I want to create a docker-compose with several services and in it I want to generate a certificate for my domain name with Certbot/LetsEncryt. But when I run it, I always get an error saying it can't find a certificate! While normally I do everything necessary to generate it.
version: '3.8'
services:
proxy-nginx:
build: .
ports:
- 80:80
- 443:443
volumes:
- ./certbot/www:/var/www/certbot/
- ./certbot/conf/:/etc/nginx/ssl/
depends_on:
- nestjs
restart: unless-stopped
certbot:
image: certbot/certbot:latest
depends_on:
- proxy-nginx
volumes:
- ./certbot/www/:/var/www/certbot/
- ./certbot/conf/:/etc/letsencrypt/
command: certonly --webroot --webroot-path=/var/www/certbot --email [email protected] --agree-tos --no-eff-email --staging 0 --force-renewal -d www.mydomaine -d mydomaine
nestjs:
build:
context: ./BACKEND
dockerfile: Dockerfile
ports:
- 3000:3000
Here is the result :
cannot load certificate "/etc/nginx/ssl/live/mydomaine/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/live/mydomaine/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
```
In my nginx.conf file
I have 1 proxy server and 1 server for the front-end and back-end of my application. But the problem is nginx can't find the certificate. I don't know why.
normally the certificate is generated in the folder /etc/nginx/ssl/live/mydomaine.be/ but it's not the case.
This is how I use it and it works.
docker-compose.yml
services:
node:
container_name: node-server
build: .
environment: # process.env.
NODE_ENV: production
networks:
- app-network
nginx:
image: 'nginx:1.23.3'
container_name: nginx-server
depends_on:
- node
volumes:
- './volumes/nginx/production/nginx.conf:/etc/nginx/nginx.conf:ro'
- './volumes/nginx/production/conf.d/:/etc/nginx/conf.d'
- './volumes/certbot/letsencrypt:/etc/letsencrypt'
- './volumes/certbot/www:/var/www/certbot'
networks:
- app-network
ports:
- '80:80' # To access nginx from outside
- '443:443' # To access nginx from outside
networks:
app-network:
driver: bridge
Docker run certbot
docker run --rm --name temp_certbot \
-v /home/app-folder/volumes/certbot/letsencrypt:/etc/letsencrypt \
-v /home/app-folder/volumes/certbot/www:/tmp/letsencrypt \
-v /home/app-folder/volumes/certbot/log:/var/log \
certbot/certbot:v1.8.0 \
certonly --webroot --agree-tos --renew-by-default \
--preferred-challenges http-01 --server https://acme-v02.api.letsencrypt.org/directory \
--text --email [email protected] \
-w /tmp/letsencrypt -d domain.com