Hello all !
Since a couple of days I have the following error while trying to generate a new certificate for my subdomain that saying the certificates are not found and so the container keeps restarting in loop.
I would like to mention that the only thing that change on the server is the fact that I added some iptables rules because my server got massively DDoS attacked/bruteforced. But nothing else has change in the server side, I didn't change any permissions for folders etc.. or something else.
I would also like to mention that all my subdomains have the same configuration and the other subdomains are working perfectly.
This one used to work perfectly also.
*Server version : *
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
When I run the initletsencrypt.sh :
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/husky/fullchain.pem
Key is saved at: /etc/letsencrypt/live/husky/privkey.pem
This certificate expires on 2023-07-19.
These files will be updated when the certificate renews.
NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See User Guide — Certbot 2.5.0 documentation for instructions.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
-
- Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt*
-
- Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation*
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation*
### Reloading nginx ...
Error response from daemon: Container CONTAINER_ID is restarting, wait until the container is running
When I check the logs from the nginx container (docker ps CONTAINER_ID), I have the following error :
I'm more interest about the certificate issue than the server issue :
2023/04/20 19:21:50 [emerg] 1#1: host not found in upstream "server:8000" in /etc/nginx/conf.d/app.conf:70
nginx: [emerg] host not found in upstream "server:8000" in /etc/nginx/conf.d/app.conf:70
2023/04/20 19:21:51 [emerg] 1#1: cannot load certificate "/opt/husky/bsc/release-data/certbot/conf/live/husky/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/opt/husky/bsc/release-data/certbot/conf/live/husky/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/opt/husky/bsc/release-data/certbot/conf/live/husky/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/opt/husky/bsc/release-data/certbot/conf/live/husky/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2023/04/20 19:21:52 [emerg] 1#1: cannot load certificate "/opt/husky/bsc/release-data/certbot/conf/live/husky/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/opt/husky/bsc/release-data/certbot/conf/live/husky/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
When I check the folder I have the files :
root@synan:/opt/husky/bsc/release-data/certbot/conf/live/husky# ls -l
total 4
-rw-r--r-- 1 root root 692 Apr 20 12:21 README
lrwxrwxrwx 1 root root 31 Apr 20 12:21 cert.pem -> ../../archive/husky/cert1.pem
lrwxrwxrwx 1 root root 32 Apr 20 12:21 chain.pem -> ../../archive/husky/chain1.pem
lrwxrwxrwx 1 root root 36 Apr 20 12:21 fullchain.pem -> ../../archive/husky/fullchain1.pem
lrwxrwxrwx 1 root root 34 Apr 20 12:21 privkey.pem -> ../../archive/husky/privkey1.pem
Also the interesting part of my docker-compose.yml file for this subdomain :
nginx:
image: nginx:1.21-alpine
restart: unless-stopped
volumes:
- ./release-data/nginx:/etc/nginx/conf.d
- ./release-data/certbot/conf:/etc/letsencrypt
- ./release-data/certbot/www:/var/www/certbot
ports:
- "8085:80"
- "4385:443"
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"'"
certbot:
image: certbot/certbot
restart: unless-stopped
volumes:
- ./release-data/certbot/conf:/etc/letsencrypt
- ./release-data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
volumes:
redis:
Do you have an idea ?
Thank you !