我使用 jwilder/nginx-proxy 和 jrcs/letsencrypt-nginx-proxy-companion 图像自动创建 ssl 证书。当服务器更新并运行 docker-compose down 和 docker-compose up -d 时,会出现以下错误:
letsencrypt_1 | [Mon Feb 8 11:48:47 UTC 2021] Please check log file for more details: /dev/null
letsencrypt_1 | Creating/renewal example.com certificates... (example.com www.example.com)
letsencrypt_1 | [Mon Feb 8 11:48:48 UTC 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
letsencrypt_1 | [Mon Feb 8 11:48:48 UTC 2021] Creating domain key
letsencrypt_1 | [Mon Feb 8 11:48:48 UTC 2021] The domain key is here: /etc/acme.sh/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5a3f373b33361a3d373b333674393537" rel="noreferrer noopener nofollow">[email protected]</a>/example.com/example.com.key
letsencrypt_1 | [Mon Feb 8 11:48:48 UTC 2021] Multi domain='DNS:example.com,DNS:www.example.com'
letsencrypt_1 | [Mon Feb 8 11:48:48 UTC 2021] Getting domain auth token for each domain
letsencrypt_1 | [Mon Feb 8 11:48:49 UTC 2021] Create new order error. Le_OrderFinalize not found. {
letsencrypt_1 | "type": "urn:ietf:params:acme:error:rateLimited",
letsencrypt_1 | "detail": "Error creating new order :: too many certificates already issued for exact set of domains: example.com,www.example.com: see https://letsencrypt.org/docs/rate-limits/",
letsencrypt_1 | "status": 429
据我了解,LetsEncrypt 允许在一周内创建有限数量的证书。 每次我必须执行 docker-compose down 和 docker-compose up -d 时,我都会使用其中一个实例来生成证书。现在我已达到限制,无法使用该服务。
- 如果没有必要,如何避免生成证书?
- 是否可以重置本周的计数器以继续使用该网站?
我的docker-compose.yml
version: "3"
services:
db:
image: postgres:12
restart: unless-stopped
env_file: ./.env
volumes:
- postgres_data:/var/lib/postgresql/data
web:
build:
context: .
restart: unless-stopped
env_file: ./.env
command: python manage.py runserver 0.0.0.0:80
volumes:
- static:/code/static/
- .:/code
#ports:
# - "8000:8000"
depends_on:
- db
nginx-proxy:
image: jwilder/nginx-proxy
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certs:/etc/nginx/certs:ro
- vhostd:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
restart: always
environment:
- NGINX_PROXY_CONTAINER=nginx-proxy
volumes:
- certs:/etc/nginx/certs:rw
- vhostd:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
nginx:
image: nginx:1.19
restart: always
expose:
- "80"
volumes:
- ./config/nginx/conf.d:/etc/nginx/conf.d
- static:/code/static
- ./../ecoplatonica:/usr/share/nginx/html:ro
env_file: ./.env
depends_on:
- web
- nginx-proxy
- letsencrypt
volumes:
.:
postgres_data:
static:
certs:
html:
vhostd:
最佳答案
我也遇到过这个问题,最后解决了。
您需要将卷添加到 nginx-proxy: 和 letsencrypt: 服务的 volumes: 部分 - 如下所示:
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certs:/etc/nginx/certs:ro
- vhostd:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- acme:/etc/acme.sh
然后在 docker-compose.yml 文件的末尾,我添加了:
volumes:
.:
postgres_data:
static:
certs:
html:
vhostd:
acme:
现在我有了持久证书。
关于nginx - "jrcs/letsencrypt-nginx-proxy-companion" docker 镜像 : too many certificates already issued for exact set of domains,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66102225/