-
Notifications
You must be signed in to change notification settings - Fork 822
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Standalone Certificate #368
Comments
I would also like to know this. |
This docker container makes use of the simp_le client, a lightweight letsencrypt client. https://github.com/zenhack/simp_le You can try running that command on start, and stick it in the auto renew code. |
An experimental version of this feature inspired by @ymettier PR #220 has been added to This instructions are here. Any feedback is welcome. |
Just tested this feature, works like a charm. Personally really need this in production yesterday... 😺 |
@ladrua for now they're not picked up at all, meaning you'll either have to
|
Thanks. Thats fine. I had some issues all of a sudden on a new build of dev, had to |
Oh, And in |
@ladrua I pushed two more commits to |
@buchdag Thanks! I'll have a go later. Also, does it create the challenge configs even though renewal is not necessary? Must it? Just realized that this recreation happend every time(hour) the service was triggered. So if I manually deleted the standalone confs, they came back an hour later. |
And another thought, how are we sure the challange configs are used in favour of the manual configs you have for the underlying services during renewal/generation? Do we need some sort of naming convention for the manual configs? I have added a subfolder to the conf.d directory called |
Yes, because The situation is the same for the certificate that are created from containers environment variables,
I can't answer with certainty yet, that's why this feature is considered experimental for now. |
I see, I guess there must be a naming convention for the standalone configs(maybe matching the LETSENCRYPT_STANDALONE_CERTS array defeintions?), and the service disable/re-enable them somehow? |
Just did a rebuild, I now get this error from docker logs
The full output of the log, there are two domains(example.com and example2.com), the first Create/renewal succeedes, but it seems that it leaves the config behind, and then the second Create/renew fails. |
I've pushed a new commit with the
The expected behavior is (no matter what happen to the certificate):
No idea why |
Sorry, I did update my comment a bit with a bit more detailed information. |
I think you need to remove the fix for the |
It still leaves my
|
Done. I also changed the test unit slightly to cover making change to
The most straightforward and simple solution is probably just to name the config file
Could you try to remove the certificate covering the domain whose challenge is failing from |
Looks good to me with the latest changes, but the change of name convention to |
I don't understand why it would not work, "working" here being the domain specific, self generated conf file loading after Unless I'm mistaken, a conf file starting with an |
Sorry, I was thinking about it all wrong. Yes, it should be fine 👍 |
Thanks, I really appreciate that you took the time to test this and give feedback. I'd like a bit more user testing and feedback (even just "yup it works") from people with different setups before merging it into I'll keep |
@ymettier @mossholderm @ryneeverett @ForsakenHarmony @augusteo @Pimmetje @hamon-e @Panderine @CWempe @flocomkoko @cphamlet @hadrien-toma @kosli @VeeeneX @felixsteghofer @curtiszimmerman You manifested interest at some point for the ability to generate "standalone" certificates with letsencrypt-nginx-proxy-companion (ie certificate not created from a Docker container environment variables). A beta version of this feature, inspired by @ymettier #220 has been merged to the Instructions are here : https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/wiki/Standalone-certificates-(beta) If you are still using letsencrypt-nginx-proxy-companion and are still interested by this feature, test and feedback would be super helpful. Sorry in advance if the mention for an old topic bothered you. |
Cool! I have use cases for this, and some of them are weird edge cases. Thanks for the tag! I'll check it out. |
@buchdag I just updated with the docker image, and I am still having issue that the standalone-cert*.conf files are beeing created at every check, and then not removed in conf.d folder. Casuing problems with overriding some of my configs that are imported after the conf.d import. Other then that, it is working great! |
That's weird, I've tried adding special checks for that in the test unit, and the resulting build pass without issues. Are you sure you pulled or build an up to date version and those aren't leftovers files from a previous |
I updated the
|
@buchdag I cant actually be sure that they werent left there from previous build. Will try and do some more tests this evening. Thank you! |
@ladrua the |
I can confirm that its working as expected now. Have it running on two different live environments, and its looking good so far. |
Anything else to report from people who tested this feature (or are currently using it) ? I'm considering it for merging into the master branch in the coming weeks. |
All I can say is that I've been running them since I last mentioned it, in two production environments, without any issues. |
The patch for this in the |
Yet the test still passes using the latest As far as I can tell the current nginx images are still listening on port 80. Could you provide more info about the issue you are experiencing ? |
Sorry it took soooooo long to merge but this feature is now in |
Is it possible to request a standalone certificate for further use (in my case a simple Mail server), that is autorenewed by the nginx-letsencrypt container without spinning up an container, that is basically useless?
I was thinking of something like
docker exec nginx-letsencrypt /app/request....
Parallel to this "standalone cert" i would like to use the complete functionality of this nice container including the proxy for other services (in my case for a simple wiki and a nextcloud instance).
The text was updated successfully, but these errors were encountered: