Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

clock_gettime(MONOTONIC) failed #894

Open
HorridoJoho opened this issue Nov 27, 2021 · 3 comments
Open

clock_gettime(MONOTONIC) failed #894

HorridoJoho opened this issue Nov 27, 2021 · 3 comments
Labels
scope/arm Issue / PR related to arm architectures

Comments

@HorridoJoho
Copy link

HorridoJoho commented Nov 27, 2021
edited by buchdag

Bug description

The container is not able to connect to the outside world through cUrl. As of now i manually used certbot to update and copy over my certificates. I am running on a Raspberry PI 4.

I found the following behavior in the container:

<CENSORED>@<CENSORED>:~ $ sudo docker-compose exec nginx-proxy-acme /bin/sh
/app # cat /etc/resolv.conf
# Generated by resolvconf
domain fritz.box
nameserver 192.168.<CENSORED>
/app # ping 192.168.<CENSORED>
PING 192.168.<CENSORED> (192.168.<CENSORED>): 56 data bytes
ping: clock_gettime(MONOTONIC) failed
/app # nslookup google.de
nslookup: clock_gettime(MONOTONIC) failed

acme-companion image version

nginx-proxy-acme    | Info: running acme-companion version v2.1.0-28-g1785bc5

nginx-proxy's Docker configuration

version: "2.4"

volumes:
  nextcloud-data:
  proxy-certs:
  proxy-vhost:
  proxy-html:
  proxy-acme:
  proxy-dhparam:
  proxy-conf:
  pihole:
  pihole-dnsmasq:

networks:
  default:
    driver: bridge

services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - proxy-conf:/etc/nginx/conf.d
      - proxy-vhost:/etc/nginx/vhost.d
      - proxy-html:/usr/share/nginx/html
      - proxy-dhparam:/etc/nginx/dhparam
      - proxy-certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
    environment:
      - ENABLE_IPV6=true
    network_mode: bridge

  nginx-proxy-acme:
    image: nginxproxy/acme-companion
    container_name: nginx-proxy-acme
    depends_on:
      - nginx-proxy
    volumes_from:
      - nginx-proxy
    volumes:
      - proxy-certs:/etc/nginx/certs:rw
      - proxy-acme:/etc/acme.sh
      - /var/run/docker.sock:/var/run/docker.sock:ro
    network_mode: bridge

  pihole:
    image: pihole/pihole:2021.10
    depends_on:
      - nginx-proxy
    ports:
      - 53:53/tcp
      - 53:53/udp
    environment:
      - TZ=Europe/Berlin
      - WEBPASSWORD=<CENSORED>
      - VIRTUAL_HOST=pihole.<CENSORED>.de
    volumes:
      - pihole:/etc/pihole
      - pihole-dnsmasq:/etc/dnsmasq.d
    network_mode: bridge

  nextcloud:
    image: nextcloud:21.0.3-apache
    depends_on:
      - nginx-proxy
    environment:
      - VIRTUAL_HOST=cloud.<CENSORED>.de
      - LETSENCRYPT_HOST=cloud.<CENSORED>.de
    volumes:
      - nextcloud-data:/var/www/html
    network_mode: bridge

  nextcloud-cron:
    image: nextcloud:21.0.3-apache
    depends_on:
      - nextcloud
    volumes:
      - nextcloud-data:/var/www/html
    entrypoint: /cron.sh
    network_mode: none

rendered nginx configuration

sudo docker-compose exec nginx-proxy nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  10240;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}
daemon off;

# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    font/woff                                        woff;
    font/woff2                                       woff2;

    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/wasm                                 wasm;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

