Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem with certificate #1015

Open
podrskabbb opened this issue Aug 24, 2023 · 7 comments
Open

Problem with certificate #1015

podrskabbb opened this issue Aug 24, 2023 · 7 comments
Labels
bug Something isn't working

Comments

@podrskabbb
Copy link

I'm using scalelite docker container installed from https://jffederico.medium.com/scalelite-lazy-deployment-745a7be849f6, for couple years without any problem. Couple months ago I have update images and it was working fine. Yesterday nobody can connect to server because certificte has expired, I have tried po restart script init-letsencrypt.sh but I receive error and scalelite is not working:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: domain.xy
Type: unauthorized
Detail: IP: Invalid response from https://domain.xy/.well-known/acme-challenge/CVw48JUJjx_CskGkUBtSQbi6oTsSG7Bmgt978q8gYgA: "\n\n FAILED\n unsupportedRequest\n This"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Reloading scalelite-nginx ...

nginx: [emerg] cannot load certificate "/etc/nginx/ssl/live/domain.xy/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/live/domain.xy/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

Any idea how to fix this?

Thank you.
@podrskabbb podrskabbb added the bug Something isn't working label Aug 24, 2023
@JeanPluzo
Copy link

HI,

you can/could renew the certs yourself. Run certbot with necessary commands (see here). After that, take a look at the docker-compose.yml file. You should find the certbot: section, and right after that the volumes: section. Take a look at the ...:/etc/letsencrypt part and navigate to the path to the left of the colon (in my case it's ./data/certbot/conf. Put the cert files generated by certbot in this last path and configure the file permissions accordingly (if necessary).
Oh, right! And stop SL before doing this. Or at least stop the scalelite-proxy container, since certbot will be expecting either port 80 or 443 to be free.

Regards,
J.

@podrskabbb
Copy link
Author

Hi!

Thank you for your response. I have to create certificate and private key and put a link on this place to this two files? I don't have scalelite-proxy containter, I have scalelite-api and scalelite-nginx.

@JeanPluzo
Copy link

Hi,
currently I'm working with an old version of Scalelite. Yes, I have a scalelite-proxy but perhaps in the recent version(s) this was renamed to scalelite-nginx.
Yes, you have to create both the cert and private key files and link the to the place I mentioned earlier.
And, of course, restart/reload the container or the whole setup.

Regards,
J.

@Cristhianbh98
Copy link

Thank you @JeanPluzo that worked!

@Cristhianbh98 Cristhianbh98 mentioned this issue Oct 11, 2023
Merged
@CommitSithLord
Copy link

CommitSithLord commented Oct 12, 2023
edited
Loading

Hey @Cristhianbh98, Thanks for the notification
but I am still not able to install the certificate manually it's throwing the same error and I tried all the commands from documentation :(
can you share the command that you used to install certificate manually if possible?
also did you stop both certbot and scalelite-proxy container ? and installed them manually and wrote conf file prior to running the certificate install command?
Thanks

@Cristhianbh98
Copy link

Hi,
Yes, I stopped the certbot and scalelite-nginx containers.
Then I created a new folder named "certificate", the name does not matter.
put the docker-compose.yml with my domain and email.

version: '3.1'
services:
  letsencrypt:
    image: linuxserver/letsencrypt
    container_name: letsencrypt
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - URL=yourdomain.com
      - SUBDOMAINS=
      - VALIDATION=http
      - [email protected]
    volumes:
      - ./config:/config
    ports:
      - 80:80
      - 443:443
    restart: unless-stopped

I run the docker-compose up -d command, this should install the certificates, you would be able to visit your domain with ssl installed.

Then the files geneated in the folder ./config/etc/letsencrypt/live/yourdamain.com/ I moved to ./data/certbot/conf/live/ yourdamain.com/

I stopped the docker-compose, and then in the scalelite project folder I run the docker-compose up -d command, and it worked for me.

Take in mid this is a work around and the certificates are not renovating automatically, but for the moment if you need your servers working this should help.

@CommitSithLord
Copy link

CommitSithLord commented Oct 12, 2023
edited
Loading

It worked Thanks a lot @Cristhianbh98 :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Cristhianbh98 @CommitSithLord @JeanPluzo @podrskabbb