Search code examples
nginxdocker-composelets-encryptjwilder-nginx-proxy

"jrcs/letsencrypt-nginx-proxy-companion" docker image: too many certificates already issued for exact set of domains

I'm using jwilder/nginx-proxy and jrcs/letsencrypt-nginx-proxy-companion images to create the ssl certificates automatically. When the server is updated and I run docker-compose down and docker-compose up -d the following error appears:

letsencrypt_1  | [Mon Feb  8 11:48:47 UTC 2021] Please check log file for more details: /dev/null
letsencrypt_1  | Creating/renewal example.com certificates... (example.com www.example.com)
letsencrypt_1  | [Mon Feb  8 11:48:48 UTC 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
letsencrypt_1  | [Mon Feb  8 11:48:48 UTC 2021] Creating domain key
letsencrypt_1  | [Mon Feb  8 11:48:48 UTC 2021] The domain key is here: /etc/acme.sh/[email protected]/example.com/example.com.key
letsencrypt_1  | [Mon Feb  8 11:48:48 UTC 2021] Multi domain='DNS:example.com,DNS:www.example.com'
letsencrypt_1  | [Mon Feb  8 11:48:48 UTC 2021] Getting domain auth token for each domain
letsencrypt_1  | [Mon Feb  8 11:48:49 UTC 2021] Create new order error. Le_OrderFinalize not found. {
letsencrypt_1  |   "type": "urn:ietf:params:acme:error:rateLimited",
letsencrypt_1  |   "detail": "Error creating new order :: too many certificates already issued for exact set of domains: example.com,www.example.com: see https://letsencrypt.org/docs/rate-limits/",
letsencrypt_1  |   "status": 429

I understand that letsencrypt allows a limited amount of certificates created over a week. Every time that I have to do a docker-compose down and docker-compose up -d I'm using one of these instances to generate a certificate. Now I have reached the limit and can't use the service.

  1. How to avoid certificates generating if is not necessary?
  2. Is there a way to reset the counter for this week to keep using the site?

My docker-compose.yml

version: "3"
   
services:
  db:
    image: postgres:12
    restart: unless-stopped
    env_file: ./.env
    volumes: 
      - postgres_data:/var/lib/postgresql/data
  web:
    build:
      context: .
    restart: unless-stopped
    env_file: ./.env
    command: python manage.py runserver 0.0.0.0:80
    volumes:
      - static:/code/static/
      - .:/code
    #ports:
    #  - "8000:8000"
    depends_on:
      - db
  nginx-proxy:
    image: jwilder/nginx-proxy
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - certs:/etc/nginx/certs:ro
      - vhostd:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
    labels:
      - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    environment:
      - NGINX_PROXY_CONTAINER=nginx-proxy
    volumes:
      - certs:/etc/nginx/certs:rw
      - vhostd:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
  nginx:
    image: nginx:1.19
    restart: always
    expose:
      - "80"
    volumes:
      - ./config/nginx/conf.d:/etc/nginx/conf.d
      - static:/code/static
      - ./../ecoplatonica:/usr/share/nginx/html:ro
    env_file: ./.env
    depends_on:
      - web
      - nginx-proxy
      - letsencrypt
volumes:
  .:
  postgres_data:
  static:
  certs:
  html:
  vhostd:
Solution

  • I had this problem and finally got it figured out.

    You need to add a volume to the nginx-proxy: and letsencrypt: services' volumes: sections - something like this:

    volumes:
  - /var/run/docker.sock:/tmp/docker.sock:ro
  - certs:/etc/nginx/certs:ro
  - vhostd:/etc/nginx/vhost.d
  - html:/usr/share/nginx/html
  - acme:/etc/acme.sh

    and then at the end of the docker-compose.yml file, I added:

    volumes:
  .:
  postgres_data:
  static:
  certs:
  html:
  vhostd:
  acme:

    Now I have persistent certificates.