# configuration file /etc/nginx/conf.d/default.conf:
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
  default $http_x_forwarded_port;
  ''      $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
  default upgrade;
  '' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
# Set appropriate X-Forwarded-Ssl header based on $proxy_x_forwarded_proto
map $proxy_x_forwarded_proto $proxy_x_forwarded_ssl {
  default off;
  https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                 '"$request" $status $body_bytes_sent '
                 '"$http_referer" "$http_user_agent" '
                 '"$upstream_addr"';
access_log off;
                ssl_protocols TLSv1.2 TLSv1.3;
                ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
                ssl_prefer_server_ciphers off;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
        server_name _; # This is just an invalid value which will never trigger on a real hostname.
        server_tokens off;
        listen 80;
        listen [::]:80;
        access_log /var/log/nginx/access.log vhost;
        return 503;
}
# <CENSORED>.local
upstream <CENSORED>.local {
        ## Can be connected with "bridge" network
        # pi_nextcloud_1
        server 172.17.0.4:80;
}
server {
        server_name <CENSORED>.local;
        listen 80 ;
        listen [::]:80 ;
        access_log /var/log/nginx/access.log vhost;
        location / {
                proxy_pass <CENSORED>.local;
        }
}
# cloud.<CENSORED>.de
upstream cloud.<CENSORED>.de {
        ## Can be connected with "bridge" network
        # pi_nextcloud_1
        server 172.17.0.4:80;
}
server {
        server_name cloud.<CENSORED>.de;
        listen 80 ;
        listen [::]:80 ;
        access_log /var/log/nginx/access.log vhost;
        # Do not HTTPS redirect Let'sEncrypt ACME challenge
        location ^~ /.well-known/acme-challenge/ {
                auth_basic off;
                auth_request off;
                allow all;
                root /usr/share/nginx/html;
                try_files $uri =404;
                break;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}
server {
        server_name cloud.<CENSORED>.de;
        listen 443 ssl http2 ;
        listen [::]:443 ssl http2 ;
        access_log /var/log/nginx/access.log vhost;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_certificate /etc/nginx/certs/cloud.<CENSORED>.de.crt;
        ssl_certificate_key /etc/nginx/certs/cloud.<CENSORED>.de.key;
        add_header Strict-Transport-Security "max-age=31536000" always;
        location / {
                proxy_pass http://cloud.<CENSORED>.de;
        }
}
# pihole.<CENSORED>.de
upstream pihole.<CENSORED>.de {
        ## Can be connected with "bridge" network
        # pi_pihole_1
        server 172.17.0.5:80;
}
server {
        server_name pihole.<CENSORED>.de;
        listen 80 ;
        listen [::]:80 ;
        access_log /var/log/nginx/access.log vhost;
        location / {
                proxy_pass http://pihole.<CENSORED>.de;
        }
}

Containers logs

nginx-proxy:

Attaching to nginx-proxy
nginx-proxy         | Warning: A custom dhparam.pem file was provided. Best practice is to use standardized RFC7919 DHE groups instead.
nginx-proxy         | forego      | starting dockergen.1 on port 5000
nginx-proxy         | forego      | starting nginx.1 on port 5100
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: using the "epoll" event method
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: nginx/1.21.3
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: built by gcc 8.3.0 (Debian 8.3.0-6)
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: OS: Linux 5.10.60-v7l+
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: getrlimit(RLIMIT_NOFILE): 1048576:1048576
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: start worker processes
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: start worker process 23
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: start worker process 24
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: start worker process 25
nginx-proxy         | nginx.1     | 2021/11/27 12:23:42 [notice] 17#17: start worker process 26
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:43 Generated '/etc/nginx/conf.d/default.conf' from 1 containers
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:43 Running 'nginx -s reload'
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 1 (SIGHUP) received from 29, reconfiguring
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: reconfiguring
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:43 Watching docker events
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: using the "epoll" event method
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: start worker processes
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: start worker process 33
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: start worker process 34
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: start worker process 35
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: start worker process 36
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 23#23: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 24#24: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 23#23: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 24#24: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 26#26: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 26#26: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 23#23: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 24#24: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 26#26: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 25#25: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 25#25: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 25#25: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 17 (SIGCHLD) received from 23
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: worker process 23 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 17 (SIGCHLD) received from 26
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: worker process 26 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 17 (SIGCHLD) received from 25
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: worker process 25 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 17 (SIGCHLD) received from 24
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: worker process 24 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:43 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Generated '/etc/nginx/conf.d/default.conf' from 4 containers
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Running 'nginx -s reload'
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 1 (SIGHUP) received from 38, reconfiguring
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: reconfiguring
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Received event start for container 735f76bde07b
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Received event start for container c079826ec388
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Received event start for container b46d7cc237ef
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: using the "epoll" event method
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: start worker processes
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: start worker process 39
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: start worker process 40
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: start worker process 41
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: start worker process 42
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 33#33: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 35#35: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 33#33: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 35#35: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 33#33: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 35#35: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 34#34: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 34#34: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 34#34: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 36#36: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 36#36: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 36#36: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 17 (SIGCHLD) received from 36
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: worker process 36 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 17 (SIGCHLD) received from 34
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: worker process 34 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 17 (SIGCHLD) received from 33
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: worker process 33 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 17 (SIGCHLD) received from 35
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: worker process 35 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:23:45 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Received event start for container d45e31a3b5bc
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:45 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx-proxy         | dockergen.1 | 2021/11/27 12:23:46 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: signal 1 (SIGHUP) received from 55, reconfiguring
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: reconfiguring
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: using the "epoll" event method
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: start worker processes
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: start worker process 56
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: start worker process 57
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: start worker process 58
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 17#17: start worker process 59
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 39#39: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 42#42: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 42#42: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 39#39: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 39#39: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 42#42: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 40#40: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 40#40: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 40#40: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 41#41: gracefully shutting down
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 41#41: exiting
nginx-proxy         | nginx.1     | 2021/11/27 12:24:22 [notice] 41#41: exit
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: signal 17 (SIGCHLD) received from 40
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: worker process 40 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: worker process 41 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: signal 17 (SIGCHLD) received from 39
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: worker process 39 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: signal 29 (SIGIO) received
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: signal 17 (SIGCHLD) received from 42
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: worker process 42 exited with code 0
nginx-proxy         | nginx.1     | 2021/11/27 12:24:23 [notice] 17#17: signal 29 (SIGIO) received

