ODK Central Local Installation: Docker-compose State Unhealthy Nginx

Hi everyone :slight_smile:

1. What is the problem?
I am trying to an ODK central from my computer. I have followed these instructions (except for the digital ocean stuff as trying to set up on my computer. After going through all these steps I still get "server IP address not found".

I have tried to give as much detail below as possible. I am sorry if I have missed anything or if any of these questions are daft! Happy to give more detail if needed.

I'm relatively new to docker and things such as "etsencrypt, DNS ... (If anyone can point me to good resources for learning that would be super helpful!)

2. What app or server are you using and on what device and operating system? Include version numbers.
My domain is from google domains, and I am using the google name servers.

I am running on:

  • Ubuntu 20.04.01.
  • Docker version 19.03.13, build 4484c46d9d
  • docker-compose version 1.27.4, build 40524192

3. What you have you tried to fix the problem?

I have tried to delete everything and rebuild.

4. What steps can we take to reproduce the problem?

I followed the these exact instructions and used the software described above.

I change the .env file as specified and am using letsencrypt.

5. Anything else we should know or have? If you have a test form or screenshots or logs, attach below.

When I enter:
docker-compose ps
I receive the output:
Name Command State Ports
central_postgres_1 docker-entrypoint.sh postgres Up 5432/tcp
enketo docker-entrypoint.sh /bin/ ... Up 8005/tcp
enketo_redis_cache docker-entrypoint.sh redis ... Up 6379/tcp
enketo_redis_main docker-entrypoint.sh redis ... Up 6379/tcp
mail /bin/entrypoint.sh exim -b ... Up 25/tcp
nginx /bin/bash /scripts/odk-set ... Up (unhealthy)>443/tcp,>80/tcp
pyxform waitress-serve --port=80 - ... Up
secrets docker-entrypoint.sh ./gen ... Exit 0
service docker-entrypoint.sh ./wai ... Up 8383/tcp

When I enter:

    docker-compose logs nginx

I receive this output:

