Removed all files in letsencrypt/live/domain

I deployed web application and got ssl-certificate, it is working fine, but I needed to show certificate path when executing gunicorn (uvicorn) to use it for websocket connection and my application is running on docker, so I mounted letsencrypt/live/domain folder:
docker-compose.yml

nginx:
    build:
      context: .
      dockerfile: ./compose/production/nginx/Dockerfile
    image: app_nginx
    ports:
      - 8010:80
    depends_on:
      - django
    volumes:
      - /etc/letsencrypt/live/domain:/etc/letsencrypt/live/domain # added this line 

after that changes /etc/letsencrypt/live/domain folder became empty but site works and serves on https right now.
docker nginx.conf

upstream config {
	server django:5000;
}

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
	listen       80;

	location / {
		proxy_pass http://config;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Forwarded-Host $host;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;
		client_max_body_size 100M;
		proxy_redirect off;
		proxy_buffering off;
	}
	location /media/ {
		alias /usr/share/nginx/media/;
	}
	location /static/ {
		alias /usr/share/nginx/staticfiles/;
	}
}

host nginx file

server {

    server_name domain;

    location / {
        proxy_pass http://0.0.0.0:8010; # docker container listens here
        proxy_read_timeout 3600s;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_redirect off;
        proxy_buffering off;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    if ($host = domain) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = domain) {
        return 301 https://$host$request_uri;
    } # managed by Certbot



    server_name domain;
    listen 80;
    return 404; # managed by Certbot
}

Should I recreate certificate files or is there another way to fix them ?

/etc/letsencrypt/live only contains symlinks to /etc/letsencrypt/archive

You can recreate the symlinks, if they're not there anymore. (man ln)

Also, I see no reason for that container to mount that directory. Host nginx can probably proxy it all.

1 Like

I see there are files in archive but when run sudo ln -s /etc/letsencrypt/archive/domain/ /etc/letsencrypt/live/domain/ it created domain in red color. and also when connecting to websocket it gives error Error: Unexpected server response: 403 so i think i need to show certfiles

Yeah... They're individual symlinks. The archive directory contains a series of cert/privkey/fullchain files, not just the most current ones. It's like

live/fullchain.pem -> archive/fullchainN.pem

And so on, where N is some number.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.