Too many issued certs for domains

[Sveeeeeen]

Hello,

I am using ZeroSSL and have noticed that I am creating multiple certificates for the same domain. I use named volumes for the certificates as it says in the wiki (https://github.com/nginx-proxy/acme-companion/wiki/Persistent-data).

To install my container updates, I use watchtower. I suspect that the problem comes when updating, but I don't know exactly why the problem occurs.

Anyone have an idea why more than one certificate is issued?
I have like 4 certs for all of my domains in my ZeroSSL control panel.

Watchtower command:

docker run -it --rm \
--name watchtower \
--label=com.centurylinklabs.watchtower.enable=false \
-e TZ=Europe/Berlin \
-e WATCHTOWER_CLEANUP=true \
-e WATCHTOWER_INCLUDE_STOPPED=true \
-e WATCHTOWER_DEBUG=true \
-e WATCHTOWER_RUN_ONCE=true \
-v /root/.docker/config.json:/config.json \
-v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower\ && docker image rm containrrr/watchtower

Nginx compose:

version: '3.8'
services:
  nginx:
    image: "jwilder/nginx-proxy:alpine"
    container_name: "nginx-proxy"
    ports:
      - "80:80"
      - "443:443"
    networks:
      - webserver
      - webserver6
    restart: always
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - certs:/etc/nginx/certs
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - dhparam:/etc/nginx/dhparam
    environment:
      - ENABLE_IPV6=true
      - SSL_POLICY=Mozilla-Modern
###############################################################
  letsencrypt:
    image: "nginxproxy/acme-companion"
    container_name: "nginxproxy-acme-companion"
    network_mode: bridge
    restart: always
    environment:
      - DEFAULT_EMAIL=xxxxxxxxxxxxxxx
      - ACME_CA_URI=xxxxxxxxxxxxxxx
      - ACME_EAB_KID=xxxxxxxxxxxxxxx
      - ACME_EAB_HMAC_KEY=xxxxxxxxxxxxxxx
      - ZEROSSL_API_KEY=xxxxxxxxxxxxxxx

    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    volumes_from:
      - nginx
    depends_on:
      - nginx
    labels:
       com.centurylinklabs.watchtower.depends-on: nginx

volumes:
    certs:
       external: false 
    vhost:
       external: false 
    html:
       external: false 
    dhparam:
       external: false 
  
# networks
networks:
  webserver:
    name: webserver
    driver: bridge
  webserver6:
    name: webserver6
    driver: bridge
    enable_ipv6: true
    ipam:
      config:
        - subnet: 2001:db8:2::/64
          gateway: 2001:db8:2::1

[buchdag]

Hi.

I am using ZeroSSL and have noticed that I am creating multiple certificates for the same domain.

Could you try to clarify the issue you're experiencing ?

[Sveeeeeen]

Hi.

I am using ZeroSSL and have noticed that I am creating multiple certificates for the same domain.

Could you try to clarify the issue you're experiencing ?

I have a domain, let's call it example.tld. In my ZeroSSL dashboard, I have like 20 issued ssl certs for this domain.
This usually happens when I am updating the container by using watchtower. Instead, using the old cert acme creating a new one.

[buchdag]

The nginxproxy/acme-companion container requires a volume mounted to /etc/acme.sh for certificate persistance since version 2.0.0.

Check this paragraph at the beginning of the README:

Required read if you use the latest version : the v2.0.0 release of this project mark the switch of the ACME client used by the Docker image from simp.le to acme.sh. This switch result in some backward incompatible changes, so please read this issue and the updated docs for more details before updating your image. The single most important change is that the container now requires a volume mounted to /etc/acme.sh in order to persist ACME account keys and SSL certificates. The last tagged version that uses simp_le is v1.13.1.