Unable to use certbot certificates from docker container

My domain is: stockwhiz.in

I ran this command:
docker run -it --rm -v "${pwd}:/etc/letsencrypt" certbot/dns-google certonly --manual --preferred-challenges dns

It produced this output:

My web server is (include version): NGINX running in a compose service.

The operating system my web server runs on is (include version): NGINX stable on dockerhub

My hosting provider, if applicable, is: Not applicable

I can login to a root shell on my machine (yes or no, or I don't know): yes (Not applicable?)

I have a compose service running my website @www.stockwhiz.in .

I have tried creating the certificate and key manually, and having binded the volume appropriately to a temp folder. I notice that the certificate files are 0kb.

I was then manually copying these files into appropriate locations on my compose service which has an NGINX frontend.

This does not seem to be working. The only thing I find off right now is that I found is this part of the documentation which says:

For historical reasons, the containing directories are created with permissions of 0700 meaning that certificates are accessible only to servers that run as the root user. If you will never downgrade to an older version of Certbot, then you can safely fix this using chmod 0755 /etc/letsencrypt/{live,archive}.

For servers that drop root privileges before attempting to read the private key file, you will also need to use chgrp and chmod 0640 to allow the server to read /etc/letsencrypt/live/$domain/privkey.pem.

at https://eff-certbot.readthedocs.io/en/latest/using.html#where-certs

My suspect is that I am not getting appropriate read write permissions thus the files are not being binded correctly during containerization.

Any tips?

[edit_00]: Minor formatting.

That's probably because they're symbolic links to the actual files in the /archive/ directory.

Usually one just maps the /etc/letsencrypt/ volume you've mapped just now to the container using them. No need to copy anything over manually.


What shows when you cat that cert.pem file?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.