Automated configuration not working properly

[kfitgitds24]

Currently setting up a server, where I run nginx-proxy together with jrcs/letsencrypt-nginx-proxy-companion. From logs I noticed the companion tried getting new certificates after each docker compose up, until it reached rate limit. I investigated further and found out the nginx.tmpl is written in a way that instructs the companion to look for certificates and keys with .crt and .key extensions (respectively), but the companion obtained certificates and keys all end with .pem. Also the pathing per domain never worked.

Okay so I changed the nginx.tmpl to fit my configuration, by doing this:

    ssl_certificate /etc/nginx/certs/{{ $vhost.cert }}/fullchain.pem;
    ssl_certificate_key /etc/nginx/certs/{{ $vhost.cert }}/key.pem;

    # For dhparam.pem, since it's stored directly under /etc/nginx/certs/

            {{- if (exists "/etc/nginx/certs/dhparam.pem") }}
    ssl_dhparam /etc/nginx/certs/dhparam.pem;
            {{- end }}

    # For chain.pem, adjust the path to be within the vhost's directory

            {{- if (exists (printf "/etc/nginx/certs/%s/chain.pem" $vhost.cert)) }}
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate {{ printf "/etc/nginx/certs/%s/chain.pem" $vhost.cert }};
            {{- end }}

And surprisingly, when I left the containers running overnight, in the morning everything ran as it should - the letsencrypt companion saw the certificates, didn't try to acquire new ones. Then I restarted containers and the same old "rate limit" is here.

My nginx.tmpl still has the changes inside, but when I run manually docker-gen /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf in my nginx-proxy container, the resulting default.conf file says "No certificate found for this vhost, so use the default certificate...". Automated runs (like scheduled nginx -s reload) always end up over-writing the default.conf file.

Any ideas on why is this happening?

[buchdag]

Hi.

I think you should check the versions of acme-companion and nginx-proxy (or the nginx.tmpl file) you're using, double check the acme-companion documentation (because the certificate generation on every container startup sounds a bit like you upgraded from v1 to v2 without the required configuration changes) and remove your certificate related customisations to the nginx.tmpl file.

acme-companion is meant to and does work out of the box with the current nginx-proxy / nginx.tmpl version.