I had to renew my SSL certs for this site, so while doing so I upgraded and addressed a few other issues.
First, apparently when I deployed the SSL certs last time I missed out some of the root certs in the chain. The vendor I used gives you each of the root certs individually and you need to manually concatenate them together yourself. More in another post on the steps I too to do this.
Since certs are part of my nginx Docker image, I rebuilt my image upgrading everything to latest versions. Since it was a also a couple of years since I last did this, I also had to go back through my posts here to work out the steps I took to deploy last time. I’ll post another update on the steps I took for this also later.
Turns out if you have an older base image downloaded locally and you try to rebuild your own image based on it a couple of years later, you could get errors running apt-get in your own Dockerfiles. I just got errors like this rebuilding an image that I first created 2 years ago:
Err http://archive.ubuntu.com/ubuntu/ trusty-updates/main libcurl3 amd64 7.35.0-1ubuntu2.14 404 Not Found [IP: 18.104.22.168 80] Get:16 http://archive.ubuntu.com/ubuntu/ trusty-updates/main ca-certificates all 20170717~14.04.1 [167 kB] Err http://archive.ubuntu.com/ubuntu/ trusty-updates/main krb5-locales all 1.12+dfsg-2ubuntu5.3 404 Not Found [IP: 22.214.171.124 80] Get:17 http://archive.ubuntu.com/ubuntu/ trusty/main libsasl2-modules amd64 2.1.25.dfsg1-17build1 [64.3 kB] Err http://security.ubuntu.com/ubuntu/ trusty-security/main libcurl3 amd64 7.35.0-1ubuntu2.14 404 Not Found [IP: 126.96.36.199 80] Err http://security.ubuntu.com/ubuntu/ trusty-security/main openssl amd64 1.0.1f-1ubuntu2.23 404 Not Found [IP: 188.8.131.52 80] Err http://security.ubuntu.com/ubuntu/ trusty-security/main curl amd64 7.35.0-1ubuntu2.14 404 Not Found [IP: 184.108.40.206 80] Fetched 1375 kB in 7s (175 kB/s) E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5support0_1.12+dfsg-2ubuntu5.3_amd64.deb 404 Not Found [IP: 220.127.116.11 80]
If you delete the base ubuntu image you have cached locally, and try again, you’ll pull down a latest image, and now your build should continue as expected.
It’s been 2 years since I migrated this site from a native install on a VPS to another VPS running Docker. I covered my migration in a number of posts, the first of which is here:
The surprising thing (maybe? maybe not?) is that the site has been up and running for the past 2 years with no issues. I think I rebooted the VPS a couple of times for reasons I can’t remember, but other than that the site’s been up reliably for the past 2 years.
It’s also been 2 years since I last renewed my SSL certificate, so time to do a couple of updates. More to come later.