I did implement a docker container with nginx, and can successfully renew certificates with certbot. But new certificates only are being applied in case I stop/start the nginx container. How can I avoid restarting nginx container?
CAB forum requirements specify HTTP [TCP port 80] for ACME challenges.
You can't validate via port 8080 [even if redirected, LE will not follow to such a port].
That said, I see that you have nginx running on port 80:
You could use nginx to proxy the inbound HTTP ACME challenge requests to port 8080.
Allowing certbot to respond to those requests.
That said, nginx is often used to validate the ACME challenge requests.
So, you have choices.
[not sure why you have used the two containers]
Sorry but I couldn't understand the ports issue. From what I understood, the cert files are being written in an external/shared folder, therefore ports are not in use. Seems that nginx makes a copy of those cert files when the container is started, and just ignores whenever those files are updated.
Indeed, the initial idea was to have a single container with nginx and certbot together, but I faced some troubles trying to achieve this. While attempting this, I realized that having separeted containers would allow me to always apply latest certbot image while being fixed to a specific nginx image (required at our project for safety purposes).
@9peppe@MikeMcQ
I've had previously tried nginx -s reload and it didn't reloaded with the updated files.
I've then entered the container to check files, and notice they kept the same content.
Only way to really update those files contents was to stop/start de container itself.
If it's the same bind mount for nginx and certbot, it should work. I'm not sure, tho. Try going inside the container and ls or cat-ing stuff.
Note that docker exec and docker run do different things. You want exec. If you use run, your command will be executed in a new nginx container, not the one you want to reload.
I've first created those folders /root/nginx/ in the VM, then made the docker container run commands shown above. At the first run, the nginx.conf version file was a simple version of server blocks just to create the first certificates with certbot. After they were created, I've updated nginx.conf with additional requirements (SSL and HTTPS forwarding) to the steady onwards network operation.
Please notice that to apply the new nginx.conf contents, I had first to stop then start the nginx container.
Then I've updated those certificates with the certbot container. Files at /root/nginx were correctly updated, but nginx still wouldn't apply them until a stop/start operation was done.
Considering the above, maybe I'm facing a docker issue rather than a certbot issue.
Well, I don't know what to say... what wasn't working yesterday, today worked.
I've checked those cert files (command ls ´l) and confirmed that they now are being the same version both from VM files and from within container (as expected) -- this wasn't happening yesterday, only if I did a stop/start that they would be updated within container.
Now with the new files version available inside the container, the command below worked as expected.
