Date:
Categories:
Development
Tags:
, , , , , ,
Comments:
0

Expected {pem} to be a symlink

I have nginx on the host running on port 80. the container for this site is running on another port. nginx on the host is responsible for ssl termination. nginx on the host does not respect the certificates in a letsencrypt containers live folder that is mounted because they are symlinks, pointing to the actually certificate in the {container path}letsencrypt/secrets/archive folder. so for ssl termination to go well, it must use those files inside of the archive folder. originally I copied all right files from archive (removing all integers from the filename. exp cert1.pem, fullchain1.pem etc) into the live folder. no symlinks now. Host was at this point is satisfied. but if I ran “certbot renew” inside of the letsencrypt container, I would get the error below.

I want to be able to use the certbot renew command. So I have to figure out a new system.

I went ahead deleted werm.pl8it.com from the live folder and ran this command

certbot certonly --webroot -w /var/www/html -m selectiont@gmail.com -d "werm.pl8it.com" --rsa-key-size 4096 --agree-tos --force-renewal

as you can see, realpath shows that the actual path is in the archive folder.

I manually created symlinks for the live folder using the archive folder then I ran

werm-react.w upload_secrets

it seems as if it ignored the sym links and did’nt bother to upload anything, which means I have to rebuild the symlinks if I ever choose to download secrets

So I build the script that initializes when the letsencrypt container starts up.

#docker cp $id_ssl:/etc/letsencrypt/accounts `get_branch_dir`/containers/letsencrypt/secrets/accounts;
#exit;
archive="/etc/letsencrypt/archive";
#echo $archive;
for DIR in $archive/*; do 
    dir_name=`basename $DIR`;
    LIVE_DIR=`dirname $archive`/live;
    for FILE in $DIR/*; do 
        #echo $FILE;
        #echo $dir_name;
        #File with no numbers
        FILE_NN=`printf '%s\n' "${FILE//[[:digit:]]/}"`
        NEW_FILE="$LIVE_DIR/$dir_name/`basename $FILE_NN`";
        echo $FILE $NEW_FILE;
        rm -rf $NEW_FILE;
        ln -s $FILE $NEW_FILE
    done
done

trap exit TERM; while :; do certbot renew && /werm/init.sh; sleep 12h & wait $${!}; done;

Leave a Reply

Your email address will not be published.