I get:
NET::ERR_CERT_AUTHORITY_INVALID
when i use browser to go to the URL.
Container version, configuration used, logs ?
docker version returns:
Version: 18.09.5
API version: 1.39
How do I access logs & what do you mean by "configuration"? I cloned and ran it per the instructions.
Our server names are as follows:
--env "VIRTUAL_HOST=z1s1-weqp09" \
--env "LETSENCRYPT_HOST=z1s1-weqp09" \
_Also, saw this warning on the project page, does this have anything to do with it?_
"Warning : jwilder/nginx-proxy:latest currently has an issue with DH parameters that will cause intermittent proxy and certificate generation failure until the nginx-proxy container has generated its DH parameters file...."
Now I am getting:
ERR_CONNECTION_REFUSED
docker ps returns:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
7910dc263e20 nginx "nginx -g 'daemon of…" 3 seconds ago Up 2 seconds 80/tcp
my-app
b41a5c51b0ab jwilder/docker-gen "/usr/local/bin/dock…" 20 seconds ago Up 19 seconds
nginx-proxy-gen
8a2e31209a29 nginx "nginx -g 'daemon of…" 3 minutes ago Up 3 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp
nginx-proxy
I am following these instructions, here:
https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/blob/master/docs/Advanced-usage.md
Hi,
By container version I meant: what version of the letsencrypt companion container are you using (did you build it from the cloned repo, did you pull it from Dockerhub, and if pulled from Dockerhub did you use a tagged version / which one or did you pull latest ?).
I'll need you to copy paste the exact, whole command line or compose file you used to run the whole stack (nginx-proxy or nginx + docker-gen container.s, letsencrypt container, proxyed container).
Containers logs will also be needed to see what's happening inside the containers. You can get logs from a container with docker container log nameoridofyourcontainer. Logs from the three containers might be useful, not only the letsencrypt container.
Also, saw this warning on the project page, does this have anything to do with it?
If you used the two containers setup yes, if you used the three containers setup no, as it only affect the "standalone" nginx-proxy container. As you used the three containers setup, you're not affected by this.
z1s1-weqp09
This is not a proper publicly reachable domain name and just not a proper domain name at all, I'm not sure if nginx-proxy works with those (doubt it) and you certainly can't obtain certificate from Let's Encrypt (or any other CA for that matter) with this.
Is there a way to do it for internal sites, like: f5.private-domain.vcl?
Let's Encrypt, as every other CA, is not meant to obtain and won't deliver certificates for non public domains. See https://www.globalsign.com/en/blog/certificates-for-internal-servers/ for more information. This is a Globalsign doc but It explains why no CA can deliver certificates for non public domains and what your options are.
Creating you own ACME CA with boulder is indeed possible and will work with this container (this is pretty much what we're doing in the test suite). Please go to https://github.com/letsencrypt/boulder if you need help with boulder.
Thanks
I took the liberty to rename your issue so that other people in the same case might find answers more easily.