Nginx Question posted in
The official documentation can be found here.

Docker wordpress/ nginx-proxy / nginx-proxy-companion – lets encrypt auto renewal – update image and restart?

We have a wordpress site on an aws ec2 that was setup to auto renew its SSL certificate via Let’s Encrypt.

The auto renewal has recently stopped and the certificate has since expired.

I have attempting to run docker exec {container_id} /app/force_renew but received this error:

ACME server returned an error: urn:acme:error:serverInternal :: The server experienced an internal error :: ACMEv1 is deprecated and you can no longer get certificates from this endpoint. Please use the ACMEv2 endpoint, you may need to update your ACME client software to do so. Visit https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430/27 for more information.

I have assumed that the jrcs/letsencrypt-nginx-proxy-companion image has since been updated to handle this required change to the ACME client — and that pulling the image and restarting the container with the new image would fix auto renewal.

If that’s a correct assumption, how can I pull the latest jrcs/letsencrypt-nginx-proxy-companion image and restart the container without disturbing the volumes attached to the the wordpress or db services?

If it’s an incorrect assumption, how do I fix the certificate auto renewal?

version: '3.1'
services:
  nginx-proxy:
    container_name: nginx-proxy
    image: jwilder/nginx-proxy:latest
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - dhparam:/etc/nginx/dhparam
      - certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
  nginx-proxy-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion:latest
    restart: always
    volumes:
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - dhparam:/etc/nginx/dhparam
      - certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
    depends_on:
      - nginx-proxy
    environment:
      DEFAULT_EMAIL: [email protected]
      NGINX_PROXY_CONTAINER: nginx-proxy
  wordpress:
    image: wordpress
    restart: always
    environment:
      WORDPRESS_DB_HOST: db
      WORDPRESS_DB_USER: myuser
      WORDPRESS_DB_PASSWORD: mypass
      WORDPRESS_DB_NAME: mydb
      VIRTUAL_HOST: mysite.com
      LETSENCRYPT_HOST: mysite.com
    volumes:
      - ./wp-content:/var/www/html/wp-content
  db:
    image: mysql:5.7
    restart: always
    environment:
      MYSQL_DATABASE: mydb
      MYSQL_USER: myuser
      MYSQL_PASSWORD: mypass
      MYSQL_RANDOM_ROOT_PASSWORD: '1'
    volumes:
      - ./mysql-data:/var/lib/mysql
    command: mysqld --sql-mode=""
volumes:
  conf:
  vhost:
  html:
  dhparam:
  certs:
Tags:

2

Answers


  1. 0

    The document has option to provide URL, set env variable as suggested.

    The ACME_CA_URI environment variable is used to set the ACME API endpoint from which the container’s certificate(s) will be requested (defaults to https://acme-v02.api.letsencrypt.org/directory).

    Login or Signup to reply.
  2. 0

    What I would suggest is to spin up a new set of containers on a different server, and to copy the content of the current volumes.
    The upgrade of the nginx-proxy-companion container shouldn’t affect the one with wordpress, but you want to be sure everything is compatible.
    Once you have all the new versions on the new server, and you verify they work as expected, you either keep that and abandon the old one, or you update the image for the companion on the old server.

    P.S.: I hope the password in the pasted yaml aren’t the ones actually in production

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search