4

So I'm trying to use nginx with a certbot certificate in a docker container, but I get this error, even though the file exists.

2022/10/07 11:08:47 [emerg] 15#15: cannot load certificate "/etc/nginx/certs/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] cannot load certificate "/etc/nginx/certs/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

The certificates were generated outside of the docker container and mounted into nginx (so I might've done it wrong).

nginx:
    container_name: best-nginx
    build:
      context: .
    restart: always
    image: nginx:alpine
    volumes:
      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
      - /etc/letsencrypt/live/mycerts:/etc/nginx/certs
    ports:
      - "443:443"

default.conf

server {
    root /usr/share/nginx/html;
    index index.html index.htm index.nginx-debian.html;

    server_name myservername.com;

    location / {
            try_files $uri $uri/ =404;
    }

    location /keycloak {
            proxy_pass http://localhost:28080/;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/nginx/certs/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/nginx/certs/privkey.pem; # managed by Certbot
}

Dockerfile

# develop stage
FROM node:18-alpine as develop-stage
WORKDIR /app
COPY package*.json ./
COPY tsconfig.json ./
RUN npm install
COPY ./public ./public
COPY ./src ./src

# build stage
FROM develop-stage as build-stage
RUN npm run build

# production stage
FROM nginx:1.23.1-alpine as production-stage
COPY --from=build-stage /app/build /usr/share/nginx/html
CMD ["nginx", "-g", "daemon off;"]

What I observed is that certbot generates 4 files, while I'm using only 2 in my default.conf

Could that be the root of my problem?

Thanks.

//Edit: The files exist in /etc/letsencrypt/live/mycerts but I can't access live/mycerts without root access. So I think they might be mapped weirdly?

Here's a ls -la in the docker container, in /etc/nginx/certs, and they look a bit strange.

lrwxrwxrwx    1 root     root            45 Oct  7 10:20 cert.pem -> ../../archive/mycerts/cert1.pem
lrwxrwxrwx    1 root     root            46 Oct  7 10:20 chain.pem -> ../../archive/mycerts/chain1.pem
lrwxrwxrwx    1 root     root            50 Oct  7 10:20 fullchain.pem -> ../../archive/mycerts/fullchain1.pem
lrwxrwxrwx    1 root     root            48 Oct  7 10:20 privkey.pem -> ../../archive/mycerts/privkey1.pem
Improve this question
1
  • check fullchain.pem and privkey.pem exist in /etc/letsencrypt/live/mycerts Commented Oct 7, 2022 at 14:34

1 Answer 1

Reset to default
2

you are mounting a folder with symbolic links, in you container you will get symbolic links that points to the same location, not real files.

So either you mount a directory with real cert files recommended

or mount archive/mycerts:/etc so symblic links points to real files inside the conatiner not recommended

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.