Comments (24)
It's because you forget to add the name of the image at the end of the command line.
Try this:
$ docker run --entrypoint='sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem' ldez/traefik-certs-dumper:v2.8.1
from traefik-certs-dumper.
Hello,
your 2nd line contains 2 times "traefik-certs-dumper file".
I don't know if it's a copy-paste error inside the issue or something else.
from traefik-certs-dumper.
Hi Ludovic,
Thank you so much for the response. Yes, that was a copy paste mistake.
I've corrected the entrypoint to the below and it still doesn't work. Not sure if maybe my syntax is incorrect somewhere.
sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs --crt-ext=.pem --key-ext=.pem –-domain-subdir=true
It runs just fine until I add those last three flags at the end. The problem appears to be there.
Can these be specified with environment variables instead?
I checked the log but there doesn't seem to be an indication of why it fails.
I don't know that it matters but I'm modifying this field in Portainer where I get a status code 400.
--LOG--
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz
(1/2) Installing oniguruma (6.9.4-r1)
(2/2) Installing jq (1.6-r0)
Executing busybox-1.30.1-r3.trigger
OK: 7 MiB in 16 packages
from traefik-certs-dumper.
What is the problem exactly?
from traefik-certs-dumper.
$ traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs --crt-ext=.pem --key-ext=.pem –-domain-subdir=true
Error: --crt-ext (".pem") and --key-ext (".pem") are identical, in this case --domain-subdir is required
Usage:
traefik-certs-dumper file [flags]
Flags:
-h, --help help for file
--source string Path to 'acme.json' file. (default "./acme.json")
--version string Traefik version. If empty use v1. Possible values: 'v2'.
Global Flags:
--clean Clean destination folder before dumping content. (default true)
--config string config file (default is $HOME/.traefik-certs-dumper.yaml)
--crt-ext string The file extension of the generated certificates. (default ".crt")
--crt-name string The file name (without extension) of the generated certificates. (default "certificate")
--dest string Path to store the dump content. (default "./dump")
--domain-subdir Use domain as sub-directory.
--key-ext string The file extension of the generated private keys. (default ".key")
--key-name string The file name (without extension) of the generated private keys. (default "privatekey")
--post-hook string Execute a command only if changes occurs on the data source. (works only with the watch mode)
--watch Enable watching changes.
2022/07/27 20:18:42 root.go:45: --crt-ext (".pem") and --key-ext (".pem") are identical, in this case --domain-subdir is required
exit status 1
from traefik-certs-dumper.
it's because you are using an invalid character: you are using an En Dash (\u2013) instead of a Hyphen-Minus (\u002D) here: –-domain-subdir=true
(the first character is an En Dash)
from traefik-certs-dumper.
I was using Portainer to do this but that obscured the problem because it's not very verbose. I tried adding the entrypoint using the command line and now there is better feedback on why it isn't running.
root@NAS:/var/lib/docker/bindmounts# docker run --entrypoint sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem traefik-certs-dumper
Unable to find image 'apk:latest' locally
docker: Error response from daemon: pull access denied for apk, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
from traefik-certs-dumper.
your problem is here –-domain-subdir=true
you must use this --domain-subdir=true
.
It's related to a wrong character.
from traefik-certs-dumper.
Good catch, and I did fix the character. Using the proper character there's still an error about the "apk add jq"
Unable to find image 'apk:latest' locally
docker: Error response from daemon: pull access denied for apk, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
root@NAS:/var/lib/docker/bindmounts# docker run --entrypoint sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ jq ".[] | .Certificates | length" /data/acme.json != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem traefik-certs-dumper
Unable to find image 'apk:latest' locally
docker: Error response from daemon: pull access denied for apk, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
from traefik-certs-dumper.
I think you are not using an alpine image: apk is the package manager for alpine.
from traefik-certs-dumper.
Ok. I didn't realize that this was OS dependent. I'm on Debian.
from traefik-certs-dumper.
Looks like I need to substitute that command for (apt install jq -y) for Debian.
from traefik-certs-dumper.
or just use an alpine image.
it's not dependent on your OS but on the OS inside the image.
from traefik-certs-dumper.
you just have to use my image ldez/traefik-certs-dumper
https://hub.docker.com/r/ldez/traefik-certs-dumper/
from traefik-certs-dumper.
The image I've been using is ldez/traefik-certs-dumper:v2.7.4
docker: Error response from daemon: pull access denied for apt, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
This makes it sound like the container either doesn't have the repository or the container permissions don't allow access to pull a package.
from traefik-certs-dumper.
