Certificates are not found after Nginx container is recreated
tompropst opened this issue · comments
I'm capturing this here before I go to bed...
When the Nginx container is recreated, it should have a mounted volume on the host where the certificates are stored. The problem is that certbot
creates symbolic links in the volume we have mounted and those links point to another directory that does not persist the container recreation. To save the certificates, I think we will need to mount both locations so that the certificates and links are both saved.
Here is a listing of the mounted volume we have now that shows the links (I replaced my domain with "my.test.host"):
$ ls -al ssl/live/lab.dureddo.com/
total 12
drwxr-xr-x 2 root root 4096 Jan 18 04:21 .
drwxrwxr-x 3 trp trp 4096 Jan 23 04:58 ..
lrwxrwxrwx 1 root root 39 Jan 18 04:21 cert.pem -> ../../archive/my.test.host/cert1.pem
lrwxrwxrwx 1 root root 40 Jan 18 04:21 chain.pem -> ../../archive/my.test.host/chain1.pem
lrwxrwxrwx 1 root root 44 Jan 18 04:21 fullchain.pem -> ../../archive/my.test.host/fullchain1.pem
lrwxrwxrwx 1 root root 42 Jan 18 04:21 privkey.pem -> ../../archive/my.test.host/privkey1.pem
-rw-r--r-- 1 systemd-network root 543 Jan 18 04:21 README
Currently, both of these are mounted right?
- $NGINXCONF:/etc/nginx/conf.d
- $SSLROOT:/etc/letsencrypt/live
So are we not able to do this within the container itself?
Correct. There may be a more elegant way but I can make a pull request to...
Use these volumes in web-nginx
:
volumes:
- $NGINXCONF:/etc/nginx/conf.d
- $SSLROOT:/etc/letsencrypt/live
- $SSLARCHIVE:/etc/letsencrypt/archive
And then change the ssl
directory to have ssl/live
and ssl/archive
with the .gitignore
moved / copied into those sub-directories.
And then change the .env.example
file to contain:
NGINXCONF=./project/nginx/conf.d
SSLROOT=./ssl/live
SSLARCHIVE=./ssl/archive
Sure, that would be great! 👍