acme-companion:

Attaching to nginx-proxy-acme
nginx-proxy-acme    | Info: running acme-companion version v2.1.0-28-g1785bc5
nginx-proxy-acme    | Generating a RSA private key
nginx-proxy-acme    | .........................................................................................................................................................++++
nginx-proxy-acme    | ................................................................................................................................................................++++
nginx-proxy-acme    | writing new private key to '/etc/nginx/certs/default.key.new'
nginx-proxy-acme    | -----
nginx-proxy-acme    | 3069907856:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
nginx-proxy-acme    | Info: a default key and certificate have been created at /etc/nginx/certs/default.key and /etc/nginx/certs/default.crt.
nginx-proxy-acme    | Warning: /etc/nginx/certs/default.key does not exist. Skipping ownership and permissions check.
nginx-proxy-acme    | Warning: /etc/nginx/certs/default.crt does not exist. Skipping ownership and permissions check.
nginx-proxy-acme    | Info: Custom Diffie-Hellman group found, generation skipped.
nginx-proxy-acme    | Reloading nginx proxy (e6789e9226c76e0abc966fd2c726404e43cffcbe016bbc451dac2b9331cf0ded)...
nginx-proxy-acme    | 2021/11/27 12:24:22 Generated '/etc/nginx/conf.d/default.conf' from 5 containers
nginx-proxy-acme    | 2021/11/27 12:24:22 [notice] 55#55: signal process started
nginx-proxy-acme    | 2021/11/27 12:24:23 Generated '/app/letsencrypt_service_data' from 5 containers
nginx-proxy-acme    | 2021/11/27 12:24:23 Running '/app/signal_le_service'
nginx-proxy-acme    | 2021/11/27 12:24:23 Watching docker events
nginx-proxy-acme    | 2021/11/27 12:24:23 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Can not init api.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Registering account: https://acme-v02.api.letsencrypt.org/directory
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Giving up sending to CA server after 20 retries.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Register account Error:
nginx-proxy-acme    | Error: no ACME account was found or registered for  and https://acme-v02.api.letsencrypt.org/directory, certificate creation aborted.
nginx-proxy-acme    | Sleep for 3600s

Docker host

RaspberryPI OS based on Buster (Linux 5.10.60-v7l+ #1449 SMP Wed Aug 25 15:00:44 BST 2021 armv7l GNU/Linux)

Client:
 Version:           18.09.1
 API version:       1.39
 Go version:        go1.11.6
 Git commit:        4c52b90
 Built:             Fri, 13 Sep 2019 10:45:43 +0100
 OS/Arch:           linux/arm
 Experimental:      false