No, if you are using the right image, the image contains apk.
The latest version is v2.8.1
but v2.7.4
works too.
from traefik-certs-dumper.
I don't know what you are doing but you are doing something wrong:
$ docker run --rm -it --entrypoint /bin/sh ldez/traefik-certs-dumper:v2.8.1
/ # apk add jq
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
(1/2) Installing oniguruma (6.9.7.1-r0)
(2/2) Installing jq (1.6-r1)
Executing busybox-1.34.1-r3.trigger
OK: 7 MiB in 16 packages
from traefik-certs-dumper.
That's right. I accidentally inserted container name instead of image name. I think we are very close.
root@NAS:/var/lib/docker/bindmounts# docker run --entrypoint='sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem' ldez/traefik-certs-dumper:v2.8.1
Unable to find image 'ldez/traefik-certs-dumper:v2.8.1' locally
v2.8.1: Pulling from ldez/traefik-certs-dumper
Digest: sha256:2734462fc8290feab0e34a00d5f3e4992ba74f8e3712d74efff7ae703d0e7e87
Status: Downloaded newer image for ldez/traefik-certs-dumper:v2.8.1
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq \".[] | .Certificates | length\" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem": stat sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem: no such file or directory: unknown.
ERRO[0001] error waiting for container: context canceled
from traefik-certs-dumper.
you have to mount the directory
from traefik-certs-dumper.
Sorry, this is a result of not being familiar with docker in the command line. I usually use Portainer for the UI to manage containers but wasn't able to get a clear indication of the issue in portainer. In my portainer issue I have the volume bind mounted correctly. Adding volume to the cmd.
from traefik-certs-dumper.
If you don't know well Docker, I recommend using a docker-compose file.
You have an example here: https://github.com/ldez/traefik-certs-dumper/blob/master/docs/docker-compose-traefik-v2.yml
from traefik-certs-dumper.
I've had no shortage of dumb mistakes. I believe I might be creating the container right this time.
"docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec:"
"no such file or directory: unknown."
root@NAS:/var/lib/docker/bindmounts/traefik# docker run --name cert-extract4 -v /var/lib/docker/bindmounts/traefik:/data --entrypoint='sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem' ldez/traefik-certs-dumper:v2.8.1
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq \".[] | .Certificates | length\" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem": stat sh,-c, apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs –-domain-subdir=true --crt-ext=.pem --key-ext=.pem: **no such file or directory: unknown.**
ERRO[0000] error waiting for container: context canceled
from traefik-certs-dumper.
The following command works:
docker run --rm -v /var/lib/docker/bindmounts/traefik/:/data/ --entrypoint='sh' ldez/traefik-certs-dumper:v2.8.1 -c 'apk add jq ; while ! [ -e /data/acme.json ] || ! [ `jq ".[] | .Certificates | length" /data/acme.json` != 0 ]; do sleep 1 ; done && traefik-certs-dumper file --version v2 --watch --source /data/acme.json --dest /data/certs --domain-subdir=true --crt-ext=.pem --key-ext=.pem'
Note: you still have an invalid character in –-domain-subdir
, you must use --domain-subdir
(the first character is a problem because it's not a hyphen)
from traefik-certs-dumper.
That worked. I can't believe that wrong character re-entered my string. Thank you so much for all your help. I really appreciate it!
from traefik-certs-dumper.
Related Issues (20)
- filename of wildcard certificates with single quotes with docker HOT 8
- Dependabot can't parse your go.mod
- csr? HOT 1
- Nothing happens when I run this via docker-compose
- After dump of certificates is there anyway to have script change either owner (chown) and/or mode (chmod)? HOT 4
- Example fails, when you have more than one certresolver configured HOT 4
- Change clean behaviour HOT 4
- Add support for other certificate file standards HOT 10
- output folders empty
- Empty directories after running file command HOT 1
- acme.json unexpected EOF HOT 4
- Exporting sans wildcard cert into a file name, replacing star (*). HOT 3
- Crypto Go :we are a research group to help developers build secure applications.
- make domain name as crt-name and key-name HOT 5
- I'm having difficulty converting the entrypoint compose for docker run ( GUI of unraid) HOT 7
- Add jq during build of the docker image
- Unknown Operand HOT 1
- Possible to export a subdomain from a wildcard domain? HOT 2
- SANS in acme.json vs SANS in dumped certificate HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from traefik-certs-dumper.