Creating km_certbot_run ... done
Generating a RSA private key
...+++++
......................................+++++
writing new private key to '/etc/letsencrypt/live/prokom.dev/privkey.pem'
-----
### Starting nginx ...
Recreating km_mysql_1 ... done
Recreating km_keycloak_1 ... done
Recreating km_km-app_1 ... done
Recreating km_nginx_1 ... done
### Deleting dummy certificate for prokom.dev ...
Creating km_certbot_run ... done
### Requesting Let's Encrypt certificate for prokom.dev ...
Creating km_certbot_run ... done
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for prokom.dev and www.prokom.dev
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: prokom.dev
Type: connection
Detail: Fetching http://prokom.dev/.well-known/acme-challenge/5mZ4xuxyHgpSsAiWZK-Df8HyQFNzvHrNBMiFvIe9bzA: Connection refused
Domain: www.prokom.dev
Type: connection
Detail: Fetching http://www.prokom.dev/.well-known/acme-challenge/y1Z9n3yY5bUGqA0DKCMmVKIdYThx4QU9qGFRShHy_Wk: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
### Reloading nginx ...
ERROR: No container found for nginx_1
For last 2 years this was working. Suddenly today its not able to generate certificates
The script that is running sounds like a terrible script called "init-letsencrypt.sh" or something. Where is that script being run in your setup? It isn't mentioned in your Docker file.
Also, at the moment your site is completely down. It isn't answering on port 80 nor on port 443.
I recommend to get your websites basic function up and running again and find out why that terrible init-letsencrypt.sh is running and kill it.. Kill it with fire.
I know the script. It's terrible. Don't use it, especially if you already have certbot certificates issued already, as it deletes perfectly good certificates for no good reason.
I wasn't asking where you downloaded the script from, I was trying to figure out where it's being run in your setup! As it isn't mentioned anywhere in your Docker file. I'll rephrase my post.
Right but when I run directly without the script because the certificate are deleted nginx does not run because it needs cert. Gives the following error
Attaching to km_nginx_1
nginx_1 | 2022/01/02 20:35:41 [emerg] 11#11: cannot load certificate "/etc/letsencrypt/live/prokom.dev/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/prokom.dev/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx_1 | nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/prokom.dev/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/prokom.dev/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
Well.. Yes.. That's because the script is intended (and even then it's terrible the way it's doing things) to be run once, not when there's a perfectly good Let's Encrypt certificate already issued. At least, I assume all the previous certificates for your hostname were already issued to this system.
I don't have any experience with Docker (and I want to keep it that way), so I'm not sure why the script is failing now. I only know nginx isn't running now and apparently the init-letsencrypt.sh doesn't seem to be able to get nginx started too.
My suggestion: comment out the HTTPS server block from your nginx configuration and find a better way to issue certificates using certbot and Docker and forget about that init-letsencrypt.sh script.
Creating km_certbot_run ... done
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Simulating a certificate request for prokom-na.org and www.prokom-na.org
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: prokom-na.org
Type: connection
Detail: Fetching https://www.prokom-na.org/.well-known/acme-challenge/n9zmMdlitCwQvtKAy9HR9SrwcnxXAtCyuU8HOdYLvtc: Connection refused
Domain: www.prokom-na.org
Type: connection
Detail: Fetching https://www.prokom-na.org/.well-known/acme-challenge/AvvyoHJfXOT6hhqTZwk8F6R5XJ094a2DXIbDQb-ppU0: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
There's still a HTTP to HTTPS redirect in your HTTP server block. That redirect isn't working now, as there is no HTTPS server currently listening. You can only set up the HTTPS part again after you get a certificate and only then you need to enable the redirect again.
At least your HTTP nginx is working again it seems
That soulds plausible indeed, one would expect that. However, from the error message from the Let's Encrypt validation server:
You can see it tried to fetch the token using the https:// protocol. It only does that when it received a HTTP to HTTPS redirect, as the http-01 challenge always starts using http:// on port 80.
So for some reason the location block isn't working. I'm not familiair enough with nginx to debug that properly though.. (Apache guy myself..)
