Я получаю следующую ошибку при использовании certbot с nginx в ubuntu 18.04.
Сведения об ошибке:
Attaching to certbot
certbot | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot | Plugins selected: Authenticator webroot, Installer None
certbot | Obtaining a new certificate
certbot | Performing the following challenges:
certbot | http-01 challenge for example.com
certbot | http-01 challenge for www.example.com
certbot | Using the webroot path /var/www/html for all unmatched domains.
certbot | Waiting for verification...
certbot | Challenge failed for domain example.com
certbot | Challenge failed for domain www.example.com
certbot | http-01 challenge for example.com
certbot | http-01 challenge for www.example.com
certbot | Cleaning up challenges
certbot | Some challenges have failed.
certbot | IMPORTANT NOTES:
certbot | - The following errors were reported by the server:
certbot |
certbot | Domain: example.com
certbot | Type: connection
certbot | Detail: Fetching
certbot | http://example.com/.well-known/acme-challenge/3xVDLqF-YtEGo99rqnsKGk5wiaP9ct-WtahxOetrCPc:
certbot | Connection refused
certbot |
certbot | Domain: www.example.com
certbot | Type: connection
certbot | Detail: Fetching
certbot | http://www.example.com/.well-known/acme-challenge/zsONhLSTJF18mcGdXpKZ6_3BnKf_uaKg-0DYP2rGLi4:
certbot | Connection refused
certbot |
certbot | To fix these errors, please make sure that your domain name was
certbot | entered correctly and the DNS A/AAAA record(s) for that domain
certbot | contain(s) the right IP address. Additionally, please check that
certbot | your computer has a publicly routable IP address and that no
certbot | firewalls are preventing the server from communicating with the
certbot | client. If you're using the webroot plugin, you should also verify
certbot | that you are serving files from the webroot path you provided.
root@oneuser:/home/oneuser/code/project# sudo docker-compose logs nginx
Attaching to nginx
nginx | [2020-08-01 17:08:23 +0000] [1] [INFO] Starting gunicorn 20.0.4
nginx | [2020-08-01 17:08:23 +0000] [1] [INFO] Listening at: http://0.0.0.0:8000 (1)
nginx | [2020-08-01 17:08:23 +0000] [1] [INFO] Using worker: sync
nginx | [2020-08-01 17:08:23 +0000] [7] [INFO] Booting worker with pid: 7
nginx | [2020-08-01 17:08:23 +0000] [8] [INFO] Booting worker with pid: 8
nginx | [2020-08-01 17:08:23 +0000] [9] [INFO] Booting worker with pid: 9
nginx | Environment: Environment: PROD
nginx | PROD
nginx | Environment: PROD
nginx | Production settings importedProduction settings imported
nginx | Production settings imported
nginx |
docker -compose.yml:
version: '3.8'
services:
web:
build: .
container_name: web
command: gunicorn project.wsgi -b 0.0.0.0:8000 --capture-output --enable-stdio-inheritance --log-level=debug --access-logfile=- --log-file=-
volumes:
- ./:/usr/src/app/
# ports:
# - 1337:8000
expose:
- 8000
env_file: .env
restart: unless-stopped
networks:
- app-network
depends_on:
- redis
redis:
image: redis:alpine
container_name: redis
env_file: .env
restart: unless-stopped
networks:
- app-network
nginx:
build: .
image: nginx:mainline-alpine
container_name: nginx
restart: unless-stopped
env_file: .env
ports:
- 443:443
- 80:80
volumes:
- ./:/usr/src/app/
- web-root:/var/www/html
- ./nginx:/etc/nginx/conf.d
- certs:/etc/nginx/certs
# - certbot-etc:/etc/letsencrypt
# - certbot-var:/var/lib/letsencrypt
- ./dhparam:/etc/ssl/certs
- /var/run/docker.sock:/tmp/docker.sock:ro
depends_on:
- web
networks:
- app-network
certbot:
image: certbot/certbot
container_name: certbot
volumes:
- certbot-etc:/etc/letsencrypt
- certbot-var:/var/lib/letsencrypt
- web-root:/var/www/html
depends_on:
- web
command: certonly --webroot --webroot-path=/var/www/html --email oneuser@gmail.com --agree-tos --no-eff-email --staging -d example.com -d www.example.com
celery:
build: .
container_name: celery
command: celery -A project worker -l info
volumes:
- ./:/usr/src/app/
env_file: .env
restart: unless-stopped
networks:
- app-network
depends_on:
- redis
celery-beat:
build: .
container_name: celery-beat
command: celery -A project beat -l info
volumes:
- ./:/usr/src/app/
env_file: .env
restart: unless-stopped
networks:
- app-network
depends_on:
- redis
volumes:
certs:
certbot-etc:
certbot-var:
web-root:
driver: local
driver_opts:
type: none
device: /home/oneuser/code/project/
o: bind
networks:
app-network:
driver: bridge
Dockerfile:
FROM python:3.8-alpine
# set environment variables
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1
# ARG environment
ENV ENVIRONMENT='PROD'
ENV LOCAL_MIGRATIONS='NO'
RUN set -e; \
apk add --no-cache --virtual .build-deps \
gcc \
libffi-dev \
libc-dev \
mariadb-dev \
python3-dev \
musl-dev \
;
# set work directory
RUN mkdir /usr/src/app
WORKDIR /usr/src/app
# install dependencies
RUN pip install --upgrade pip
COPY ./requirements.txt /usr/src/app/requirements.txt
RUN pip install --no-cache-dir -r /usr/src/app/requirements.txt
# copy project
COPY . /usr/src/app/
RUN apk del .build-deps
EXPOSE 8000
CMD ["gunicorn", "--bind", ":8000", "--workers", "3", "project.wsgi:application"]
Все службы работают нормально, кроме certbot. Пытаясь решить эту проблему в течение двух дней с разными подходами, даже пробовали разные подходы. Ничего не работает должным образом.
При работе docker ps: Имя команды Состояние портов -------------------------------------------------- -------------------------------------------------- ------ сельдерей сельдерей -Работник проекта - ... до 8000 / tcp сельдерей-бит сельдерей -A project beat -l информация Up 8000 / tcp certbot certbot certonly --web root ... Выход 1 nginx gunicorn --bind: 8000 --wo ... Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp, 8000 / tcp redis docker -entrypoint. sh redis ... до 6379 / tcp web gunicorn project.wsgi -b 0 ... До 8000 / tcp