no resolver defined to resolve ocsp.int-x3.letsencrypt.org while requesting certificate status
See original GitHub issueThere seems to be an error with the DNS resolver every now and then, when using nginx-proxy
together with docker-letsencrypt-nginx-proxy-companion
. Nginx will say this:
2019/03/21 15:48:15 [warn] 9#9: no resolver defined to resolve ocsp.int-x3.letsencrypt.org while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, certificate: "/etc/nginx/certs/*******.com.crt"
And the https node will stay offline (status 502). I deploy again, and then it goes fine.
Unfortunately this is not easily reproducible. It seems to happen randomly. Sometimes everything works as expected, and sometimes I need to deploy two or three times before this error disappears and the upstream node will become available.
I have initially reported this at https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion/issues/524
Today I received this from a different app on deploy:
2019/03/27 18:06:43 [warn] 8#8: no resolver defined to resolve ocsp.int-x3.letsencrypt.org while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org, certificate: "/etc/nginx/certs/<VIRTUAL_HOST>.crt"
2019/03/27 18:06:46 [error] 8#8: *1 connect() failed (113: No route to host) while connecting to upstream, client: <SERVER_PUBLIC_IP>, server: <VIRTUAL_HOST>, request: "GET / HTTP/2.0", upstream: "<VIRTUAL_HOST_IP>", host: "<VIRTUAL_HOST>"
I am not sure the second message is always there.
Here is the abridged docker-compose.yml
for the latter:
version: "3.5"
services:
dashboard:
image: redsandro/dashboard
container_name: rs-dashboard
depends_on:
- nginx
- nginx-gen
- nginx-letsencrypt
networks:
- proxy
environment:
VIRTUAL_HOST: dashboard.example.com
VIRTUAL_PORT: 8080
LETSENCRYPT_HOST: dashboard.example.com
LETSENCRYPT_EMAIL: email@example.com
api:
image: redsandro/api
container_name: rs-api
depends_on:
- db
networks:
- proxy
ports:
- '25:25'
environment:
VIRTUAL_HOST: api.example.com
VIRTUAL_PORT: 9080
LETSENCRYPT_HOST: api.example.com
LETSENCRYPT_EMAIL: email@example.com
db:
image: mongo:4.0
container_name: rs-db
restart: always
nginx:
image: nginx
container_name: nginx
restart: always
networks:
- proxy
ports:
- 80:80
- 443:443
volumes:
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs
nginx-gen:
image: jwilder/docker-gen
container_name: nginx-gen
command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
restart: always
networks:
- proxy
volumes:
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs
- ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
restart: unless-stopped
volumes:
- conf.d:/etc/nginx/conf.d
- vhost.d:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
NGINX_DOCKER_GEN_CONTAINER: nginx-gen
NGINX_PROXY_CONTAINER: nginx
networks:
proxy:
external:
name: proxy
volumes:
conf.d:
vhost.d:
html:
certs:
Issue Analytics
- State:
- Created 4 years ago
- Comments:10
where are you from?
Hi @dm17
To answer you first questions, if you study @Redsandro initial post, you will see in the docker file that he is “persisting” the nginx proxy config files, so they are visible to you on the docker host, outside of the container. As to how to set the environment variables, there is also an example in the initial post, under the nginx-letsencryp section of the docker-compose file.
In terms of docker-compose down and docker-compose up not making any changes, this is the way it is supposed to work, to make docker-compose apply the changes you made in the docker.compose.yml file, use the --force-recreate option: docker-compose up --force-recreate If it does not complain, take it down the bring it back up in the background wth the -d option.
I would recommend that you consult the docker-compose documentation if you are unclear of how all this works. https://docs.docker.com/compose/