Certbot failed to authenticate some domains не могу понять как это исправить
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: procleaning.kg
Type: connection
Detail: (ip-adress): Fetching http://procleaning.kg/.well-known/acme-challenge/J5euZMCyWKJ-8VAaKoqgAJ-oMYrbhFkFCjb0xWmHYc8: Connection refused
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
docker-compose.yml
version: "3"
services:
db:
image: postgres:12
container_name: db
volumes:
- ~/.pg/pg_data/app:/var/lib/postgresql/data
ports:
- "5434:5432"
environment:
POSTGRES_DB: ${DB_NAME}
POSTGRES_USER: ${DB_USER}
POSTGRES_PASSWORD: ${DB_PASSWORD}
env_file:
- .env
web:
build:
context: .
dockerfile: Dockerfile
container_name: djangowebsite
environment:
DJANGO_SUPERUSER_USERNAME: ${DJANGO_SUPERUSER_USERNAME}
DJANGO_SUPERUSER_EMAIL: ${DJANGO_SUPERUSER_EMAIL}
DJANGO_SUPERUSER_PASSWORD: ${DJANGO_SUPERUSER_PASSWORD}
ports:
- "8080:80"
env_file:
- .env
depends_on:
- db
volumes:
- static_volume:/app/static
- media_volume:/app/media
command: >
/bin/sh -c "
/app/wait-for-it.sh db:5432 -- python manage.py makemigrations &&
python manage.py migrate &&
python manage.py runserver 0.0.0.0:80"
nginx:
build:
dockerfile: ./Dockerfile
context: ./docker/nginx/
container_name: app_nginx
image: app_nginx
volumes:
- www-html:/var/www/html
- /docker/nginx:/etc/nginx/conf.d
- etc-letsencrypt:/etc/letsencrypt
- static_volume:/app/static
- media_volume:/app/media
depends_on:
- web
env_file:
- .env
ports:
- "80:80"
certbot:
image: certbot/certbot
depends_on:
- nginx
container_name: certbot
volumes:
- etc-letsencrypt:/etc/letsencrypt
- www-html:/var/www/html
command: certonly --standalone --email [email protected] --agree-tos --no-eff-email -d procleaning.kg
volumes:
static_volume:
media_volume:
www-html:
etc-letsencrypt:
nginx.conf:
upstream web {
server web:80;
}
server {
listen 80;
listen [::]:80;
server_name procleaning.kg;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
location / {
proxy_pass http://web;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Nginx-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_pass_header Set-Cookie;
}
location /static/ {
alias /app/static_root/;
}
location /media/ {
alias /app/media/;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name procleaning.kg;
index index.php index.html index.htm;
root /var/www/html;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/north.world-ithech.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/north.world-ithech.ru/privkey.pem;
include /etc/nginx/conf.d/options-ssl-nginx.conf;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wp:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}
git bash Ubuntu server:
root@procleaningkg:/home/ProCleaning# sudo netstat -tulpn | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 477435/docker-proxy
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 477309/docker-proxy
tcp6 0 0 :::80 :::* LISTEN 477440/docker-proxy
tcp6 0 0 :::8080 :::* LISTEN 477314/docker-proxy