Using letsencrypt docker image to set up certificates


#1

Hi people,

I’m trying to follow this guide:

http://www.automationlogic.com/using-lets-encrypt-and-docker-for-automatic-ssl/
https://bitbucket.org/automationlogic/le-docker-compose/src/2f1b37b842e3ed9aaa6aef645f7e0f6782308c1d/docker-compose.yml?at=master&fileviewer=file-view-default

to set up letsencrypt certificates for a website I’m working on (i’m using docker-compose version 2, the guide uses 1). Anyways, when trying to run the thing, I get this error:

letsencrypt_1       | Failed authorization procedure. <my.website.com> (http-01):     urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from  http://<my.website.com>/.well-known/acme-challenge/3B8GYzI4-87pyr8-JlXnDpM4p8SssmDSD9bn-VHG2G8 [<some.ip.number>]: 404
letsencrypt_1       | IMPORTANT NOTES:
letsencrypt_1       |  - The following errors were reported by the server:
letsencrypt_1       | 
letsencrypt_1       |    Domain: <my.website.com>
letsencrypt_1       |    Type:   unauthorized
letsencrypt_1       |    Detail: Invalid response from
letsencrypt_1       |    http://<my.website.com>/.well-known/acme-challenge/3B8GYzI4-87pyr8-JlXnDpM4p8SssmDSD9bn-VHG2G8
letsencrypt_1       |    [<some.ip.number>]: 404
letsencrypt_1       | 
letsencrypt_1       |    To fix these errors, please make sure that your domain name was
letsencrypt_1       |    entered correctly and the DNS A record(s) for that domain
letsencrypt_1       |    contain(s) the right IP address.

The command I fire on the letsencrypt image is this one:

sleep 6 && certbot certonly --standalone -d $MY_HOST --text --agree-tos --email <email@something.com> --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 -vvvv --renew-by-default --standalone-supported-challenges http-01

where MY_HOST resolves to <my.website.com>

I have a nginx docker image facing the world that redirects to different docker containers not facing the world, including the letsencrypt docker image. The config file in this docker image is:

events { worker_connections 1024; }
http {
        server {
                listen 80;
                server_name ___my.example.com___;
                location / {
                        proxy_pass http://app/;
                        proxy_set_header Host            $host;
                        proxy_set_header X-Forwarded-For $remote_addr;
                }

                location /test/ {
                        proxy_pass http://flask-helloworld/;
                        proxy_set_header Host            $host;
                        proxy_set_header X-Forwarded-For $remote_addr;
                }
                location /.well-known/acme-challenge {
                        proxy_pass http://letsencrypt/;
                        proxy_set_header Host            $host;
                        proxy_set_header X-Forwarded-For $remote_addr;
                        proxy_set_header X-Forwarded-Proto https;
                }

        }
}

Where my.example.com gets replaced by the actual site name.

Has anyone had any success trying to use this approach by any chance??? If so did you come accross this problem? How did you solve it?


#2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.