How to properly configure certbot in docker?

Question

Please help me with this problem, i have been trying to solve it for 2 days! Please, just tell me what i am doing wrong. And what i should to change to make it work! And what i should to do to take it work.

ERROR: for certbot Cannot start service certbot: network 4d3b22b1f02355c68a900a7dfd80b8c5bb64508e7e12d11dadae11be11ed83dd not found

My docker-compose file

version: '3'
services:
    nginx:
        restart: always
        build:
            context: ./
            dockerfile: ./nginx/Dockerfile
        depends_on:
            - server
        ports:
            - 80:80
        volumes:
            - ./server/media:/nginx/media
            - ./conf.d:/nginx/conf.d
            - ./dhparam:/nginx/dhparam
            - ./certbot/conf:/nginx/ssl
            - ./certbot/data:/usr/share/nginx/html/letsencrypt

    server:
        build:
            context: ./
            dockerfile: ./server/Dockerfile
        command: gunicorn config.wsgi -c ./config/gunicorn.py
        volumes:
            - ./server/media:/server/media
        ports:
            - "8000:8000"
        depends_on:
            - db
        environment:
            DEBUG: 'False'
            DATABASE_URL: 'postgres://postgres:@db:5432/postgres'
            BROKER_URL: 'amqp://user:password@rabbitmq:5672/my_vhost'

    db:
        image: postgres:11.2
        environment:
            POSTGRES_DB: postgres
            POSTGRES_USER: postgres
    certbot:
        image: certbot/certbot:latest
        command: certonly --webroot --webroot-path=/usr/share/nginx/html/letsencrypt --email artasdeco.ru@gmail.com --agree-tos --no-eff-email -d englishgame.ru
        volumes:
        - ./certbot/conf:/etc/letsencrypt
        - ./certbot/logs:/var/log/letsencrypt
        - ./certbot/data:/usr/share/nginx/html/letsencrypt

My Dockerfile

FROM python:3.7-slim AS server

RUN mkdir /server
WORKDIR /server

COPY ./server/requirements.txt /server/
RUN pip install -r requirements.txt

COPY ./server /server

RUN python ./manage.py collectstatic --noinput

#########################################

FROM nginx:1.13

RUN rm -v /etc/nginx/nginx.conf
COPY ./nginx/nginx.conf /etc/nginx/

RUN mkdir /nginx
COPY --from=server /server/staticfiles /nginx/static

nginx.conf file

user nginx;
worker_processes auto;

error_log  /var/log/nginx/error.log warn;

events {
    worker_connections  1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;


    server {
        listen 443 ssl http2;
        server_name englishgame.ru;
        
        ssl on;
        server_tokens off;
        ssl_certificate /etc/nginx/ssl/live/englishgame.ru/fullchain.pem;
        ssl_certificate_key /etc/nginx/ssl/live/englishgame.ru/fullchain.pem;
        ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
        
        ssl_buffer_size 8k;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
        ssl_prefer_server_ciphers on;
        ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
        
        location / {
            return 301 https://englishgame.ru$request_uri; 
        }
        
    }

    server {
        listen 80;

        server_name englishgame.ru;

        location ~ /.well-known/acme-challenge {
                allow all;
                root /usr/share/nginx/html/letsencrypt;
        }

        location /static {
            alias /nginx/static/;
            expires max;
        }

        location /media {
            alias /nginx/media/;
            expires 10d;
        }

        location /robots.txt {
            alias /nginx/static/robots.txt;
        }

        location /sitemap.xml {
            alias /nginx/static/sitemap.xml;
        }

        location / {
            proxy_pass        http://server:8000;
            proxy_redirect    off;

            proxy_read_timeout  60;

            proxy_set_header  Host             $host;
            proxy_set_header  X-Real-IP        $remote_addr;
            proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
        }
    }
}

Thank you for your help!

Answer 1

Alright, so based on the error ERROR: for certbot Cannot start service certbot: network 4d3b22b1f02355c68a900a7dfd80b8c5bb64508e7e12d11dadae11be11ed83dd not found , the issue is not related to any of the other services defined in your compose file, so those and your Dockerfile and nginx configuration should be irrelevant to the problem.

Then to solve the problem of "why certbot service cannot be created". Usually this kind of error happens when a network that was configured for a service has been removed manually. In this case, however, no service is even referring to a network. Thus only the hash sum is printed, not any network name.

Googling the error brings up a similar problem from let's encrypt: https://github.com/BirgerK/docker-apache-letsencrypt/issues/8 , which points to an actual docker compose issue https://github.com/docker/compose/issues/5745 .

The solution there is to run the docker compose with "--force-recreate" option to resolve the problem.

So, the problem should be fixed by running docker compose up -d --force-recreate .