I have set up letsencrypt on my website via docker Seafile version 6.3.3, i just noticed today that our certificates just expired, so theres is and error prompt from the browser that the connection is not secured.
When i did the installation I recalled that i have set the SEAFILE_SERVER_LETSENCRYPT=true so it would auto renew the certificates, but not quite sure why it didnt auto renew, perhaps i missed something.
Anyone can give a tip on how to renew this?trying to find a solution myself i tried to enter the docker container via “docker container exec -it seafile bash” and tried to do some checking on the ssl certs and scripts.
I managed to find this script called “acme_tiny.py” followed the guide from its README.md (steps 3 and 6) and created a “renew_cert.sh”.
But i got this error when running the script.
xxxx.csr --acme-dir /var/www/challenges/ > /shared/ssl/signed.crt
Parsing account key...
Parsing CSR...
Found domains: xxxx.net
Getting directory...
Directory found!
Registering account...
Already registered!
Creating new order...
Order created!
Verifying xxxx.net...
Traceback (most recent call last):
File "/shared/ssl/letsencrypt/acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "/shared/ssl/letsencrypt/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/shared/ssl/letsencrypt/acme_tiny.py", line 144, in get_crt
raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /var/www/challenges/hPWFWg4YzfofDXJ3yvqts985PRVPFIUj2qhFIxDwqCQ, but couldn't download http://xxxx.net/.well-known/acme-challenge/hPWFWg4YzfofDXJ3yvqts985PRVPFIUj2qhFIxDwqCQ: Error:
Url: http:/xxxx.net/.well-known/acme-challenge/hPWFWg4YzfofDXJ3yvqts985PRVPFIUj2qhFIxDwqCQ
Data: None
Response Code: None
Response: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>
Managed to solve this issue by installing certbot inside the seafile docker container. I just followed the guide from their website certbot.eff.org/lets-encrypt/ubuntubionic-nginx. And everything went smooth.
But need to take note that restarting the running docker seafile container from the base OS is required inorder for it to take effect.
I have tried a “service nginx reload” inside the seafile docker container but it doesnt happen to refresh the new cert.
Apart from the downtime by needing to restart the seafile docker container, everything now is in order.
I suggest to include some info regarding lets encrypt renewals inside docker in the official seafile documentation, this might help people that might stumble on this error in the future.
Hi JC,
Exact same problem here. Did you install certbot using snapd as per the default instructions? snapd installs fine but snap install core fails:
root@0005b9f187e7:/opt/seafile# snap install core
error: cannot communicate with server: Post [http removed]://localhost/v2/snaps/core: dial unix /run/snapd.socket: connect: no such file or directory
Thanks
If anyone else get this problem the two key steps that got me out of the loop was:
1.- Get into the seafile container.
2.- Modify the nginx commenting the server 443 part (leavy just port 80 server).
3.- Reload nginx: nginx -s reload ( now It will not give you error)
4.- execute from /scripts next command:
./ssl.sh /shared/ssl xxxyour-domainxxxx.blabla.org
( it should end up without error)
5.- Modify again nginx configuration file leave it as it was before step 2.
7.- Reload nginx again: nginx -s reload
8.- After last step you will recover your seafile but if you want, you can recreate the stack / compose and it should keep working fine now.
6.- Get out of the container and if you want to check.
My original error was:
nginx: [emerg] BIO_new_file("/shared/ssl/domain.blabla.org.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/domain.blabla.org.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
the domain.blabla.org.crt file was EMPTY at the begining I don’t know why.