Issue:
I have recently installed Pi-Hole container on my docker. My CertBot container can’t access internet to renew certificates. Also, one of recently restarted WordPress container no longer able to access internet as well to add new plugins. What’s going on?
- WordPress: can’t add new theme or plugin
- CertBot: can’t connect to “https://acme-v01.api.letsencrypt.org/directory”
Environment:
Ubuntu, Docker, Nginx, Pi-Hole, CertBot, WordPress
Resolution:
Due to the container routing through Pi-hole, when container restarted, the routing go through Pi-Hole instead of router. So, in order for container to go directly to router and skip Pi-Hole, you have an option to add a daemon.json file with router gateway IP to Docker configuration location. To do this, please follow instructions below.
Step-by-step instructions:-
- First, locate where your docker daemon configuration file. Usually it’s located at “/etc/docker/daemon.json”. If you just see key.json file, then you’re in the right spot.
- If daemon.json not found, create daemon.json file with your favorite editor.
sudo vi /etc/docker/daemon.json
- Copy and paste following content start with “{“ and end with “}” below:
{ "dns": ["10.0.0.1"] }
- Change sample DNS entry 10.0.0.1 to your DNS Server IP or Router IP address. If you setup Pi-Hole, look under your DNS entries. You may add alternative DNS failover with comma like below:
{ "dns": ["10.0.0.1","8.8.8.8"] }
- Save ([Esc]:wq) and restart docker service by typing:
sudo service docker restart
- Once all your containers restarted, try ping again to see if problem resolves.
To test CertBot container internet connectivity, use this command:sudo docker exec certbot_container_name ping google.com
Troubleshoot:
- If you can’t add new theme or plugin to WordPress, your WordPress container probably can’t access internet. Try above solution and restart your container.
- If you try to create certificate with CertBot and get an error message saying something like can’t connect to “https://acme-v01.api.letsencrypt.org/directory”. Try above solution and restart your container.
- If your Docker container route traffic through Pi-Hole (i.e., 10.0.0.2) due to changed in router Dnsmasq, try above solution and restart your container.
Dnsmasq = dhcp-option=6,10.0.0.2
Reference:
Sample command to test if docker site is working:
root@server:$ curl -H "Host: www.problemsolvedtoo.com" localhost
Sample command to create certificate with CertBot:
sudo docker exec certbot certbot certonly --webroot -w /var/www/certbot --staging --email certbot@problemsolvedtoo.com -d www.problemsolvedtoo.com --rsa-key-size 4096 --agree-tos --force-renewal