I am using Ubuntu on my host machine, and I have a docker container also running Ubuntu that contains an ASP .NET website. Now the issue is I can’t seem to figure out how to get the container to mount my SSL keys from my host machine. My docker-compose.yml file has the following volumes specified.
volumes:
- /etc/letsencrypt/archive/example.com/fullchain.pem:/etc/ssl/certs/fullchain.pem:ro
- /etc/letsencrypt/archive/example.com/privkey.pem:/etc/ssl/private/privkey.pem:ro
- app-data:/app/data
- app-data:/root/.aspnet/DataProtection-Keys
volumes:
app-data:
I also verified these files exist by using cat /etc/letsencrypt/archive/example.com/privkey1.pem
and cat /etc/letsencrypt/archive/example.com/fullchain1.pem
which all worked perfectly. But when I compose my container, I always get the following errors because it can’t seem to find the file.
Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, String fileName, String password)
I also ensured the permissions are right by running the following to no avail.
sudo chmod 644 /etc/letsencrypt/archive/example.com/fullchain1.pem
sudo chmod 600 /etc/letsencrypt/archive/example.com/privkey1.pem
sudo chmod 755 /etc/letsencrypt/archive
sudo chmod 755 /etc/letsencrypt/archive/example.com
Next, I tried manually starting the container, but I get the same error where the container instantly closes due to the exception.
docker run -it --rm \
-v /etc/letsencrypt/archive/example.com/fullchain1.pem:/etc/ssl/certs/fullchain.pem:ro \
-v /etc/letsencrypt/archive/example.com/privkey1.pem:/etc/ssl/private/privkey.pem:ro \
server /bin/bash
Lastly, here is my Program class which is trying to read the HTTPS cert which is what is generating the actual no file found exception.
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>()
.UseKestrel(options =>
{
options.ListenAnyIP(80); // HTTP
options.ListenAnyIP(443, listenOptions =>
{
listenOptions.UseHttps("/etc/ssl/certs/fullchain.pem", "/etc/ssl/private/privkey.pem");
});
});
});
}