Server:
 Engine:
  Version:          18.09.1
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.11.6
  Git commit:       4c52b90
  Built:            Fri Sep 13 09:45:43 2019
  OS/Arch:          linux/arm
  Experimental:     false

docker-compose version 1.21.0, build unknown
docker-py version: 3.4.1
CPython version: 3.7.3
OpenSSL version: OpenSSL 1.1.1d  10 Sep 2019
@buchdag buchdag added the scope/arm Issue / PR related to arm architectures label Dec 8, 2021
@buchdag
Copy link
Member

buchdag commented Dec 8, 2021
edited

Hi @HorridoJoho

This looks like it might be an issue with alpine itself :

I've just updated the image to alpine 3.15.0, could you try again with a freshly pulled nginxproxy/acme-companion:latest ?

@HorridoJoho
Copy link
Author

HorridoJoho commented Dec 8, 2021
edited

Hi @buchdag,

thanks for your response.

Looks like i have to continue updating my certificates manually for now. A topic i read again and again is it may be related to libseccomp2 stuff. Even updated this with a .deb package from debian repos manually. But newer versions need a bunch of dependencies updated which i don't feel comfortable with doing manually.

Maybe it is time to update my little pi with a distro directly from debian which has more up to date libraries than the pi os. Not sure about that yet tho.

Attaching to nginx-proxy-acme
nginx-proxy-acme    | Info: running acme-companion version v2.1.1
nginx-proxy-acme    | Generating a RSA private key
nginx-proxy-acme    | ............................................................................................++++
nginx-proxy-acme    | ..........................++++
nginx-proxy-acme    | writing new private key to '/etc/nginx/certs/default.key.new'
nginx-proxy-acme    | -----
nginx-proxy-acme    | 3070202768:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
nginx-proxy-acme    | Info: a default key and certificate have been created at /etc/nginx/certs/default.key and /etc/nginx/certs/default.crt.
nginx-proxy-acme    | Warning: /etc/nginx/certs/default.key does not exist. Skipping ownership and permissions check.
nginx-proxy-acme    | Warning: /etc/nginx/certs/default.crt does not exist. Skipping ownership and permissions check.
nginx-proxy-acme    | Info: Custom Diffie-Hellman group found, generation skipped.
nginx-proxy-acme    | Reloading nginx proxy (4e8bbf700638ceff1f0324f2162099a2d2e4a7c325ed22d2ea69d7c4ce403563)...
nginx-proxy-acme    | 2021/12/08 23:10:54 Generated '/etc/nginx/conf.d/default.conf' from 5 containers
nginx-proxy-acme    | 2021/12/08 23:10:54 [notice] 49#49: signal process started
nginx-proxy-acme    | 2021/12/08 23:10:54 Generated '/app/letsencrypt_service_data' from 5 containers
nginx-proxy-acme    | 2021/12/08 23:10:54 Running '/app/signal_le_service'
nginx-proxy-acme    | 2021/12/08 23:10:54 Watching docker events
nginx-proxy-acme    | 2021/12/08 23:10:55 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Can not init api for: https://acme-v02.api.letsencrypt.org/directory.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Registering account: https://acme-v02.api.letsencrypt.org/directory
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Could not get nonce, let's try again.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Giving up sending to CA server after 20 retries.
nginx-proxy-acme    | [Thu Jan  1 00:00:00 UTC 1970] Register account Error:
nginx-proxy-acme    | Error: no ACME account was found or registered for  and https://acme-v02.api.letsencrypt.org/directory, certificate creation aborted.
nginx-proxy-acme    | Sleep for 3600s

@buchdag
Copy link
Member

buchdag commented Dec 8, 2021

If my memory is correct it might also be linked to this change in alpine 3.13, so maybe more a 32 bits OS issue. AFAIK Raspbian / Raspberry Pi OS is still 32 bits only. It's been a long time since I used my Pi(s), but now that Ubuntu is available on them I honestly can't recommend using Raspbian / Raspberry Pi OS for server stuff like this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
scope/arm Issue / PR related to arm architectures
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HorridoJoho @buchdag