Trouble using certbot with nginx on docker


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cpc.saipathuri.me

I ran this command:

docker run -it --rm
-v certs:/etc/letsencrypt
-v certs-data:/data/letsencrypt
deliverous/certbot
certonly
–staging
–webroot --webroot-path=/data/letsencrypt
-d cpc.saipathuri.me

which is certbot certonly --staging --webroot --webroot-path=/data/letsencrypt -d cpc.saipathuri.me

It produced this output:

    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator webroot, Installer None
    Obtaining a new certificate
    /usr/local/lib/python2.7/site-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
      signer = key.signer(self.padding, self.hash)
    Performing the following challenges:
    http-01 challenge for cpc.saipathuri.me
    Using the webroot path /data/letsencrypt for all unmatched domains.
    Waiting for verification...
    Cleaning up challenges
    Failed authorization procedure. cpc.saipathuri.me (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://cpc.saipathuri.me/.well-known/acme-challenge/ICJP8LP-i23YkwaLUIVC272cRJTsdToJLDtc2fUGoJE: "<html>
    <head><title>404 Not Found</title></head>
    <body bgcolor="white">
    <center><h1>404 Not Found</h1></center>
    <hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: cpc.saipathuri.me
   Type:   unauthorized
   Detail: Invalid response from
   http://cpc.saipathuri.me/.well-known/acme-challenge/ICJP8LP-i23YkwaLUIVC272cRJTsdToJLDtc2fUGoJE:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): nginx

The operating system my web server runs on is (include version): docker

My hosting provider, if applicable, is: AWS EC2

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I am able to access the /.well-known/acme-challenge directory (http://cpc.saipathuri.me/.well-known/acme-challenge/test.txt) with a test file, but certbot keeps failing. Please help!


#2

Hi @saipathuri,

Is this file test.txt located in /data/letsencrypt/.well-known/acme-challenge?


#3

Hi @schoen,

Yes, it is.


#4

After hours and hours of debugging, I figued out what the issue was. Turns out docker prepends volume names for volumes in certain situations (not sure when, I don’t know enough about Docker), so the volumes created by running

docker-compose up -d

with my docker-compose file created volumes named

mysite_certs

and

mysite_certs-data

instead of

certs

and

certs-data

So I modified

docker run -it --rm
-v certs:/etc/letsencrypt
-v certs-data:/data/letsencrypt
deliverous/certbot
certonly
–staging
–webroot --webroot-path=/data/letsencrypt
-d cpc.saipathuri.me

to be

docker run -it --rm
-v mysite_certs:/etc/letsencrypt
-v mysite_certs-data:/data/letsencrypt
deliverous/certbot
certonly
–staging
–webroot --webroot-path=/data/letsencrypt
-d cpc.saipathuri.me

and that fixed the issue!


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.