I have followed the directions for the recommended method of separating containers issued here: https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion by creating a docker-compose.yml file as follows:
version: '3'
services:
nginx-proxy:
image: nginx
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- nginx-conf:/etc/nginx/conf.d
- nginx-vhost:/etc/nginx/vhost.d
- nginx-html:/usr/share/nginx/html
- ./ssl:/etc/nginx/certs:ro
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
nginx-gen:
image: jwilder/docker-gen
container_name: nginx-gen
command: -notify-sighup nginx -wait 5s:30s -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl
- nginx-conf:/etc/nginx/conf.d
- nginx-vhost:/etc/nginx/vhost.d
- nginx-html:/usr/share/nginx/html
- ./ssl:/etc/nginx/certs:ro
links:
- nginx-proxy
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
volumes:
- /path/to/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
- nginx-conf:/etc/nginx/conf.d
- nginx-vhost:/etc/nginx/vhost.d
- nginx-html:/usr/share/nginx/html
- ./ssl:/etc/nginx/certs:rw
environment:
NGINX_DOCKER_GEN_CONTAINER: nginx-gen
ACME_CA_URI: https://acme-staging.api.letsencrypt.org/directory
links:
- nginx-proxy
volumes:
nginx-conf:
nginx-vhost:
nginx-html:
however, when running the nginx-letsencrypt container I get the following errors:
$ docker logs nginx-letsencrypt
Sleep for 3600s
2017/04/26 18:19:37 Generated '/app/letsencrypt_service_data' from 9 containers
2017/04/26 18:19:37 Running '/app/update_certs'
2017/04/26 18:19:37 Watching docker events
Reloading nginx proxy (using separate container nginx-gen)...
Creating/renewal sandbox.graph.speakr.com certificates... (sandbox.graph.speakr.com)
2017/04/26 18:19:37 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/update_certs'
2017-04-26 18:19:38,011:INFO:simp_le:1211: Generating new account key
2017-04-26 18:19:40,038:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2017-04-26 18:19:40,875:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): letsencrypt.org
2017-04-26 18:19:41,748:INFO:requests.packages.urllib3.connectionpool:207: Starting new HTTP connection (1): sandbox.graph.speakr.com
2017-04-26 18:19:41,834:WARNING:simp_le:1303: sandbox.graph.speakr.com was not successfully self-verified. CA is likely to fail as well!
2017-04-26 18:19:41,949:INFO:simp_le:1313: Generating new certificate private key
2017-04-26 18:19:43,495:ERROR:simp_le:1271: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Is there a warning log entry about unsuccessful self-verification? Are all your domains accessible from the internet? Failing authorizations: https://acme-staging.api.letsencrypt.org/acme/authz/iAD9-HSmyVGb_kHwt0aLDRQHycIJzT3JooxEOTiTp48
Challenge validation has failed, see error log.
Debugging tips: -v improves output verbosity. Help is available under --help.
Sleep for 3600s
additionally (here's it's less clear to me what I should see):
$ ls -r ssl
total 8
drwxr-xr-x 2 root root 4096 Apr 26 06:04 sandbox.graph.speakr.com/
-rw-r--r-- 1 root root 424 Apr 26 06:04 dhparam.pem
which shows the sandbox directory is empty
I see from this article: https://github.com/dmp1ce/nginx-proxy-letsencrypt/issues/18 that there are similar issues (to which I see no resolution) but my case is pretty straightforward
what could be the issue here?
-- relevant info --
Docker version 17.03.0-ce, build 3a232c8
docker-compose version 1.11.2, build dfed245
Linux ip-10-0-3-113 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
jrcs/letsencrypt-nginx-proxy-companion (image): "Created": "2017-04-21T12:22:44.384018601Z"
well, for one thing I noticed I had mounted the path to the certs for nginx-letsencrypt twice (one leftover entry from the example). I fixed that but it didn't help
the fix seemed to be to remove the volumes and re-add them. something got weird, perhaps in the order in which I ran the containers, or all the experimentation. so I've moved on but I'm not sure I know what the problem was
$ docker volume rm nginx-conf nginx-vhost nginx-html