[Solved] Nginx can't find the certificate in named volume with docker-compose

General
1

Hi, I’m trying to use nginx and certbot with docker/docker-compose and I got some issue. Nginx only able to read certificate generated by certbot with docker run command but not docker-compose up. The command and configurations are almost the same while cmd version work smoothly, docker-compose just can’t get it running. Please help.

command line:

docker run -it --rm \
  --mount source=certbot-cert,destination=/etc/letsencrypt,readonly \
  --mount type=bind,source="$(pwd)"/data/acme,target=/usr/share/nginx/html \
  --mount type=bind,source="$(pwd)"/data/nginx.conf.production,target=/etc/nginx/conf.d/default.conf \
  -p 80:80 -p 443:443 \
  nginx:latest

docker-compose.yml:

version: '3.2'

services:
        nginx:
                image: nginx:latest
                ports:
                        - "80:80"
                        - "443:443"
                volumes:
                        - type: volume
                          source: certbot-cert
                          target: /etc/letsencrypt


                        - type: bind
                          source: ./data/nginx.conf.production
                          target: /etc/nginx/conf.d/default.conf

                        - type: bind
                          source: ./data/acme
                          target: /usr/share/nginx/html

volumes:
        certbot-cert:

output

Creating network "docker-nginx-certbot_default" with the default driver
Recreating docker-nginx-certbot_nginx_1 ... done
Attaching to docker-nginx-certbot_nginx_1
nginx_1  | 2018/11/01 09:58:16 [emerg] 1#1: BIO_new_file("/etc/letsencrypt/live/testing.do.sparvojo.pw/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/testing.do.sparvojo.pw/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx_1  | nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/testing.do.sparvojo.pw/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/testing.do.sparvojo.pw/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
docker-nginx-certbot_nginx_1 exited with code 1

certificate generation command line

docker run -it --rm \
	--mount source=certbot-cert,destination=/etc/letsencrypt \
	--mount type=bind,source="$(pwd)"/data/acme,target=/data/acme \
	--mount type=bind,source="$(pwd)"/data/var/log/letsencrypt,target=/var/log/letsencrypt \
	certbot/certbot certonly \
	--webroot \
	--register-unsafely-without-email \
	--agree-tos \
	--webroot-path=/data/acme \
	--staging \
	--rsa-key-size 3072 \
	--must-staple \
	--staple-ocsp \
	-d testing.do.sparvojo.pw
2

Maybe docker-compose doesn’t like the relative path for your source? Why not try an absolute path? If the absolute path works, then if you have a docker doument saying a relative path should work, raise a bug issue.

3

I found the issue. It is my bad that didn’t read the documentation completely. docker-compose will create volume with a prefix, hence not accessing the intended named volume. Correct syntax should be:

volumes:
    certbot-cert:
        external: true