acme-companion: Working on vhost, not working on apparently identical vhost

Hi there,

I am going mad… nginx-proxy is installed and working on first container below (pasted key parts from docker inspect). But the second is basically identical and not working. It was working until this morning, I didn’t do anything to it that I recall… But I was messing around with the nginx/letsenc setup. I have killed the nginx/letsenc setup and its volumes and re run those two containers several times just in case.

I get a 500 error on that second backend container when it is awake (503 when down, which is expected i guess). The 500 error is apparently a cert problem because the cert req is failing with:

CA marked some of the authorizations as invalid

for which I have disabled ipv6, which didnt seem to be needed in this case, but I am getting frustrated and trying anything! All the domains are on cloudflare, so it’s not the DNS provider. It doesn’t even appear to arrive on the backend container httpd, cos nginx is falling over first at https.

If I force a renew, the working one renews happily. And the others fail in the same way.

I have directly tested whether https is responding via the exposed 8443 port on the IP set via the nginx-proxy docker network subnet, which is set for the VIRTUAL_PORTs defined in ENV vars. https is responding happily on the exposed (unpublished) ports. Going mad…

If I run the below, it confirms the same behaviour, where i get Hello World on the working vhost, but a 500 error on the other:

you@remotedockerhost$ docker exec your-le-container bash -c 'echo "Hello world!" > /usr/share/nginx/html/.well-known/acme-challenge/hello-world'

you@localcomputer$ curl http://yourdomain.tld/.well-known/acme-challenge/hello-world Hello world! you@localcomputer$ curl -6 http://yourdomain.tld/.well-known/acme-challenge/hello-world Hello world!

Some of inspect contents from the containers (sensitive details removed inc. domains)

Working one:

"Env": [ "APACHE_HTTPS_PORT_NUMBER=8443", "APACHE_HTTP_PORT_NUMBER=8080", "WORDPRESS_HTTPS_PORT=8443", "WORDPRESS_HTTP_PORT=8080", "VIRTUAL_HOST=dev.em.com", "VIRTUAL_PORT=8443", "VIRTUAL_PROTO=https", "LETSENCRYPT_HOST=dev.em.com", ], "ExposedPorts": { "443/tcp": {}, "8080/tcp": {}, "8443/tcp": {} },

Not working:

"Env": [ "APACHE_HTTPS_PORT_NUMBER=8443", "APACHE_HTTP_PORT_NUMBER=8080", "WORDPRESS_HTTPS_PORT=8443", "WORDPRESS_HTTP_PORT=8080", "VIRTUAL_HOST=lux.rr.com", "VIRTUAL_PORT=8443", "VIRTUAL_PROTO=https", "LETSENCRYPT_HOST=lux.rr.com", ], "ExposedPorts": { "443/tcp": {}, "8080/tcp": {}, "8443/tcp": {} },

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 24 (6 by maintainers)

Most upvoted comments

They are normally

Well from those command line, they’re not 🤷‍♂️

I took the liberty to edit your previous post as that was barely readable.

Could you try running your containers with

-e 'VIRTUAL_PORT=8443' -e 'VIRTUAL_PROTO=https'

replaced by

-e 'VIRTUAL_PORT=8080'

?

+1
buchdag on Jun 6, 2020

The 500 error is apparently a cert problem because the cert req is failing with: CA marked some of the authorizations as invalid

My guess is that it’s probably the other way around, you can’t get a certificate because of the proxying error.

You should have a link providing some additional infos about why the challenge failed on the letsencrypt-nginx-proxy-companion container logs.

APACHE_HTTPS_PORT_NUMBER APACHE_HTTP_PORT_NUMBER WORDPRESS_HTTPS_PORT WORDPRESS_HTTP_PORT

What are those environment variables ?

Could you post the rendered /etc/nginx/conf.d/default.conf file when both containers are up ?

+1
buchdag on May 20, 2020
Read more comments on GitHub
← acme-companion: Wordpress doesn't work
docker-gen: docker-gen exits with status code 2 →