I'm trying to make a secure docker proxy as a proof of concept. This seems like it's close to working (port 80 works and the "It Works!" page comes up for b.example.com). However, the console shows an error on generating keys.
docker-compose.yml:
version: '2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- ./certs:/etc/nginx/certs:ro
- /etc/nginx/vhost.d
- /usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
volumes:
- ./certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes_from:
- nginx-proxy:rw
environment:
- LETSENCRYPT_TEST=true
site-b:
image: httpd
networks:
- reverse-proxy
- back
environment:
- VIRTUAL_PORT=1234
- VIRTUAL_HOST=b.example.com
- LETSENCRYPT_HOST=b.example.com
Error:
nginx-letsencrypt_1 | 2018-04-27 11:41:40,244:ERROR:simp_le:1446: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Are all your domains accessible from the internet? Please check your domains' DNS entries, your host's network/firewall setup and your webserver config. If a domain's DNS entry has both A and AAAA fields set up, some CAs such as Let's Encrypt will perform the challenge validation over IPv6. If your DNS provider does not answer correctly to CAA records request, Let's Encrypt won't issue a certificate for your domain (see https://letsencrypt.org/docs/caa/). Failing authorizations: https://acme-v01.api.letsencrypt.org/acme/authz/HsDmBtfcqucZ2j7gT5rGkCf1ESqHaxbkNxZRRWwXfFQ
