我已按照此处发布的推荐的分离容器方法的说明:https ://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion通过创建docker-compose.yml如下文件:
version: '3'
services:
nginx-proxy:
image: nginx
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- nginx-conf:/etc/nginx/conf.d
- nginx-vhost:/etc/nginx/vhost.d
- nginx-html:/usr/share/nginx/html
- ./ssl:/etc/nginx/certs:ro
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
nginx-gen:
image: jwilder/docker-gen
container_name: nginx-gen
command: -notify-sighup nginx -wait 5s:30s -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl
- nginx-conf:/etc/nginx/conf.d
- nginx-vhost:/etc/nginx/vhost.d
- nginx-html:/usr/share/nginx/html
- ./ssl:/etc/nginx/certs:ro
links:
- nginx-proxy
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
volumes:
- /path/to/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
- nginx-conf:/etc/nginx/conf.d
- nginx-vhost:/etc/nginx/vhost.d
- nginx-html:/usr/share/nginx/html
- ./ssl:/etc/nginx/certs:rw
environment:
NGINX_DOCKER_GEN_CONTAINER: nginx-gen
ACME_CA_URI: https://acme-staging.api.letsencrypt.org/directory
links:
- nginx-proxy
volumes:
nginx-conf:
nginx-vhost:
nginx-html:
但是,在运行 nginx-letsencrypt 容器时,出现以下错误:
$ docker logs nginx-letsencrypt
Sleep for 3600s
2017/04/26 18:19:37 Generated '/app/letsencrypt_service_data' from 9 containers
2017/04/26 18:19:37 Running '/app/update_certs'
2017/04/26 18:19:37 Watching docker events
Reloading nginx proxy (using separate container nginx-gen)...
Creating/renewal sandbox.graph.speakr.com certificates... (sandbox.graph.speakr.com)
2017/04/26 18:19:37 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/update_certs'
2017-04-26 18:19:38,011:INFO:simp_le:1211: Generating new account key
2017-04-26 18:19:40,038:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2017-04-26 18:19:40,875:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): letsencrypt.org
2017-04-26 18:19:41,748:INFO:requests.packages.urllib3.connectionpool:207: Starting new HTTP connection (1): sandbox.graph.speakr.com
2017-04-26 18:19:41,834:WARNING:simp_le:1303: sandbox.graph.speakr.com was not successfully self-verified. CA is likely to fail as well!
2017-04-26 18:19:41,949:INFO:simp_le:1313: Generating new certificate private key
2017-04-26 18:19:43,495:ERROR:simp_le:1271: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Is there a warning log entry about unsuccessful self-verification? Are all your domains accessible from the internet? Failing authorizations: https://acme-staging.api.letsencrypt.org/acme/authz/iAD9-HSmyVGb_kHwt0aLDRQHycIJzT3JooxEOTiTp48
Challenge validation has failed, see error log.
Debugging tips: -v improves output verbosity. Help is available under --help.
Sleep for 3600s
另外(我不太清楚我应该看到什么):
$ ls -r ssl
total 8
drwxr-xr-x 2 root root 4096 Apr 26 06:04 sandbox.graph.speakr.com/
-rw-r--r-- 1 root root 424 Apr 26 06:04 dhparam.pem
显示沙盒目录为空
我从这篇文章中看到:https ://github.com/dmp1ce/nginx-proxy-letsencrypt/issues/18有类似的问题(我看不到解决方案),但我的情况很简单
这里可能是什么问题?
-- 相关信息 --
Docker 版本 17.03.0-ce,构建 3a232c8
docker-compose 版本 1.11.2,构建 dfed245
Linux ip-10-0-3-113 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
jrcs/letsencrypt-nginx-proxy-companion(图片):“创建”:“2017-04-21T12:22:44.384018601Z”