I am trying to use letsencrypt certificates with a docker container. The container is running a Asp.Net Core application exposing http and https.
To run the container on the server I did these step. First I generated the letsencrypt certificates using docker & certbot like this:
mkdir -p /home/username/domain.de/letsencrypt
cd /home/username/domain.de/letsencrypt
docker run --rm -it \
-v $PWD/log/:/var/log/letsencrypt/ \
-v $PWD/etc/:/etc/letsencrypt/ \
-p 80:80 \
certbot/certbot certonly --standalone -d domain.de -d www.domain.de
For the Kestrel webserver, I have also configured the path within the docker container to the certificate in appsettings.json:
"Kestrel": {
"Certificates": {
"Default": {
"Path": "etc/letsencrypt/live/domain.de/fullchain.pem",
"KeyPath": "etc/letsencrypt/live/domain.de/privkey.pem"
}
}
}
Then start the application passing a volume with the letsencrypt certificates.
docker run -p 80:80 \
-p 443:443 \
-e ASPNETCORE_HTTP_PORTS=80 \
-e ASPNETCORE_HTTPS_PORTS=443 \
-v /home/username/domain.de/letsencrypt/etc:/etc/letsencrypt \
dockerhubaccount/domain.de
This leads to a permission denied exception:
fail: Microsoft.Extensions.Hosting.Internal.Host[11]
Hosting failed to start
System.UnauthorizedAccessException: Access to the path '/etc/letsencrypt/live/domain.de/fullchain.pem' is denied.
---> System.IO.IOException: Permission denied
I had also tried wether I put the path wrong, but when changing it the error changes to path not found. So the path is correct, docker or the .Net runtime seen to be missing the permission.
What is the proper way to set the correct permission for docker to use the certificates?
Changing the permissions for the folder
/etc/letsencrypt/live/fixed the permission problem.But I am concerned because of this answer from the Letsencrypt forum: