Certificate service renewal
oscgonfer opened this issue · 3 comments
Describe the bug
There is an issue with the letsencrypt.service. The certificate renewal works fine, but not the restarting of the nginx container.
To Reproduce
Steps to reproduce the behavior:
- Setup fabmanager following setup script
- Choose to autorenew certificate
- Wait and check the status for the letsencrypt service or trigger it
Expected behavior
A renewal of the certificate (OK) and relaunching of the nginx (NOK)
Server
Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-124-generic x86_64)
docker --version
Docker version 20.10.17, build 100c701
I think it's simply a problem with the name of the container. At least in our deployment scenario, containers are named using dashes, instead of underscores:
[Unit]
Description=letsencrypt cert update oneshot
Requires=docker.service
[Service]
Type=oneshot
ExecStart=/usr/bin/docker run --rm --name certbot_fabmanager -v "/apps/fabmanager/letsencrypt/etc:/etc/letsencrypt" certbot/certbot:latest -c "/etc/letsencrypt/config/webroot.ini" certonly
ExecStartPost=-/usr/bin/docker restart fabmanager_nginx_1
In our case should replace the ExecStartPost line by (note also the dash before /usr/bin ?):
ExecStartPost=/usr/bin/docker restart fabmanager-nginx-1
I made a test but cannot reproduce the issue. Can you please report here your version of docker-compose ?
Here it is:
~# docker compose version
Docker Compose version v2.6.0
I think we have the same issue.
docker-compose version 1.29.2, build unknown
docker-py version: 5.0.3
CPython version: 3.11.4
OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
So far I implemented a workaround with a cronjob that restarts the nginx container every month afetr certificate renewal.
$ crontab -l
0 3 2 * * docker-compose restart nginx