0

I am using Ubuntu on my host machine, and I have a docker container also running Ubuntu that contains an ASP .NET website. Now the issue is I can't seem to figure out how to get the container to mount my SSL keys from my host machine. My docker-compose.yml file has the following volumes specified.

    volumes:
      - /etc/letsencrypt/archive/example.com/fullchain.pem:/etc/ssl/certs/fullchain.pem:ro
      - /etc/letsencrypt/archive/example.com/privkey.pem:/etc/ssl/private/privkey.pem:ro
      - app-data:/app/data
      - app-data:/root/.aspnet/DataProtection-Keys

volumes:
  app-data:

I also verified these files exist by using cat /etc/letsencrypt/archive/example.com/privkey1.pem and cat /etc/letsencrypt/archive/example.com/fullchain1.pem which all worked perfectly. But when I compose my container, I always get the following errors because it can't seem to find the file.

Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
   at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
   at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
   at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, String fileName, String password)

I also ensured the permissions are right by running the following to no avail.

sudo chmod 644 /etc/letsencrypt/archive/example.com/fullchain1.pem
sudo chmod 600 /etc/letsencrypt/archive/example.com/privkey1.pem
sudo chmod 755 /etc/letsencrypt/archive
sudo chmod 755 /etc/letsencrypt/archive/example.com

Next, I tried manually starting the container, but I get the same error where the container instantly closes due to the exception.

docker run -it --rm \
  -v /etc/letsencrypt/archive/example.com/fullchain1.pem:/etc/ssl/certs/fullchain.pem:ro \
  -v /etc/letsencrypt/archive/example.com/privkey1.pem:/etc/ssl/private/privkey.pem:ro \
  server /bin/bash

Lastly, here is my Program class which is trying to read the HTTPS cert which is what is generating the actual no file found exception.

    public class Program
    {
        public static void Main(string[] args)
        {
            CreateHostBuilder(args).Build().Run();
        }

        public static IHostBuilder CreateHostBuilder(string[] args) =>
        Host.CreateDefaultBuilder(args)
            .ConfigureWebHostDefaults(webBuilder =>
            {
                webBuilder.UseStartup<Startup>()
                    .UseKestrel(options =>
                    {
                        options.ListenAnyIP(80); // HTTP
                        options.ListenAnyIP(443, listenOptions =>
                        {
                            listenOptions.UseHttps("/etc/ssl/certs/fullchain.pem", "/etc/ssl/private/privkey.pem");
                        });
                    });
            });
    }
Improve this question

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.