Seafile on Docker-Lets encrypt auto renew failed


I have set up letsencrypt on my website via docker Seafile version 6.3.3, i just noticed today that our certificates just expired, so theres is and error prompt from the browser that the connection is not secured.

When i did the installation I recalled that i have set the SEAFILE_SERVER_LETSENCRYPT=true so it would auto renew the certificates, but not quite sure why it didnt auto renew, perhaps i missed something.

Anyone can give a tip on how to renew this?trying to find a solution myself i tried to enter the docker container via “docker container exec -it seafile bash” and tried to do some checking on the ssl certs and scripts.

I managed to find this script called “” followed the guide from its (steps 3 and 6) and created a “”.

But i got this error when running the script.

    xxxx.csr --acme-dir /var/www/challenges/ > /shared/ssl/signed.crt
    Parsing account key...
    Parsing CSR...
    Found domains:
    Getting directory...
    Directory found!
    Registering account...
    Already registered!
    Creating new order...
    Order created!
    Traceback (most recent call last):
      File "/shared/ssl/letsencrypt/", line 198, in <module>
      File "/shared/ssl/letsencrypt/", line 194, in main
        signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER,, disable_check=args.disable_check, directory_url=args.directory_url,
      File "/shared/ssl/letsencrypt/", line 144, in get_crt
        raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
    ValueError: Wrote file to /var/www/challenges/hPWFWg4YzfofDXJ3yvqts985PRVPFIUj2qhFIxDwqCQ, but couldn't download Error:
    Url: http:/
    Data: None
    Response Code: None
    Response: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>

(i replaced our domain with xxx)

What might be going on here?

Hi all,

Managed to solve this issue by installing certbot inside the seafile docker container. I just followed the guide from their website And everything went smooth.

But need to take note that restarting the running docker seafile container from the base OS is required inorder for it to take effect.

I have tried a “service nginx reload” inside the seafile docker container but it doesnt happen to refresh the new cert.

Apart from the downtime by needing to restart the seafile docker container, everything now is in order.

I suggest to include some info regarding lets encrypt renewals inside docker in the official seafile documentation, this might help people that might stumble on this error in the future.


Hi JC,
Exact same problem here. Did you install certbot using snapd as per the default instructions? snapd installs fine but snap install core fails:
root@0005b9f187e7:/opt/seafile# snap install core
error: cannot communicate with server: Post [http removed]://localhost/v2/snaps/core: dial unix /run/snapd.socket: connect: no such file or directory

hi there,

If anyone else get this problem the two key steps that got me out of the loop was:

1.- Get into the seafile container.
2.- Modify the nginx commenting the server 443 part (leavy just port 80 server).
3.- Reload nginx: nginx -s reload ( now It will not give you error)
4.- execute from /scripts next command:
./ /shared/ssl
( it should end up without error)
5.- Modify again nginx configuration file leave it as it was before step 2.
7.- Reload nginx again: nginx -s reload
8.- After last step you will recover your seafile but if you want, you can recreate the stack / compose and it should keep working fine now.
6.- Get out of the container and if you want to check.

My original error was:

nginx: [emerg] BIO_new_file("/shared/ssl/") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/','r') error:2006D080:BIO routines:BIO_new_file:no such file)

the file was EMPTY at the begining I don’t know why.

1 Like

ego’s solution worked well for me and solved the issue!

1 Like

thanks, I run in this issue also and your solution works

1 Like