Add a domain to running config
Closed this issue · 11 comments
I have setup a dual domain config according to your example. I would like to add a third domain now and I am not sure how to do that without breaking the running domains. How would I add an extra domain to a running config?
@CmdLnInt , to add new domain to the setup that is already running you need to do the following.
- Add the following lines to the docker-compose.yml
services: nginx: #... volumes: #... - test3_devcomanda_com_certbot:/var/www/certbot/test3.devcomanda.com #... - ./html:/var/www/html/test3.devcomanda.com certbot: #... volumes: #... - test3_devcomanda_com_certbot:/var/www/certbot/test3.devcomanda.com volumes: #... test3_devcomanda_com_certbot:
- Add to the nginx/default.conf
server { listen 80; server_name test3.devcomanda.com www.test3.devcomanda.com; location /.well-known/acme-challenge/ { root /var/www/certbot/test3.devcomanda.com; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; server_name test3.devcomanda.com www.test3.devcomanda.com; ssl_certificate /etc/nginx/ssl/dummy/test3.devcomanda.com/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/dummy/test3.devcomanda.com/privkey.pem; include /etc/nginx/options-ssl-nginx.conf; ssl_dhparam /etc/nginx/ssl/ssl-dhparams.pem; location / { root /var/www/html/test3.devcomanda.com; } }
- Add to the config.env your new domain and email
DOMAINS=test1.devcomanda.com test2.devcomanda.com test3.devcomanda.com CERTBOT_EMAILS=info@devcomanda.com info@devcomanda.com info@devcomanda.com
- Restart the system
docker-compose down docker-compose up -d
I will also start working on a new version that will support adding new domains easily without much manual steps.
This doesn't seem to work.
I get the following message:
Obtaining the certificate for test3.devcomanda.com
Requesting a certificate for test3.devcomanda.com and www.test3.devcomanda.com
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: test3.devcomanda.com
Type: unauthorized
Detail: Invalid response from http://test3.devcomanda.com/.well-known/acme-challenge/qbCwheYSviVsndkGkvFvU3YtHgOeefRlQJvITsPSlLA [x.x.x.x]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.17.10</c"
As far as I can tell /var/www/certbot/test3.devcomanda.com does not exist in nginx container.
Just want to make sure, that instead of test3.devcomanda.com
you are using your real domain.
/var/www/certbot/test3.devcomanda.com
should exist if you added volume test3_devcomanda_com_certbot
as I've described above.
Anyway, I will improve and simplify the solution in a few days.
I am using my own domain names and I have added the volume to docker-compose.yml. Maybe i need to add --build
ie
docker-compose up --build -d
Will that break my running config?
Adding --build
causes this message
[emerg] 1#1: cannot load certificate "/etc/letsencrypt/live/test3.devcomanda.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/test3.devcomanda.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
Could you attach the full log of the certbot container?
certbot logs only have this
Waiting for nginx to start...
nc: bad address 'nginx'
Waiting for nginx to start...
nc: bad address 'nginx'
Waiting for nginx to start...
nc: bad address 'nginx'
Waiting for nginx to start...
Waiting for nginx to start...
nc: bad address 'nginx'
nc: bad address 'nginx'
Waiting for nginx to start...
nc: bad address 'nginx'
Waiting for nginx to start...
nc: bad address 'nginx'
Waiting for nginx to start...
nc: bad address 'nginx'
Waiting for nginx to start...
nc: bad address 'nginx'
Waiting for nginx to start...
Waiting for nginx to start...
nc: bad address 'nginx'
Waiting for nginx to start...
nc: bad address 'nginx'
Waiting for nginx to start...
nc: bad address 'nginx'
Waiting for nginx to start...
nginx logs have this
Switching Nginx to use Let's Encrypt certificate for test1.devcomanda.com
Switching Nginx to use Let's Encrypt certificate for test2.devcomanda.com
Switching Nginx to use Let's Encrypt certificate for test3.devcomanda.com
2022/02/25 08:04:28 [emerg] 1#1: cannot load certificate "/etc/letsencrypt/live/test3.devcomanda.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/test3.devcomanda.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/test3.devcomanda.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/test3.devcomanda.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
My config seems correct because it all works as expected once I do
docker-compose down
docker container purge
docker volume purge
docker volume create --name=devcomanda_nginx_ssl
docker volume create --name=devcomanda_certbot_certs
docker-compose up --build
OK, clear. I will try to fix it. Thanks for sharing the logs.
@CmdLnInt , finally I've finished with the fix and updated the documentation: https://github.com/evgeniy-khist/letsencrypt-docker-compose/#df4dbc9f0317b0524962bc438bed627b
But the initial setup has also changed a bit: https://github.com/evgeniy-khist/letsencrypt-docker-compose/#6641666d7bc2748bab0ac80cdec3a2a3