    Attaching to nginx
    nginx                 | writing a new nginx configuration file..
    nginx                 | starting nginx with certbot..
    nginx                 | symlinking scripts from /etc/nginx/user.conf.d to /etc/nginx/conf.d
    nginx                 | no /etc/nginx/user.conf.d, nothing to do.
    nginx                 | Couldn't find keyfile /etc/letsencrypt/live/lgormanodk.co.uk/privkey.pem for /etc/nginx/conf.d/odk.conf
    nginx                 | Keyfile(s) missing for /etc/nginx/conf.d/odk.conf, disabling...
    nginx                 | Couldn't find keyfile /etc/letsencrypt/live/lgormanodk.co.uk/privkey.pem for /etc/nginx/conf.d/odk.conf.nokey
    nginx                 | Done with startup
    nginx                 | Run certbot
    nginx                 | ++ parse_domains
    nginx                 | ++ for conf_file in /etc/nginx/conf.d/*.conf*
    nginx                 | ++ sed -n -e 's&^\s*ssl_certificate_key\s*\/etc/letsencrypt/live/\(.*\)/privkey.pem;&\1&p' /etc/nginx/conf.d/certbot.conf
    nginx                 | ++ xargs echo
    nginx                 | ++ for conf_file in /etc/nginx/conf.d/*.conf*
    nginx                 | ++ sed -n -e 's&^\s*ssl_certificate_key\s*\/etc/letsencrypt/live/\(.*\)/privkey.pem;&\1&p' /etc/nginx/conf.d/odk.conf.nokey
    nginx                 | ++ xargs echo
    nginx                 | + for domain in $(parse_domains)
    nginx                 | + is_renewal_required lgormanodk.co.uk
    nginx                 | + last_renewal_file=/etc/letsencrypt/live/lgormanodk.co.uk/privkey.pem
    nginx                 | + '[' '!' -e /etc/letsencrypt/live/lgormanodk.co.uk/privkey.pem ']'
    nginx                 | + return
    nginx                 | + get_certificate lgormanodk.co.uk I_REMOVED_MY_EMAIL_FOR_THIS_POST
    nginx                 | + echo 'Getting certificate for domain lgormanodk.co.uk on behalf of user I_REMOVED_MY_EMAIL_FOR_THIS_POST
    nginx                 | Getting certificate for domain lgormanodk.co.uk on behalf of user I_REMOVED_MY_EMAIL_FOR_THIS_POST
    nginx                 | + PRODUCTION_URL=https://acme-v02.api.letsencrypt.org/directory
    nginx                 | + STAGING_URL=https://acme-staging-v02.api.letsencrypt.org/directory
    nginx                 | + '[' '' = 1 ']'
    nginx                 | + letsencrypt_url=https://acme-v02.api.letsencrypt.org/directory
    nginx                 | + echo 'Production ...'
    nginx                 | Production ...
    nginx                 | + echo 'running certbot ... https://acme-v02.api.letsencrypt.org/directory lgormanodk.co.uk leogorman123@gmail.com'
    nginx                 | running certbot ... https://acme-v02.api.letsencrypt.org/directory lgormanodk.co.uk leogorman123@gmail.com
    nginx                 | + certbot certonly --agree-tos --keep -n --text --email I_REMOVED_MY_EMAIL_FOR_THIS_POST --server https://acme-v02.api.letsencrypt.org/directory -d lgormanodk.co.uk --http-01-port 1337 --standalone --preferred-challenges http-01 --debug
    nginx                 | Saving debug log to /var/log/letsencrypt/letsencrypt.log
    nginx                 | Plugins selected: Authenticator standalone, Installer None
    nginx                 | Obtaining a new certificate
    nginx                 | Performing the following challenges:
    nginx                 | http-01 challenge for lgormanodk.co.uk
    nginx                 | Waiting for verification...
    nginx                 | Challenge failed for domain lgormanodk.co.uk
    nginx                 | http-01 challenge for lgormanodk.co.uk
    nginx                 | Cleaning up challenges
    nginx                 | Exiting abnormally:
    nginx                 | Traceback (most recent call last):
    nginx                 |   File "/usr/local/bin/certbot", line 8, in <module>
    nginx                 |     sys.exit(main())
    nginx                 |   File "/usr/local/lib/python2.7/dist-packages/certbot/main.py", line 1378, in main
    nginx                 |     return config.func(config, plugins)
    nginx                 |   File "/usr/local/lib/python2.7/dist-packages/certbot/main.py", line 1265, in certonly
    nginx                 |     lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
    nginx                 |   File "/usr/local/lib/python2.7/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
    nginx                 |     lineage = le_client.obtain_and_enroll_certificate(domains, certname)
    nginx                 |   File "/usr/local/lib/python2.7/dist-packages/certbot/client.py", line 417, in obtain_and_enroll_certificate
    nginx                 |     cert, chain, key, _ = self.obtain_certificate(domains)
    nginx                 |   File "/usr/local/lib/python2.7/dist-packages/certbot/client.py", line 348, in obtain_certificate
    nginx                 |     orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
    nginx                 |   File "/usr/local/lib/python2.7/dist-packages/certbot/client.py", line 396, in _get_order_and_authorizations
    nginx                 |     authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
    nginx                 |   File "/usr/local/lib/python2.7/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
    nginx                 |     self._poll_authorizations(authzrs, max_retries, best_effort)
    nginx                 |   File "/usr/local/lib/python2.7/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
    nginx                 |     raise errors.AuthorizationError('Some challenges have failed.')
    nginx                 | AuthorizationError: Some challenges have failed.
    nginx                 | Please see the logfiles in /var/log/letsencrypt for more details.
    nginx                 | IMPORTANT NOTES:
    nginx                 |  - The following errors were reported by the server:
    nginx                 | 
    nginx                 |    Domain: lgormanodk.co.uk
    nginx                 |    Type:   dns
    nginx                 |    Detail: No valid IP addresses found for lgormanodk.co.uk
    nginx                 | + error 'Cerbot failed for lgormanodk.co.uk. Check the logs for details.'
    nginx                 | + set +x
    nginx                 | Cerbot failed for lgormanodk.co.uk. Check the logs for details.
    nginx                 | + exit_code=1
    nginx                 | + auto_enable_configs
    nginx                 | + for conf_file in /etc/nginx/conf.d/*.conf*
    nginx                 | + keyfiles_exist /etc/nginx/conf.d/certbot.conf
    nginx                 | ++ parse_keyfiles /etc/nginx/conf.d/certbot.conf
    nginx                 | ++ sed -n -e 's&^\s*ssl_certificate_key\s*\(.*\);&\1&p' /etc/nginx/conf.d/certbot.conf
    nginx                 | + return 0
    nginx                 | + '[' conf = nokey ']'
    nginx                 | + for conf_file in /etc/nginx/conf.d/*.conf*
    nginx                 | + keyfiles_exist /etc/nginx/conf.d/odk.conf.nokey
    nginx                 | ++ parse_keyfiles /etc/nginx/conf.d/odk.conf.nokey
    nginx                 | ++ sed -n -e 's&^\s*ssl_certificate_key\s*\(.*\);&\1&p' /etc/nginx/conf.d/odk.conf.nokey
    nginx                 | + for keyfile in $(parse_keyfiles $1)
    nginx                 | + currentfile=/etc/letsencrypt/live/lgormanodk.co.uk/privkey.pem
    nginx                 | + '[' '!' -f /etc/letsencrypt/live/lgormanodk.co.uk/privkey.pem ']'
    nginx                 | + echo 'Couldn'\''t find keyfile /etc/letsencrypt/live/lgormanodk.co.uk/privkey.pem for /etc/nginx/conf.d/odk.conf.nokey'
    nginx                 | Couldn't find keyfile /etc/letsencrypt/live/lgormanodk.co.uk/privkey.pem for /etc/nginx/conf.d/odk.conf.nokey
    nginx                 | + return 1
    nginx                 | + '[' nokey = conf ']'
    nginx                 | + sleep 5
    nginx                 | + kill -HUP 20
    nginx                 | + set +x

Challenge failed for domain lgormanodk.co.uk

This is the key error message. Certbot can't validate that you own the lgormanodk.co.uk domain because you have not mapped that domain to the IP of the machine. You can confirm this indeed the case at https://mxtoolbox.com/SuperTool.aspx?action=a%3A+lgormanodk.co.uk. Compare that with https://mxtoolbox.com/SuperTool.aspx?action=a%3A+trial.getodk.cloud.

As we write at https://docs.getodk.org/central-install-digital-ocean/#obtaining-a-web-address-domain-name, you must have a domain name and must have your DNS records for that domain point to the IP of the DigitalOcean server.

1 Like

Thanks so much, I will work on this a bit more! I had a digital Ocean Instance before but wanted to try setting up a server on my own machine. I imagine I will need to have a better understainding of DNS recors, IPm and domains.

1 Like

This is one of the things that you don't have to worry about with our cloud hosting. We take care of the domain name, DNS records, security patches, etc.

That said, you are very close to getting your self-hosting working! If you'd like to learn more about DNS, here are some good places to start:

Julia Evans also has some great zines on networking in general that are a fun read.


Thank you so much, that's so kind of you! The cloud hosting looks fantastic. I'm just trying to learn a bit more about software development and trying to improve generally so I will keep trying to get the self-hosting working.

Thanks so much for the materials! Will work through them and let you know how it goes :slight_smile:

1 Like