Nginx LetsEncrypt error "/etc/letsencrypt/options-ssl-nginx.conf" no such file or directory

Question

I am trying to add https using LetsEncrypt and Nginx. I have added certbot and it ran sucessfully. Then when trying to run the Nginx server I am getting this error.

/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: error: /etc/nginx/conf.d/default.conf is not a file or does not exist
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2020/11/21 06:24:07 [emerg] 1#1: open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/nginx.conf:23
nginx: [emerg] open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/nginx.conf:23

This is my docker-compose.yml file

version: '3.7'

services:

  nginx_server:
    image: nginx:latest
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - ./data/nginx:/etc/nginx/conf.d
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    

 my-image:
    image: my-name/my-image
    ports:
      - '8088:8088'

This is my nginx.conf file inside data/nginx

server {
    listen 80;
    server_name mysite.com;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

   location / {
        proxy_pass        http://my-image:8088;
             proxy_set_header  X-Real-IP $remote_addr;
             proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header  Host $http_host;
    }
}
server {
        listen 443 ssl default_server ssl;
        server_name mysite.com;

        ssl_certificate     /etc/letsencrypt/live/mysite.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
        ssl_trusted_certificate  /etc/letsencrypt/live/mysite.com/fullchain.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

        location / {
             proxy_pass        http://my-image:8088;
             proxy_set_header  X-Real-IP $remote_addr;
             proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header  Host $http_host;
        }


}

Certbot ran successfully so I have deleted its image from docker-compose.

Any help would be appreciated. Thanks

Answer 1

I hope you have found a solution for your problem, I will share what solved my problem when I tried to use nginx & certbot in a docker env and links I used for other people who might wanna use nginx and certbot in docker.

Step 1 (Base Prepration)

1. Create a network called nginx => docker network create nginx
2. Add the docker-compose below to a folder that you wanna use as nginx base

version: '3.4'

services: 
  web:
    image: nginx:1.14.2-alpine
    restart: always
    volumes:
      - ./public_html:/public_html
      - ./conf.d:/etc/nginx/conf.d/
      - ./dhparam:/etc/nginx/dhparam
      - ./certbot/conf/:/etc/nginx/ssl/
      - ./certbot/data:/usr/share/nginx/html/letsencrypt
    ports:
      - 80:80
      - 443:443
    networks:
        - nginx
  certbot:
     image: certbot/certbot:latest
     volumes:
       - ./certbot/conf/:/etc/letsencrypt
       - ./certbot/logs/:/var/log/letsencrypt
       - ./certbot/data:/usr/share/nginx/html/letsencrypt

networks:
  nginx:
    external: true

3. Add these folders below to the same directory

• conf.d
• dhparam
• public_html

Step 2 (Configuration)

1. Add configuration file below as default.conf to the conf.d folder

server {
    listen 80;
    server_name YOUR_DOMAIN;
    root /public_html/;

    location ~ /.well-known/acme-challenge{
      allow all;
      root /usr/share/nginx/html/letsencrypt;
    }
}

2. go to dhparam folder and run the command below:

openssl dhparam -out ~/nginx/dhparam/dhparam-2048.pem 2048

Step 3 (LetEncrypt)

1. Run docker-compose up --build
2. Run the command below:

docker-compose run certbot certonly --webroot --webroot-path=/usr/share/nginx/html/letsencrypt --email YOUR_EMAIL --agree-tos --no-eff-email -d YOUR_DOMAIN

Step 4 (Modify Configuration)

1. Modify your default.conf to include ssl like below:

server {
    listen 80;
    server_name YOUR_DOMAIN;

    location ~ /.well-known/acme-challenge{
      allow all;
      root /usr/share/nginx/html/letsencrypt;
    }

    location / {
      return 301 https://YOUR_DOMAIN$request_uri;
    }
}

server {
     listen 443 ssl http2;
     server_name YOUR_DOMAIN;

     ssl on;
     server_tokens off;
     ssl_certificate /etc/nginx/ssl/live/YOUR_DOMAIN/fullchain.pem;
     ssl_certificate_key /etc/nginx/ssl/live/YOUR_DOMAIN/privkey.pem;
     ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
     
     ssl_buffer_size 8k;
     ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
     ssl_prefer_server_ciphers on;
     ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    location / {
        proxy_pass http://frontend:3000;
    }

}

2. make sure your nextjs is already running on 3000, here is my nextjs docker-compose

version: '3'
services:
    frontend:
        build:
            context: ./
        environment:
            - PORT=3000
            - NODE_ENV=production
        ports:
            - 3000:3000
        networks:
            - nginx
networks:
  nginx:
    external: true

Links

We have modified our flow a little bit and I really recommend that in case of using the steps above you also do the same thing. in case of further information you can check the links below, these guys saved me :)

• https://steveholgado.com/nginx-for-nextjs/
• https://medium.com/@eesh.t/nginx-caching-for-nextjs-app-d42430e4e82
• https://gist.github.com/Kocisov/2a9567eb51b83dfef48efce02ef3ab06