Keep getting connection refused about nginx-certbot HOT 10 CLOSED

I was facing the same issue, but it worked for me:

Docker Compose

version: "3"

services:
    certbot:
        image: certbot/certbot
        restart: unless-stopped
        volumes:
            - ./data/certbot/conf:/etc/letsencrypt
            - ./data/certbot/www:/var/www/certbot
        entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

    nginx:
        image: nginx
        volumes:
            - ./data/nginx:/etc/nginx/conf.d
            - ./data/certbot/conf:/etc/letsencrypt
            - ./data/certbot/www:/var/www/certbot
        ports:
            - "80:80"
            - "443:443"
        depends_on:
            - certbot
            - my-backend
        restart: unless-stopped
        command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"

    my-backend:
        image: my-register/my-backend:latest
        ports:
            - "8080:8080"
        restart: unless-stopped

NGINX

server {
    listen 80 default_server;
    server_name my-backend-domain.com.br;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name my-backend-domain.com.br;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/my-backend-domain.com.br/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/my-backend-domain.com.br/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://my-backend-domain:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

IMPORTANT: ensure your DNS is pointed to your instance/IP correctly.

from nginx-certbot.

I fixed my concern by switching to Caddy, since i just needed a simple way to setup a reverse proxy with HTTPS handling, and Caddy was perfect since with just two lines of code it does all of that.

However, if you want to know more about my issue, I think I was just pointing to the wrong container IP, cause I wasn't pointing to the docker gateway IP, but to the container IP, which of course is private and you can't access to it.

from nginx-certbot.

@devsheva thanks for pointing to Caddy! It is really hassle-free :-)

from nginx-certbot.

I met this problem too. Have you solved it?

from nginx-certbot.

Same here, anyone has a solution?

from nginx-certbot.

It works with .com domain, make sure you replace all example.org in both data/nginx/app.conf and init.letsencrypt.sh , but for example, it doesnt work for the same domain thats on .rs

from nginx-certbot.

It works with .com domain, make sure you replace all example.org in both data/nginx/app.conf and init.letsencrypt.sh , but for example, it doesnt work for the same domain thats on .rs

That explains it for me then. I'm using a .au address and get the same issue. Do you know why this occurs?

from nginx-certbot.

So I just solved it as well, but my changes appear to be different to yours.
This was my app.conf file:

NGINX

server {
    listen 80;
    server_name _my-redacted-webaddress.au_;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name _my-redacted-webaddress.au_;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/_my-redacted-webaddress.au_-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/_my-redacted-webaddress.au_-0001/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass  http://_my-redacted-webaddres.au_;
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    }
}

Btw, note the directory for the ssl certificates. In the repo and guide, the address doesn't have the 0001 suffix. So it initially didn't work for me. I had a look in the container, and for me this was the folder than that was generated for me. I updated the app.conf to reflect this.

It still wasm't working, and I learnt that the configuration file normally includes a configuration for proxying requests to your backend server. It's my understanding that based on the proxy_pass directive in the HTTPS server block, I was proxying requests to http://my-redacted-webaddress.au, however it appears I should be replacing this with the actual URL of the backend server, which could be running in a separate Docker container.

But in my case, my nginx container is serving the content of my website directly from a local site-content directory, without proxying requests to any backend server. Therefore, I don't need to include the proxy_pass directive in the app.conf file. So I modified the HTTPS server block to serve the content directly from the site-content directory, like this:

NGINX

server {
    listen 443 ssl;
    server_name _my-redacted-webaddress.au;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/_my-redacted-webaddress.au_-0001/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/_my-redacted-webaddress.au_-0001/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    root /usr/share/nginx/html;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

It also meant I could get rid of the lines:

NGINX

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Now it's running fine at https://my-redacted-webaddress.au
I'm just learning though so might not be following best practices.

from nginx-certbot.

Wow, that looks really good. I didn't know about Caddy. Cheers!

from nginx-certbot.

In my case, There are two reasons it doesn't work for me

1. I was using docker-compose-staging.yml file in docker compose.
   But in script , it used docker-compose.yml default.

2. I was adding new domain and then it didn't include ssl_certificate correctly.
   So nginx was not loaded.

After two problem I had solved, it worked well.

from nginx-certbot.