如何让letsencrypt与docker compose一起为已经拥有fullchain.pem的现有网站工作
我正在努力让Nginx与letsencrypt和docker compose合作。也就是说,我正在对一个现有网站进行docking,并在本地运行如何让letsencrypt与docker compose一起为已经拥有fullchain.pem的现有网站工作,docker,ssl,nginx,docker-compose,lets-encrypt,Docker,Ssl,Nginx,Docker Compose,Lets Encrypt,我正在努力让Nginx与letsencrypt和docker compose合作。也就是说,我正在对一个现有网站进行docking,并在本地运行docker compose,以验证一切正常。我将与Docker Compose一起关注Nginx和letsencrypt。但是,当我运行/init letsencrypt.sh时,我得到了错误: ### Reloading nginx ... 2020/07/05 10:27:43 [emerg] 32#32: cannot load certific
docker compose
,以验证一切正常。我将与Docker Compose一起关注Nginx和letsencrypt。但是,当我运行/init letsencrypt.sh
时,我得到了错误:
### Reloading nginx ...
2020/07/05 10:27:43 [emerg] 32#32: cannot load certificate "/etc/letsencrypt/live/mysite.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/mysite.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/mysite.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/mysite.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
我正在努力使其工作的网站已经在生产中运行我拥有并可以访问我的远程服务器上的fullchain.pem
。要让letsencrypt使用docker compose在本地工作,我应该:
fullchain.pem
文件复制到我的本地计算机,并将fullchain.pem
添加到我的.gitignoredocker compose-up
运行时与letsencrypt协同工作(base) ➜ ✗ ./init-letsencrypt.sh
Existing data found for <mysite>.com. Continue and replace existing certificate? (y/N) y
### Downloading recommended TLS parameters ...
### Creating dummy certificate for <mysite>.com ...
Generating a RSA private key
.............................+++++
...................+++++
writing new private key to '/etc/letsencrypt/live/<mysite>.com/privkey.pem'
-----
### Starting nginx ...
Recreating my_postgres ... done
Recreating <mysite>dotcom_django_web ... done
Recreating <mysite>dotcom_nginx_1 ... done
### Deleting dummy certificate for <mysite>.com ...
### Requesting Let's Encrypt certificate for <mysite>.com ...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: No
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for <mysite>.com
http-01 challenge for www.<mysite>.com
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain <mysite>.com
Challenge failed for domain www.<mysite>.com
http-01 challenge for <mysite>.com
http-01 challenge for www.<mysite>.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: <mysite>.com
Type: unauthorized
Detail: Invalid response from
https://<mysite>.com/.well-known/acme-challenge/Yw9a6TdSiXWltjD4T6fKWDiaCSJ4GDHCaBTdmKGdWmY
[111.my.real.ip.111]: "<h1>Not Found</h1><p>The requested URL
/.well-known/acme-challenge/Yw9a6TdSiXWltjD4T6fKWDiaCSJ4GDHCaBTdmKGdWmY
was not found on "
Domain: www.<mysite>.com
Type: unauthorized
Detail: Invalid response from
https://www.<mysite>.com/.well-known/acme-challenge/Ylt1PYbjJ4bRLHsW9Dtrx2wpq06M_zCOlCV9YGq4UNY
[111.my.real.ip.111]: 400
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
### Reloading nginx ...
2020/07/05 10:27:43 [emerg] 32#32: cannot load certificate "/etc/letsencrypt/live/<mysite>.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/<mysite>.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/<mysite>.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/<mysite>.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
~
(基本)➜ ✗ ./init-letsencrypt.sh
已找到.com的现有数据。是否继续并替换现有证书?(是/否)是
###正在下载推荐的TLS参数。。。
###正在为.com创建虚拟证书。。。
生成RSA私钥
.............................+++++
...................+++++
正在将新私钥写入“/etc/letsencrypt/live/.com/privkey.pem”
-----
###正在启动nginx。。。
重新创建我的研究生。。。完成
正在重新创建dotcom\u django\u web。。。完成
正在重新创建dotcom\u nginx\u 1。。。完成
###正在删除.com的虚拟证书。。。
###正在请求为.com加密证书。。。
将调试日志保存到/var/log/letsencrypt/letsencrypt.log
选择的插件:验证器webroot,安装程序None
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
您愿意与电子前沿共享您的电子邮件地址吗
基金会,让加密项目和非营利组织的创始伙伴
开发Certbot的组织?我们想给你发一封关于我们工作的电子邮件
加密网络、EFF新闻、活动和支持数字自由的方式。
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y) es/(N)o:否
获取新证书
执行以下挑战:
http-01.com的挑战
http-01挑战www.com
对所有不匹配的域使用webroot路径/var/www/certbot。
正在等待验证。。。
对domain.com的质询失败
域www..com的质询失败
http-01.com的挑战
http-01挑战www.com
清理挑战
一些挑战已经失败。
重要提示:
-服务器报告了以下错误:
域:.com
类型:未经授权
详细信息:来自的响应无效
https://.com/.well-known/acme-challenge/Yw9a6TdSiXWltjD4T6fKWDiaCSJ4GDHCaBTdmKGdWmY
[111.my.real.ip.111]:“未找到请求的URL
/.知名/acme挑战/Yw9a6TdSiXWltjD4T6fKWDiaCSJ4GDHCaBTdmKGdWmY
在“”上找不到
域名:www.com
类型:未经授权
详细信息:来自的响应无效
https://www..com/.well-known/acme-challenge/Ylt1PYbjJ4bRLHsW9Dtrx2wpq06M_zCOlCV9YGq4UNY
[111.my.real.ip.111]:400
要修复这些错误,请确保您的域名是
输入正确,并且该域的DNS A/AAAA记录正确
包含正确的IP地址。
-您的帐户凭据已保存在Certbot中
配置目录位于/etc/letsencrypt。你应该做个决定
立即对此文件夹进行安全备份。此配置目录将被删除
还包含Certbot so获得的证书和私钥
定期备份此文件夹非常理想。
###正在重新加载nginx。。。
2020/07/05 10:27:43[emerg]32#32:无法加载证书“/etc/letsencrypt/live/.com/fullchain.pem”:BIO_新文件()失败(SSL:error:0201002:system library:fopen:No这样的文件或目录:fopen('/etc/letsencrypt/live/.com/fullchain.pem',r')错误:2006D080:BIO例程:BIO_新文件:无这样的文件)
nginx:[emerg]无法加载证书“/etc/letsencrypt/live/.com/fullchain.pem”:BIO_new_文件()失败(SSL:错误:0201002:系统库:fopen:没有这样的文件或目录:fopen('/etc/letsencrypt/live/.com/fullchain.pem','r')错误:2006D080:BIO例程:BIO_new_文件:没有这样的文件)
~