-
Notifications
You must be signed in to change notification settings - Fork 825
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better starting flow with default certificate #956
Comments
I have the same problem. As soon as a container is down (e.g. due to maintenance or running a backup) clients start to show a certificate error as they see the |
I think that's a good idea, I'll look into it. @fschrempf that's a different issue, but also related to default certificate mechanism. When a container is down and you send an HTTPS request to its former
(There are a few others when using nginx-proxy's |
Ok, thanks @buchdag! So I can provide a default (wildcard) certificate that covers all my virtual hosts as a fallback to avoid certificate errors, right? But this certificate can't be managed (fetch, renew, etc.) by the |
Unfortunately no(t yet) , I know this is a feature that's been requested for a long time. 😞 |
Why not just save the config/state in case of restart ? |
Re-reading your initial message, I'm not certain of the exact issue you're having anymore Let say :
Unless I'm completely misremembering/misreading the code or you're losing data at some point, every 30 services should almost instantaneously become up and serve the correct certificate. When you shut down the acme-companion containers, active certificate symlinks should not be removed from the Could you provide a more precise sequence of what containers (including proxied services) you start, stop and restart and when ? 🤔 |
Hi, step:
I can see on the acme-companion logs check all my domains one after the other:
Then certificate will be good one after one. After the acme check for renewal. |
Have you successfully reproduce the issue ? Do you consider it's one real issue or a normal behavior ? |
(Bug)? description
During the start, the default certificate is present for all domains (certificate named "letsencrypt-nginx-proxy-companion")
I currently have around 30 domains, it's take time, so I receive alerts saying my domain isn't good on my monitoring tool, nextcloud clients, smartphone....
Is that possible to say to the acme-companion to start with existing certificate without verify them one by one. Or making an improvement to do it ?
The script can check them in a second step.
I suppose I can "avoid" the issue on the main domain with a mount point to have a file at
/etc/nginx/certs/default.cr
:https://github.com/nginx-proxy/acme-companion/blob/main/app/entrypoint.sh#L110-L117
But I don't think it's enough.
What's your advice ?
docker image version : 1a7f5b3bc6cf
acme-companion version : v2.2.1
nginx-proxy's Docker configuration
Click to expand!
Containers logs
Click to expand!
Docker host
The text was updated successfully, but these errors were encountered: