Error cannot load certificate "/etc/letsencrypt/live/domainname/fullchain.pem" - Help

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

小胡子的眼镜 · Email notification ...· 6 小时前 ·

谦逊的开心果 · 北京公安大学是211还是985 - ...· 6 月前 ·

爱逃课的啤酒 · Aerospace ...· 1 年前 ·

爱吹牛的牙膏 · 日语学院举办第二届“中日文化研究的新空间”工 ...· 1 年前 ·

愉快的柿子 · 展商资讯|金山数字办公平台首次亮相CITE ...· 1 年前 ·

爱玩的牙膏 · 大理房价网,2023年大理房价走势图,大理二 ...· 1 年前 ·

My domain is: www.gotobot.co

I ran this command: docker-compose up

It produced this output:

image 1449×143 35.7 KB

Note: I checked this location and this file 100% exists, I entered it and it has the proper format too.

My web server is (include version): Nginx

The operating system my web server runs on is (include version): CentOS/Rhel7

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.0.0

#- vue networks: ['rasa-network'] command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"''' ports: - "80:808" - "443:4438" volumes: - ./nginx/conf/conf.d:/etc/nginx/conf.d - ./nginx/conf/partials:/etc/nginx/partials - ./nginx/certbot/conf:/etc/letsencrypt - ./nginx/certbot/www:/var/www/certbot - ./nginx/conf/nginx.conf:/etc/nginx/nginx.conf certbot: image: certbot/certbot entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" volumes: - ./nginx/certbot/conf:/etc/letsencrypt - ./nginx/certbot/www:/var/www/certbot

Should I add the certificates in my directory: ./nginx/certbot/certificates and then put it in volume like this:

./nginx/certbot/certificates:/etc/letsencrypt

These files were created in /etc/letsencrypt/domainname/live

When I run: service nginx status I get this:

Redirecting to /bin/systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

I’m trying to run my project on AWS EC2 and here is the whole docker-compose.yml:

Ideally, I’m trying to redirect traffic so when someone reaches landing page on port 80 it actually ends up being HTTPS and not HTTP.

version: '3'
services:
    container_name: vue-landing
    build: 
      context: ./VueLanding
    networks: ['rasa-network']
    ports: 
      - "80"
  rasa:
    image: rasa/rasa:latest-full
    networks: ['rasa-network']
    ports:
      - 5005:5005
    volumes:
      - ./:/app
    command:
      #- train
      - run
      - models
      - --enable-api
      - --cors
      - "*"
      - --endpoints
      - endpoints.yml
  action_server:
    image: rasa/rasa-sdk:latest
    networks: ['rasa-network']
    volumes:
      - ./actions:/app/actions
    container_name: postgres
    image: postgres:latest
    networks: ['rasa-network']
    ports: 
      - "5432:5432"
    restart: always
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=pw
      - POSTGRES_DB=postgres
    volumes:
      - ./postgres-data:/var/lib/postgresql/data
  nginx:
    restart: always
    hostname: reverse
    image: nginx
    #depends_on:
      #- vue
    networks: ['rasa-network']
    command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"'''
    ports:
      - "80:808"
      - "443:4438"
    volumes:
      - ./nginx/conf/conf.d:/etc/nginx/conf.d
      - ./nginx/conf/partials:/etc/nginx/partials
      - ./nginx/certbot/conf:/etc/letsencrypt
      - ./nginx/certbot/www:/var/www/certbot
      - ./nginx/conf/nginx.conf:/etc/nginx/nginx.conf
  certbot:
    image: certbot/certbot
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
    volumes:
      - ./nginx/certbot/conf:/etc/letsencrypt
      - ./nginx/certbot/www:/var/www/certbot
networks: {rasa-network: {}}

Ok, you need to see if certbot (on the host) will work with the containerized nginx using the --webroot plugin. If you use the --nginx plugin it will start up nginx on the host, and that’s not what you want.

An useful option can be --dry-run

When you mentioned this I remembered that I maybe missed this part of the tutorial since I didn’t run this script initially:

#!/bin/bash
if ! [ -x "$(command -v docker-compose)" ]; then
  echo 'Error: docker-compose is not installed.' >&2
  exit 1
domains=(www.gotobot.co)
rsa_key_size=4096
data_path="./nginx/certbot"
email="email" # Adding a valid address is strongly recommended
# Set to 1 if you're testing your setup to avoid hitting request limits
# Set to -1 on local to get a dummy SSL cert and ignore letsencrypt
staging=0
if [ -d "$data_path" ]; then
  read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
  if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
  echo "### Downloading recommended TLS parameters ..."
  mkdir -p "$data_path/conf"
  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
echo "### Creating dummy certificate for $domains ..."
path="/etc/letsencrypt/live/$domains"
mkdir -p "$data_path/conf/live/$domains"
docker-compose run --rm --entrypoint "\
  openssl req -x509 -nodes -newkey rsa:1024 -days 1\
    -keyout '$path/privkey.pem' \
    -out '$path/fullchain.pem' \
    -subj '/CN=localhost'" certbot
if [ $staging == "-1" ]; then exit 0; fi
echo "### Starting nginx ..."
docker-compose up --force-recreate -d nginx
echo "### Deleting dummy certificate for $domains ..."
docker-compose run --rm --entrypoint "\
  rm -Rf /etc/letsencrypt/live/$domains && \
  rm -Rf /etc/letsencrypt/archive/$domains && \
  rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
echo "### Requesting Let's Encrypt certificate for $domains ..."
#Join $domains to -d args
domain_args=""
for domain in "${domains[@]}"; do
  domain_args="$domain_args -d $domain"
# Select appropriate email arg
case "$email" in
  "") email_arg="--register-unsafely-without-email" ;;
  *) email_arg="--email $email" ;;
# Enable staging mode if needed
if [ $staging != "0" ]; then staging_arg="--staging"; fi
docker-compose run --rm --entrypoint "\
  certbot certonly --webroot -w /var/www/certbot \
    $staging_arg \
    $email_arg \
    $domain_args \
    --rsa-key-size $rsa_key_size \
    --agree-tos \
    --force-renewal" certbot
echo "### Reloading nginx ..."
docker-compose exec nginx nginx -s reload
Now I’ve run this and I get this error:
image908×662 54.9 KB
I’ve checked on AWS my A record and it is pointed to IPv4 Public IP of my ec2 containter.
Also I went to my AWS certificate manager and there I have some certificates for domain i made a month ago and they are Amazon issued.
Am I missing something there?
              I tried this if that’s what you meant (sudo certbot certonly --dry-run):
Btw did you see my edit of the previous post?
image865×562 40.3 KB
              you should decide if you want to use certbot inside the container or outside. if you want to use it inside, you should probably use that script; if you want to use it outside, you should set up the appropriate hooks to reload nginx on renewals.
the error it gives you, no valid ip addresses, is really strange, have you edited dns records recently?