matrix.jeanclaudegraf.ch www.matrix.jeanclaudegraf.ch;

location ~ /.well-known/acme-challenge {
    allow all;
    root /usr/share/nginx/html;
}

root /usr/share/nginx/html;
index index.html;

}

The output of nginx:

[error] 6#6: *28 open() "/usr/share/nginx/html/.well-known/acme-challenge/zKCrvm-cIZqjv48nyCLvkKOuAjcski94DM8XVbxgpMo" failed (2: No such file or directory), client: xxx, server: matrix.jeanclaudegraf.ch, request: "GET /.well-known/acme-challenge/zKCrvm-cIZqjv48nyCLvkKOuAjcski94DM8XVbxgpMo HTTP/1.1", host: "matrix.jeanclaudegraf.ch"

Here to output of check-your-website.server-daten.de

When creating .well-known/acme-challenge/1234 in the webroot I am able to access that file via matrix.jeanclaudegraf.ch/.well-known/acme-challenge/1234.

Thank you very much in advance!

1 Like

Hi @jeanggi90

that's

your webroot, not that

So change your --webroot-path in your command.

1 Like

@JuergenAuer thanks for the quick response.

I have followed your advice and changed the webroot in the docker command:

sudo docker run -it --rm -v /docker-volumesII/etc/letsencrypt:/etc/letsencrypt -v /docker-volumesII/var/lib/letsencrypt:/var/lib/letsencrypt -v ${pwd}/letsencrypt-site:/usr/share/nginx/html -v /docker-volumesII/var/log/letsencrypt:/var/log/letsencrypt certbot/certbot certonly --webroot --register-unsafely-without-email --agree-tos --webroot-path=/usr/share/nginx/html --staging -d www.matrix.jeanclaudegraf.ch -d matrix.jeanclaudegraf.ch

Unfortunately, I keep getting the same certbot error as before.

1 Like

That file doesn't work, did you delete it?

What's the complete path? That should be your webroot. Perhaps remove the location definition.

Or there is something like a second vHost which is used instead.

1 Like

I am sorry. I had shutdown the webserver. Now it is up again and the file is reachable.

No there is not vHost, reverse proxy or anything.

EDIT1
Removing the location definition from the nginx.conf results in the same error.

1 Like

I have managed to debug and fix the problem. It was actually not certbot related, but Docker. The docker run command silently failed mounting letsencrypt-site. Hence the webroot of my nginx and certbot container where not linked. The problem was that ${pwd} is invalid but $(pwd), ${PWD} and $PWD are be correct.

@JuergenAuer I am very sorry to have bothered you and very grateful for you help!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.