Certificate service renewal

[oscgonfer]

Describe the bug
There is an issue with the letsencrypt.service. The certificate renewal works fine, but not the restarting of the nginx container.

To Reproduce
Steps to reproduce the behavior:

1. Setup fabmanager following setup script
2. Choose to autorenew certificate
3. Wait and check the status for the letsencrypt service or trigger it

Expected behavior
A renewal of the certificate (OK) and relaunching of the nginx (NOK)

Server
Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-124-generic x86_64)

docker --version
Docker version 20.10.17, build 100c701

I think it's simply a problem with the name of the container. At least in our deployment scenario, containers are named using dashes, instead of underscores:

[Unit]
Description=letsencrypt cert update oneshot
Requires=docker.service

[Service]
Type=oneshot
ExecStart=/usr/bin/docker run --rm --name certbot_fabmanager -v "/apps/fabmanager/letsencrypt/etc:/etc/letsencrypt" certbot/certbot:latest -c "/etc/letsencrypt/config/webroot.ini" certonly
ExecStartPost=-/usr/bin/docker restart fabmanager_nginx_1

In our case should replace the ExecStartPost line by (note also the dash before /usr/bin ?):

ExecStartPost=/usr/bin/docker restart fabmanager-nginx-1

[sylvainbx]

I made a test but cannot reproduce the issue. Can you please report here your version of docker-compose ?

[oscgonfer]

Here it is:

~# docker compose version
Docker Compose version v2.6.0

[boopdadm]

I think we have the same issue.

docker-compose version 1.29.2, build unknown
docker-py version: 5.0.3
CPython version: 3.11.4
OpenSSL version: OpenSSL 3.0.8 7 Feb 2023

So far I implemented a workaround with a cronjob that restarts the nginx container every month afetr certificate renewal.

$ crontab -l
0 3 2 * * docker-compose restart nginx