SSl certificates failed to generate

when i execute init-letsencrypt.sh file for domain registeration it give me the following error

erisp1366×767 62 KB

My domain is: demo.erisp.co

I ran this command: ./init-letsencrypt.sh

The operating system my web server runs on is (include version): ubuntu

My hosting provider, if applicable, is: godaddy

Please don't use init-letsencrypt.sh. Your certificate is saved in the location specified in the output in the screenshot. You should change the nginx configuration to reflect that exact location: notice that the current certificate has -0001 in the directory name while nginx is looking for a directory without that.

when i generate certificates for other domains it successfully create with this init-letesencrypt.sh but when i try to execute init file for this domain demo.erisp.co it give me the error which i share in the screenshot

Did you read the previous post?:

The webserver is trying to load a certificate file that no longer exists.
The certificate file that does exists now has -0001 in the name/location.

Are you on the same system as your previous pic?:

Maybe that stupid script deleted everything again? With risk of hitting rate limits.

yes i am in the same system

this is my init-letsencrypt.sh file
cat init-letsencrypt.sh

#!/bin/bash

if ! [ -x "$(command -v docker-compose)" ]; then
  echo 'Error: docker-compose is not installed.' >&2
  exit 1
fi

domains=(erp.erisp.co)
rsa_key_size=4096
data_path="./data/certbot"
email="" # Adding a valid address is strongly recommended
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits

if [ -d "$data_path" ]; then
  read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
  if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
    exit
  fi
fi


if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
  echo "### Downloading recommended TLS parameters ..."
  mkdir -p "$data_path/conf"
  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
  echo
fi

echo "### Creating dummy certificate for $domains ..."
path="/etc/letsencrypt/live/$domains"
mkdir -p "$data_path/conf/live/$domains"
docker-compose run --rm --entrypoint "\
  openssl req -x509 -nodes -newkey rsa:1024 -days 1\
    -keyout '$path/privkey.pem' \
    -out '$path/fullchain.pem' \
    -subj '/CN=localhost'" certbot
echo


echo "### Starting nginx ..."
docker-compose up --force-recreate -d nginx
echo

echo "### Deleting dummy certificate for $domains ..."
docker-compose run --rm --entrypoint "\
  rm -Rf /etc/letsencrypt/live/$domains && \
  rm -Rf /etc/letsencrypt/archive/$domains && \
  rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
echo


echo "### Requesting Let's Encrypt certificate for $domains ..."
#Join $domains to -d args
domain_args=""
for domain in "${domains[@]}"; do
  domain_args="$domain_args -d $domain"
done

# Select appropriate email arg
case "$email" in
  "") email_arg="--register-unsafely-without-email" ;;
  *) email_arg="--email $email" ;;
esac

# Enable staging mode if needed
if [ $staging != "0" ]; then staging_arg="--staging"; fi

docker-compose run --rm --entrypoint "\
  certbot certonly --webroot -w /var/www/certbot \
    $staging_arg \
    $email_arg \
    $domain_args \
    --rsa-key-size $rsa_key_size \
    --agree-tos \
    --force-renewal" certbot
echo

echo "### Reloading nginx ..."
docker-compose exec nginx nginx -s reload

Well that is not good!

Yeah, that script really is terrible..

so what can i do now kindly give me a solution

#1: Don't use that script [ever again]

#2: Start over [even if you have to begin at the beginning]
You already have certbot installed, and we know that can get certs - I'd use that directly.

first of all our organization using certbot in nginx docker-compose file and we have configure many domains through this script but we face the issue only with this domain we have done the correct dns configuration in godaddy but still we face the issue

here is my nginx docker compose file

version: '3'
services:
  nginx:
    image: nginx:1.13
    container_name: nginx
    logging:
      options:
        max-size: "10m"
        max-file: "3"
    ports:
      - "80:80"
      - "443:443"
#      - "8069:8069"
#    logging:
 #     options:
  #      max-size: "10m"
   #     max-file: "3"
    restart: always
    networks:
      - net-erisp
    # volumes to be mounted from the container
    # Mount paths as volumes, optionally specifying a path on the host machine
    # (HOST:CONTAINER), or an access mode (HOST:CONTAINER:ro).
    volumes:
      # mount the nginx config file in the container
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - ./conf.d:/etc/nginx/conf.d:ro
      - ./html:/usr/share/nginx/html:ro
      - ./log:/var/log/nginx
      # mount the ssl certificates
      - ./ssl:/etc/nginx/ssl:ro
      - ./sites-enabled:/etc/nginx/sites-enabled:ro
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
  certbot:
    image: certbot/certbot
    restart: always
    networks:
      - net-erisp
    volumes:
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

networks:
  net-erisp:
    name: net-erisp
    external: true
#networks:
#  default:
#    name: ddev_default
#    external: true

and this is our nginx.config file

user  nginx;
worker_processes  16;
worker_rlimit_nofile 200000;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;

    # optmized to serve many clients with each thread, essential for linux
    use epoll;

    # accept as many connections as possible, may flood worker connections if set too low
    multi_accept on;
}


http {
    # Default server
    server {
       # return 502;
       # include /etc/nginx/conf.d/default502;
        return 404;
    }
    # Other servers
    include /etc/nginx/sites-enabled/*;
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    # to boost IO on HDD we can disable access logs
    #access_log off;

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;

    # send headers in one peace, its better then sending them one by one
    tcp_nopush on;

    # don't buffer data sent, good for small data bursts in real time
    tcp_nodelay on;

    open_file_cache          max=100000 inactive=15m;
    open_file_cache_valid    2m;
    open_file_cache_min_uses 1;
    open_file_cache_errors   on;

    keepalive_timeout 65;
    client_header_timeout 3000;
    client_body_timeout 3000;
    client_max_body_size 20000;
    #keepalive_requests 100000;

    gzip  on;
    gzip_min_length 5000;
    gzip_types text/html application/x-javascript text/css application/javascript text/javascript text/plain text/xml application/json application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/xml font/eot font/opentype font/otf image/svg+xml image/vnd.microsoft.icon;
    gzip_disable "MSIE [1-6]\.";

    include /etc/nginx/conf.d/*.conf;
}

i have checked the data directory and i found that certification is store in the data directory only the demo and erp domains are failed

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.