Nginx not launching in LetsEncrypt container

letsencrypt

#1

Hi folks,

Trying to instantiate the latest LetsEncrypt docker, and am having trouble. It appears nginx is not launching. When I opened a console in the container, nging -t gave the following error:

nginx: [emerg] open() “/run/nginx/nginx.pid” failed

It turns out that /run/nginx didn’t exist. After creating the folder in the container, nginx was still not listening on port 80 or 443.

Anyone run into this and have advice?


#2

Please can you provide your Docker run/create command, as well as any logs. Both will help us understand how you have configured the container.

Is this for a fresh install, or have you made any changes to files in the /config directory?

As we use s6-overlay to manage the nginx process, the PID file is not located in the default directory. As a side note, you shouldn’t be executing into the container and running by nginx commands manually as this will result in false-negatives.


#3

Hi, just recreated a clean image:

docker create --cap-add=NET_ADMIN --name=letsencrypt -v /share/App_Config/letsencrypt:/config -e PGID=1000 -e PUID=1000 -e EMAIL=xxxxxx -e URL=xxxxxx.com -e SUBDOMAINS=home -e VALIDATION=http -p 32080:80 -p 32443:443 -e TZ=“America\Los_Angeles” -e ONLY_SUBDOMAINS=true linuxserver/letsencrypt

(my router forwards port 80 to this server 32080, and 443 to 32443) Trying to hit IP:port directly also is non responsive. (connection refused)

And my logs:

> 
> Search 
> Filter...
> Lines 
> 100
> ActiPreformatted textons   
>        
> [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
> 
> 
> [s6-init] ensuring user provided files have correct perms...exited 0.
> 
> 
> [fix-attrs.d] applying ownership & permissions fixes...
> 
> 
> [fix-attrs.d] done.
> 
> 
> [cont-init.d] executing container initialization scripts...
> 
> 
> [cont-init.d] 10-adduser: executing... 
> 
> 
> 
> 
> -------------------------------------
> 
> 
>           _         ()
> 
> 
>          | |  ___   _    __
> 
> 
>          | | / __| | |  /  \ 
> 
> 
>          | | \__ \ | | | () |
> 
> 
>          |_| |___/ |_|  \__/
> 
> 
> 
> 
> 
> 
> Brought to you by linuxserver.io
> 
> 
> We gratefully accept donations at:
> 
> 
> 
> 
> -------------------------------------
> 
> 
> GID/UID
> 
> 
> -------------------------------------
> 
> 
> 
> 
> User uid:    1000
> 
> 
> User gid:    1000
> 
> 
> -------------------------------------
> 
> 
> 
> 
> [cont-init.d] 10-adduser: exited 0.
> 
> 
> [cont-init.d] 20-config: executing... 
> 
> 
> [cont-init.d] 20-config: exited 0.
> 
> 
> [cont-init.d] 30-keygen: executing... 
> 
> 
> generating self-signed keys in /config/keys, you can replace these with your own keys if required
> 
> 
> Generating a RSA private key
> 
> 
> ...............+++++
> 
> 
> .............................+++++
> 
> 
> writing new private key to '/config/keys/cert.key'
> 
> 
> -----
> 
> 
> [cont-init.d] 30-keygen: exited 0.
> 
> 
> [cont-init.d] 50-config: executing... 
> 
> 
> Variables set:
> 
> 
> 
> 
> 0
> 
> 
> 
> 
> 0
> 
> 
> TZ=America\Los_Angeles
> 
> 
> URL=xxxxx.com
> 
> 
> SUBDOMAINS=home
> 
> 
> EXTRA_DOMAINS=
> 
> 
> ONLY_SUBDOMAINS=true
> 
> 
> DHLEVEL=2048
> 
> 
> VALIDATION=http
> 
> 
> DNSPLUGIN=
> 
> 
> EMAIL=xxxx
> 
> 
> STAGING=
> 
> 
> 
> 
> Created donoteditthisfile.conf
> 
> 
> Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
> 
> 
> Generating DH parameters, 2048 bit long safe prime, generator 2
> 
> 
> This is going to take a long time
> 
> 
> 
> 
> ..+..................................................................................................................+...........................................................................................................................................................................................+...........................................+.............................................................................................................................................................................................................................................................................................................................................+.............+...............+..................+...............................................................................+...........................................................................+.......................................................................................................+.....................................................................................................................................................................................................................................................................................................................+..............+........................................................................................................................................................................................................+.........................................................................................................................+.....................................................+..............................+....................................................................................................................................................................+....+............................................................................................................................................................................................................+..........................................................................................................................................................+........................................................................................................................................................................................................................+..............................................................................................+.........................................................................................................................................................................++*++*++*++*
> 
> 
> DH parameters successfully created - 2048 bits
> 
> 
> SUBDOMAINS entered, processing
> 
> 
> SUBDOMAINS entered, processing
> 
> 
> Only subdomains, no URL in cert
> 
> 
> Sub-domains processed are:  -d home.xxxxx.com
> 
> 
> E-mail address entered: xxxxx
> 
> http validation is selected
> 
> 
> nerating new certificate
> 
> 
> Saving debug log to /var/log/letsencrypt/letsencrypt.log
> 
> 
> Plugins selected: Authenticator standalone, Installer None
> 
> 
> Obtaining a new certificate
> 
> 
> Performing the following challenges:
> 
> 
> http-01 challenge for home.xxxxx.com
> 
> 
> Waiting for verification...
> 
> 
> Cleaning up challenges
> 
> 
> IMPORTANT NOTES:
> 
> 
> Failed authorization procedure. home.ethniceats.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http home.xxxxx.com/.well-known/acme-challenge/fyjKrvXnB3vk9TIJJxnD8iF53vgklVcn21UKQrGvy6o: Timeout during connect (likely firewall problem)
> 
> 
>  - The following errors were reported by the server:
> 
> 
> 
> 
>    Domain: home.xxxxx.com
> 
> 
>    Type:   connection
> 
> 
>    Detail: Fetching
> 
> ## modified because of link error on posting
>    http home.xxxxx.com/.well-known/acme-challenge/fyjKrvXnB3vk9TIJJxnD8iF53vgklVcn21UKQrGvy6o:
> 
> 
>    Timeout during connect (likely firewall problem)
> 
> 
> 
> 
>    To fix these errors, please make sure that your domain name was
> 
> 
>    entered correctly and the DNS A/AAAA record(s) for that domain
> 
> 
>    contain(s) the right IP address. Additionally, please check that
> 
> 
>    your computer has a publicly routable IP address and that no
> 
> 
>    firewalls are preventing the server from communicating with the
> 
> 
>    client. If you're using the webroot plugin, you should also verify
> 
> 
>    that you are serving files from the webroot path you provided.
> 
> 
>  - Your account credentials have been saved in your Certbot
> 
> 
>    configuration directory at /etc/letsencrypt. You should make a
> 
> 
>    secure backup of this folder now. This configuration directory will
> 
> 
>    also contain certificates and private keys obtained by Certbot so
> 
> 
>    making regular backups of this folder is ideal.
> 
> 
> ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

This text will be hidden

#4

Issue with accessing your container.

Make sure that

  1. You have a cname set for “home” and it’s pointing to your home ip
  2. Your port forward for 80 is correct
  3. Your isp doesn’t block port 80
  4. You don’t have another process on your server that listens on port 80

Direct connect via ip isn’t supposed to work anyway because nginx isn’t even up yet. It fits up after successful validation.

If you like, you can stop letsencrypt and put up our regular nginx container first with the same port mappings and see if you can access via port 80. Once you get that to work, remove nginx and set up letsencrypt