Docker image: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found
Solution 1
As soon as you've setup the certificate in nginx, I see no sense enabling it in the asp.net core container as your docker network is going to be visible to public via nginx.
To disable Kestrel Https listening just remove 443 port from the following code:
- ASPNETCORE_URLS=https://+:443;http://+:80
Replace it with:
- ASPNETCORE_URLS=http://+:80
Solution 2
For the folks that came here because of a similar problem, this helped me to resolve an issue:
Clean the development certificates:
dotnet dev-certs https --clean
Create a new one
dotnet dev-certs https -t
Solution 3
In my case the main issues was with docker-compose.override.yml file. Docker files were generated on Windows machine so the following lines were not correct for mac.
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
I had to replace them with the following lines:
- ~/.aspnet/https:/root/.aspnet/https:ro
- ~/.microsoft/usersecrets:/root/.microsoft/usersecrets:ro
Final code for docker-compose.override.yml which worked:
version: '3.4'
services:
project-api:
image: project-api
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
ports:
- "5001:443"
- "5000:80"
volumes:
- ~/.aspnet/https:/root/.aspnet/https:ro
- ~/.microsoft/usersecrets:/root/.microsoft/usersecrets:ro
Admin
Updated on May 09, 2021Comments
-
Admin about 3 years
I am trying to run an ASP.NET Core 3.1 framework based app on an Ubuntu (18.04.3 LTS) server using Docker container.
I created the following
docker-compose.ymlfile to be able to run bothnginx-proxyandprivate_image_nameimages on my server. Obviously,nginx-proxyis a proxy server that will be the proxy that would route traffic coming from the web to my other running images. I followed the article for thenginx-proxysetup.version: '3.4' services: nginx-proxy: image: jwilder/nginx-proxy container_name: nginx-proxy ports: - 80:80 - 443:443 volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - certificates:/etc/certificates private_image_name: image: private_image_name:latest container_name: private_image_name depends_on: - nginx-proxy environment: - VIRTUAL_HOST=sub.domain-example.com - ASPNETCORE_ENVIRONMENT=Production - ASPNETCORE_URLS=https://+:443;http://+:80 ports: - 51736:80 - 44344:443 volumes: - storage:/storage - /var/run/docker.sock:/tmp/docker.sock:ro - certificates:/etc/certificates - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro volumes: storage: certificates: networks: default: external: name: nginx-proxy secrets: server.cert: file: ./server.cert server.key: file: ./server.keyBoth
server.certandserver.keyfiles are stored in/etc/certificates. Both files were created using the following commandsudo openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=CA/L=SF/O=Docker-demo/CN=app.example.org" -keyout server.key -out server.certI attempted to run both of my images by executing
docker-composer up. However, thenginx-proxycame up with no issue and whileprivate_image_namefailed to run. The following is what I get when running theprivate_image_nameattempts to start**WARNING**: The APPDATA variable is not set. Defaulting to a blank string. Recreating private_image ... done Attaching to private_image private_image | crit: Microsoft.AspNetCore.Server.Kestrel[0] private_image | Unable to start Kestrel. private_image | System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date. private_image | To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'. private_image | For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054. private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions) private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions) private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context) private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding) private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken) private_image | Unhandled exception. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date. private_image | To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'. private_image | For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054. private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions) private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions) private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context) private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding) private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken) private_image | at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken) private_image | at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken) private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token) private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token) private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host) private_image | at private_image.Program.Main(String[] args) in /src/private_image/Program.cs:line 17 private_image exited with code 139The command
dotnet dev-certs https --trustworks on Windows and macOS only.Question
How can I fix this issue on the Ubuntu server? How can I correctly attach the SSL cert to the docker image?
Additionally, when I go to http://server-ip-address or http://sub.domain-example.com I get
503 Service Temporarily Unavailable nginx/1.17.5
And when I go to https://server-ip-address or https://sub.domain-example.com I get
Unable to connect.
-
Koryakov Konstantsin over 3 years@user1007074 As soon as application is configured to use https, kestrel web server requires certificate to make it work. You can check documentation about this environment variable in here: docs.microsoft.com/en-us/aspnet/core/fundamentals/host/…
-
VJPPaz almost 3 yearsthis step requires manual intervention with is not possible for docker. or is there a way to auto accept the prompt? "Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate."
