Docker image: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found
Solution 1
As soon as you've setup the certificate in nginx, I see no sense enabling it in the asp.net core container as your docker network is going to be visible to public via nginx.
To disable Kestrel Https listening just remove 443 port from the following code:
- ASPNETCORE_URLS=https://+:443;http://+:80
Replace it with:
- ASPNETCORE_URLS=http://+:80
Solution 2
For the folks that came here because of a similar problem, this helped me to resolve an issue:
Clean the development certificates:
dotnet dev-certs https --clean
Create a new one
dotnet dev-certs https -t
Solution 3
In my case the main issues was with docker-compose.override.yml
file. Docker files were generated on Windows machine so the following lines were not correct for mac.
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
I had to replace them with the following lines:
- ~/.aspnet/https:/root/.aspnet/https:ro
- ~/.microsoft/usersecrets:/root/.microsoft/usersecrets:ro
Final code for docker-compose.override.yml
which worked:
version: '3.4'
services:
project-api:
image: project-api
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
ports:
- "5001:443"
- "5000:80"
volumes:
- ~/.aspnet/https:/root/.aspnet/https:ro
- ~/.microsoft/usersecrets:/root/.microsoft/usersecrets:ro
Admin
Updated on May 09, 2021Comments
-
Admin about 3 years
I am trying to run an ASP.NET Core 3.1 framework based app on an Ubuntu (18.04.3 LTS) server using Docker container.
I created the following
docker-compose.yml
file to be able to run bothnginx-proxy
andprivate_image_name
images on my server. Obviously,nginx-proxy
is a proxy server that will be the proxy that would route traffic coming from the web to my other running images. I followed the article for thenginx-proxy
setup.version: '3.4' services: nginx-proxy: image: jwilder/nginx-proxy container_name: nginx-proxy ports: - 80:80 - 443:443 volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - certificates:/etc/certificates private_image_name: image: private_image_name:latest container_name: private_image_name depends_on: - nginx-proxy environment: - VIRTUAL_HOST=sub.domain-example.com - ASPNETCORE_ENVIRONMENT=Production - ASPNETCORE_URLS=https://+:443;http://+:80 ports: - 51736:80 - 44344:443 volumes: - storage:/storage - /var/run/docker.sock:/tmp/docker.sock:ro - certificates:/etc/certificates - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro volumes: storage: certificates: networks: default: external: name: nginx-proxy secrets: server.cert: file: ./server.cert server.key: file: ./server.key
Both
server.cert
andserver.key
files are stored in/etc/certificates
. Both files were created using the following commandsudo openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=CA/L=SF/O=Docker-demo/CN=app.example.org" -keyout server.key -out server.cert
I attempted to run both of my images by executing
docker-composer up
. However, thenginx-proxy
came up with no issue and whileprivate_image_name
failed to run. The following is what I get when running theprivate_image_name
attempts to start**WARNING**: The APPDATA variable is not set. Defaulting to a blank string. Recreating private_image ... done Attaching to private_image private_image | crit: Microsoft.AspNetCore.Server.Kestrel[0] private_image | Unable to start Kestrel. private_image | System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date. private_image | To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'. private_image | For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054. private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions) private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions) private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context) private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding) private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken) private_image | Unhandled exception. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date. private_image | To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'. private_image | For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054. private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions) private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions) private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context) private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding) private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken) private_image | at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken) private_image | at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken) private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token) private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token) private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host) private_image | at private_image.Program.Main(String[] args) in /src/private_image/Program.cs:line 17 private_image exited with code 139
The command
dotnet dev-certs https --trust
works on Windows and macOS only.Question
How can I fix this issue on the Ubuntu server? How can I correctly attach the SSL cert to the docker image?
Additionally, when I go to http://server-ip-address or http://sub.domain-example.com I get
503 Service Temporarily Unavailable nginx/1.17.5
And when I go to https://server-ip-address or https://sub.domain-example.com I get
Unable to connect.
-
Koryakov Konstantsin over 3 years@user1007074 As soon as application is configured to use https, kestrel web server requires certificate to make it work. You can check documentation about this environment variable in here: docs.microsoft.com/en-us/aspnet/core/fundamentals/host/…
-
VJPPaz almost 3 yearsthis step requires manual intervention with is not possible for docker. or is there a way to auto accept the prompt? "Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate."