Comments (8)
Yes, I think it is better to close it because I have only seen you request it, and I don't think I have time for such a special usecase :)
from docker-nginx-certbot.
In what way do the container fail? Is the config corrupt or what is going on?
As it is now there is no supported way of switching willy nilly between local CA and certbot since they have different folder structure, and a wipe of the letsencrypt folder is necessary.
While I believe the local CA could forcefully overwrite the things necessary for it to "take over", I am not as sure of how certbot would handle it if it is to be restored.
from docker-nginx-certbot.
In what way do the container fail? Is the config corrupt or what is going on?
Possible fails:
- Wrongly typed domain
- Port 80 not open
- Wrong configuration
- ACME challenge fails for some reason
As it is now there is no supported way of switching willy nilly between local CA and certbot since they have different folder structure, and a wipe of the letsencrypt folder is necessary.
I'm actually doing it without any problem by setting local ca env var to 1/0 right now
from docker-nginx-certbot.
I do not fully comprehend how the failure manifests itself, and how local CA is able to prevent it.
The users are able to connect to the container on some admin interface (which allows any incoming domain?), where they then can enter a new domain which then fail to get certificates for some reason. The scripts then disable this config and thus making the admin interface unreachable?
Would it make sense to have this admin interface in a separate config which remains accessible even after other servers are configured?
from docker-nginx-certbot.
Lets say I have a domain.com that points to the public ip X.X.X.X
by default local CA is on so the browser will ask you to "accept the risk" in order to open the page. Then you configure certbot from ui selecting for example Webroot as method, you apply the changes and under the hoods I restart the nginx container with the new env vars, the nginx container at this point gots some errors (for any possible reason) and now I have no easy way to recover from this except by ssh inside the machine and manually restart nginx container with local_ca to 1 so at least he can enter the app. The application that serves the admin iterface is the same that serves the application, it's not running in a separeted port, if a user is a superuser he can manage that part.
I understand this may be a really not usual use case of this container so no worries if you consider this not important to implement, was just curious to know your opinion on this, otherwise I will find some alternatives
from docker-nginx-certbot.
This seems to be quite a unique setup and I have a hard time grasping the exact flow of events and possible error states, which makes an error handling implementation from me very difficult.
I actually think some external monitoring script would suit your need better since that could be tuned for your specific situation.
Else you could perhaps do something with an entrypoint.d script which could poll the nginx server and perhaps restart everything again with local CA in case it does not get a 200 response within 2 minutes?
from docker-nginx-certbot.
This issue has been open for quite a while, did you manage to find a solution to your setup?
from docker-nginx-certbot.
@JonasAlfredsson Nope but no worries feel free to close this as I think it is a really custom use case.
from docker-nginx-certbot.
Related Issues (20)
- config file not being discovered HOT 4
- Update Dockerhub Image HOT 4
- Improve Azure File Share support HOT 2
- Conflicting servername xxx on 0.0.0.0:443 HOT 2
- Speed up DH generation HOT 4
- Standard nginx "docker-entrypoint.sh" not being used HOT 7
- Renewal failed on challenge webroot HOT 5
- Add support for Bunny.net authenticator plugin for DNS-01 HOT 7
- How is log rotation handled? HOT 2
- Publish v5.0.1 to address CVE-2024-24989 and CVE-2024-24990 HOT 2
- Reload nginx config without forced certificat renewal? HOT 7
- no alternative certificate subject name matches target host name HOT 3
- High CVE present on latest (jonasal/nginx-certbot:5.0.1-nginx1.25.4) HOT 1
- adding additional info in the http directive HOT 5
- Unable to enable specific ciphers HOT 19
- How to add a wildcard SAN to a certificate of a domain? HOT 2
- Error when running service 'Important file(s) for '/etc/nginx/conf.d/default.conf' are missing or empty' HOT 3
- map variable for server_name HOT 2
- How to create certificates? HOT 7
- Any kind of subdomain HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-nginx-certbot.