My domain is: aventastroy . ru
I ran this command: ./ssl_init.sh aventastroy.ru
Script:
#!/bin/bash
#from: https://raw.githubusercontent.com/wmnnd/nginx-certbot/master/init-letsencrypt.sh
domain=$1
rsa_key_size=4096
data_path="./data/certbot"
email="myemail@ya.ru" # Adding a valid address is strongly recommended
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
if [ ! -d "$data_path/conf" ]; then
mkdir -p "$data_path/conf"
fi
echo "### Creating dummy certificate for $domain ..."
path="/etc/letsencrypt/live/$domain"
docker-compose run --rm --entrypoint "\
mkdir -p '$path'" certbot
echo
docker-compose run --rm --entrypoint "\
openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 3650\
-keyout '$path/privkey.pem' \
-out '$path/fullchain.pem' \
-subj '/CN=$domain'" certbot
echo
echo "### Starting nginx ..."
docker-compose up --force-recreate -d nginx
echo
echo "### Deleting dummy certificate for $domain ..."
docker-compose run --rm --entrypoint "\
rm -Rf /etc/letsencrypt/live/$domain && \
rm -Rf /etc/letsencrypt/archive/$domain && \
rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
echo
# Select appropriate email arg
case "$email" in
"") email_arg="--register-unsafely-without-email" ;;
*) email_arg="--email $email" ;;
esac
# Enable staging mode if needed
if [ $staging != "0" ]; then staging_arg="--staging"; fi
docker-compose run --rm --entrypoint "\
certbot certonly --webroot -w /var/www/ \
$staging_arg \
$email_arg \
-d $domain \
--rsa-key-size $rsa_key_size \
--agree-tos \
--force-renewal" certbot
echo
echo "### Reloading nginx ..."
docker-compose exec nginx nginx -s reload
My Docker-compose.yml:
version: "2"
services:
nginx:
build:
context: ./nginx
args:
user_uid: "$user_uid"
user_gid: "$user_gid"
container_name: nginx
depends_on:
- source
- php-fpm
volumes_from:
- source
ports:
- "80:80"
- "443:443"
networks:
- mynet
restart: always
php-fpm:
build:
context: ./php-fpm
args:
user_uid: "$user_uid"
user_gid: "$user_gid"
container_name: php-fpm
expose:
- "9000"
volumes_from:
- source
links:
- mysql
networks:
- mynet
restart: always
certbot:
image: certbot/certbot
container_name: certbot
volumes_from:
- source
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
source:
image: alpine
container_name: source
volumes:
- ./data/logs/mysql:/var/log/mysql
- ./data/mysql:/var/lib/mysql
- ./data/logs/nginx:/var/log/nginx
- ./data/logs/msmtp/:/var/log/msmtp/
- ./data/.msmtprc:/var/.msmtprc
- ./www:/var/www
- ./data/logs/letsencrypt:/var/log/letsencrypt
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/.well-known/acme-challenge
networks:
- mynet
networks:
mynet:
driver: bridge
ipam:
driver: default
config:
- subnet: 10.100.254.0/24
I have error:
Requesting a certificate for aventastroy.ru
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: aventastroy.ru
Type: unauthorized
Detail: Invalid response from http://aventastroy.ru/.well-known/acme-challenge/p2npNEqNVYaliyaacFa8Z0d_QDwZXV0EexXxkav3Ggo [2a03:6f00:1::5c35:7d24]: "<!DOCTYPE html>\n\n\n<html lang=\"ru\">\n <head>\n <base href=\"http://aventastroy.ru/\"/>\n <meta name=\"viewport\" content=\"wi"
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
There are no files in the /.well-known/acme-challenge folder. Please help me, what's wrong?
