Problem with certificate
Opened this issue · 7 comments
I'm using scalelite docker container installed from https://jffederico.medium.com/scalelite-lazy-deployment-745a7be849f6, for couple years without any problem. Couple months ago I have update images and it was working fine. Yesterday nobody can connect to server because certificte has expired, I have tried po restart script init-letsencrypt.sh but I receive error and scalelite is not working:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: domain.xy
Type: unauthorized
Detail: IP: Invalid response from https://domain.xy/.well-known/acme-challenge/CVw48JUJjx_CskGkUBtSQbi6oTsSG7Bmgt978q8gYgA: "\n\n FAILED\n unsupportedRequest\n This"
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Reloading scalelite-nginx ...
nginx: [emerg] cannot load certificate "/etc/nginx/ssl/live/domain.xy/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/live/domain.xy/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
Any idea how to fix this?
Thank you.
HI,
you can/could renew the certs yourself. Run certbot with necessary commands (see here). After that, take a look at the docker-compose.yml file. You should find the certbot: section, and right after that the volumes: section. Take a look at the ...:/etc/letsencrypt part and navigate to the path to the left of the colon (in my case it's ./data/certbot/conf. Put the cert files generated by certbot in this last path and configure the file permissions accordingly (if necessary).
Oh, right! And stop SL before doing this. Or at least stop the scalelite-proxy container, since certbot will be expecting either port 80 or 443 to be free.
Regards,
J.
Hi!
Thank you for your response. I have to create certificate and private key and put a link on this place to this two files? I don't have scalelite-proxy containter, I have scalelite-api and scalelite-nginx.
Hi,
currently I'm working with an old version of Scalelite. Yes, I have a scalelite-proxy but perhaps in the recent version(s) this was renamed to scalelite-nginx.
Yes, you have to create both the cert and private key files and link the to the place I mentioned earlier.
And, of course, restart/reload the container or the whole setup.
Regards,
J.
Thank you @JeanPluzo that worked!
Hey @Cristhianbh98, Thanks for the notification
but I am still not able to install the certificate manually it's throwing the same error and I tried all the commands from documentation :(
can you share the command that you used to install certificate manually if possible?
also did you stop both certbot and scalelite-proxy container ? and installed them manually and wrote conf file prior to running the certificate install command?
Thanks
Hi,
Yes, I stopped the certbot and scalelite-nginx containers.
Then I created a new folder named "certificate", the name does not matter.
put the docker-compose.yml with my domain and email.
version: '3.1'
services:
letsencrypt:
image: linuxserver/letsencrypt
container_name: letsencrypt
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
- URL=yourdomain.com
- SUBDOMAINS=
- VALIDATION=http
- EMAIL=youremail@example.com
volumes:
- ./config:/config
ports:
- 80:80
- 443:443
restart: unless-stopped
I run the docker-compose up -d command, this should install the certificates, you would be able to visit your domain with ssl installed.
Then the files geneated in the folder ./config/etc/letsencrypt/live/yourdamain.com/ I moved to ./data/certbot/conf/live/ yourdamain.com/
I stopped the docker-compose, and then in the scalelite project folder I run the docker-compose up -d command, and it worked for me.
Take in mid this is a work around and the certificates are not renovating automatically, but for the moment if you need your servers working this should help.
It worked Thanks a lot @Cristhianbh98 :)