I am trying to install latest ODK release on AWS Ubuntu 24. The installation went smooth, however the docker NGINX is coming up as UNHEALTHY. Nginx logs are displaying following:
nginx-1 | 2025/02/18 19:14:45 [warning] Could not find non-zero size keyfile file '/etc/letsencrypt/live/MY.SERVER/privkey.pem' in '/etc/nginx/conf.d/odk.conf'
nginx-1 | 2025/02/18 19:14:45 [warning] Could not find non-zero size fullchain file '/etc/letsencrypt/live/MY.SERVER/fullchain.pem' in '/etc/nginx/conf.d/odk.conf'
nginx-1 | 2025/02/18 19:14:45 [warning] Could not find non-zero size chain file '/etc/letsencrypt/live/MY.SERVER/fullchain.pem' in '/etc/nginx/conf.d/odk.conf'
nginx-1 | 2025/02/18 19:14:45 [error] Important file(s) for '/etc/nginx/conf.d/odk.conf' are missing or empty, disabling...
Can someone help about what might be the issue?
Thanks.
I’m assuming that you replaced 'MY.SERVER' in the error message for security reasons. Given that, it seems like NGINX (the web server inside your Docker container that hosts ODK’s frontend) can’t find the Let’s Encrypt SSL certificate for MY.SERVER.
Since you mentioned this is a new installation, the issue is likely with Certbot failing to issue a new certificate, rather than with ODK Central itself.
What might have gone wrong?
Rate Limit Reached: Let’s Encrypt has rate limits. How many times have you tried installing ODK Central (or any other service) in the past week using Let's Encrypt with the same email? I wonder if they have rate limited your email / domain?
Domain Validation Failed: As far as I know, Let's Encrypt does domain validation before issuing a new certificate. Are you sure the domain or subdomain is correct and pointing to the right IP? Check domain propagation, I would also suggest checking the firewall or proxy settings (security groups on AWS as well) as sometimes they may interfere as well!
There could be other reasons too, but first, let's check why the certificate wasn’t issued (or if it was issued but got misplaced somehow).
How to check what happened?
Step 1: Enter the ODK Central's NGINX container
sudo docker exec -it central-nginx-1 bash
Step 2: Check if Let’s Encrypt logs exist
cd /var/log/letsencrypt && ls
You might see multiple files or just one. The main file we’re interested in is letsencrypt.log.
Step 3: View the logs!
cat letsencrypt.log
If there are older logs, you can check them too. These logs contain details about certificate issuance, renewals, and any errors that occurred. This should tell us exactly why the certificate wasn’t issued (if it wasn't).
Let me know what you find! Hope you have a great day!
Many thanks @MinimalPotato. It feels kind of funny (and weird) to confirm that it all got fixed when I rebooted the server a couple of times. The worst (and in a way, best) way of making things work!
What might have gone wrong?
