Nginx + letsencrypt error

Hello friends,

When I build and run the docker-compose file, I get an error like the following.
I want to do ssl with letsencrypt on nginx.

thank you in advance for your help.
Thank you

RUN code: sudo docker-compose -f up --build

version: '3'
      context: .
      dockerfile: Dockerfile.nginx
      private: {}
      - "443:443"
      - "80:80"
      - ./certificates:/usr/share/nginx/certificates
private: {}


FROM nginx:alpine
RUN apk add --no-cache inotify-tools certbot openssl ca-certificates
COPY nginx-letsencrypt
COPY ./nginx/nginx.conf /etc/nginx/conf.d/default.conf
COPY ssl-options/ /etc/ssl-options
RUN chmod +x nginx-letsencrypt && \
    chmod +x && \
    mkdir -p /usr/share/nginx/certificates
VOLUME ["/usr/share/nginx/certificates"]
ENTRYPOINT ["./nginx-letsencrypt"]


upstream upstream_server{
  server app:3000;
server {
  listen 80;
  # docker dsn resolver for private networks
#  resolver;
  server_name localhost;
  location /.well-known/acme-challenge/ {
    root /var/www/certbot;
  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_redirect off;
    set $target http://upstream_server;
    proxy_pass $target;
  error_page 500 502 503 504 /50x.html;
  location = /50x.html {
  root /usr/share/nginx/html;
server {
  listen 443 ssl;
  server_name localhost;
  ssl_certificate /usr/share/nginx/certificates/fullchain.pem;
  ssl_certificate_key /usr/share/nginx/certificates/privkey.pem;
  include /etc/ssl-options/options-nginx-ssl.conf;
  ssl_dhparam /etc/ssl-options/ssl-dhparams.pem;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_redirect off;
    set $target http://upstream_server;
    proxy_pass $target;

Successfully tagged testfiles_nginxproxy:latest
Creating testfiles_nginxproxy_1 … done
Attaching to testfiles_nginxproxy_1
nginxproxy_1 | + ‘[[’ ‘!’ -f /usr/share/nginx/certificates/cert.crt ]]
nginxproxy_1 | + openssl genrsa -out /usr/share/nginx/certificates/privkey.pem 4096
nginxproxy_1 | Generating RSA private key, 4096 bit long modulus (2 primes)
nginxproxy_1 | …++++
nginxproxy_1 | …++++
nginxproxy_1 | e is 65537 (0x010001)
nginxproxy_1 | + openssl req -new -key /usr/share/nginx/certificates/privkey.pem -out /usr/share/nginx/certificates/cert.csr -nodes -subj ‘/C=PT/ST=World/L=World/O=localhost/OU=Myebsite/CN=localhost/’
nginxproxy_1 | req: Skipping unknown attribute “EMAIL”
nginxproxy_1 | + openssl x509 -req -days 365 -in /usr/share/nginx/certificates/cert.csr -signkey /usr/share/nginx/certificates/privkey.pem -out ‘/usr$’
nginxproxy_1 | Signature ok
nginxproxy_1 | subject=C = PT, ST = World, L = World, O = localhost, OU = Mywebsite, CN = localhost
nginxproxy_1 | Getting Private key
nginxproxy_1 | + nginx -g ‘daemon off;’
nginxproxy_1 | + inotifywait -e close_write /usr/share/nginx/certificates
nginxproxy_1 | + :
nginxproxy_1 | + /opt/
nginxproxy_1 | + Setting up watches.
nginxproxy_1 | Watches established.
nginxproxy_1 | ‘[[’ ‘!’ -f /var/www/certbot ]]
nginxproxy_1 | + mkdir -p /var/www/certbot
nginxproxy_1 | + certbot certonly --config-dir /etc/letsencrypt --agree-tos --domains localhost --email --expand --noninteractive --webroot --webroot-path /var/www/certbot
nginxproxy_1 | 2019/11/16 20:36:30 [emerg] 11#11: no “ssl_certificate” is defined for the “listen … ssl” directive in /etc/nginx/conf.d/default.conf:35
nginxproxy_1 | nginx: [emerg] no “ssl_certificate” is defined for the “listen … ssl” directive in /etc/nginx/conf.d/default.conf:35
testfiles_nginxproxy_1 exited with code 1

can we solve the source of the problem?
Is there any that can help?

I think it‘s kind of a Chicken & Egg problem, you need a Certificate to run Nginx, but you need a running Nginx, to request a (new) Certificate.

You can solve it by creating a Self-Signed Certificate (e.g. using OpenSSL) and drop that to the place where Nginx expects it, and than just start it up. Afterwards let Certbot do it‘s magic, to create a real Certificate.

You can fing a more detailed description in this article:
And there is also a related git repo that contains a script to do that automatically for you:

But be careful, Let‘s Encrypt hase a rate limit for production certificate requests.
So be carefull to not lock yourself out, while testing…

I am not a Nginx expert, but it seems to me that all location directives should be inside the server directive, and currently they aren’t. Also you have nested location directives that I think they aren’t necessary Myloweslife