How to debug HTTPS/SSL not working in Rasa X with docker-compose

I have installed Rasa X using the docker-compose instructions at Docker Compose Installation

The installation is working.

However, trying to enable HTTPS on the installation is not working and I cannot see anything in the logs to give me a clue as to what could be going wrong.

I have step-by-step followed the instructions here: Customize Your Deployment

fullchain.pem and privkey.pem are in the certs directory, and I have chmod 770 them.

When I run docker-compose up, the Rasa X installation is available at the subdomain but not on HTTPS. I don’t see any SSL or HTTPS or .pem related errors in the logs when I run docker-compose logs.

How can I figure out why HTTPS isn’t working? Is there a log somewhere of some component that is looking for the certificate files or something?

From the instructions it seems as though HTTPS should just immediately work after copying the certificates, so I have no idea how to check on what should be happening and why it isn’t in this case.

Any help much appreciated.

I managed to get my Rasa X install working with HTTPS.

There seems to be a gap in the documentation on using HTTPS, at least with docker-compose.

Not mentioned in the docs, I needed to:

• Uncomment the line include /etc/nginx/conf.d/ssl.conf; in nginx-config-files/rasax.nginx.template
• Uncomment the lines in nginx-config-files/ssl.conf.template AND adjust them to change the paths /etc/nginx/certs/{fullchain,privkey}.pem to /etc/certs/{fullchain,privkey}.pem.

After this, my Rasa X installation works through HTTPS.

@justyn Thank you ! We have been struggling with this for days !

This was the solution! Thank you. Another question, is there a way to put SSL on the REST channel also? is the webhook

Hi, it is already isn’t it, could you elaborate?

hello @justyn i just saw this and it was what i as erching for, unfortunatly, mine isnt working when i checks the logs, they say :

nginx_1                  | 2021/09/22 13:43:00 [emerg] 1#1: cannot load certificate "/etc/rasa/bot_support/certs/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/rasa/bot_support/certs/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx_1                  | nginx: [emerg] cannot load certificate "/etc/rasa/bot_support/certs/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/rasa/bot_support/certs/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

i generated my certificate with certbot and then copy it in the my certs folder any idea @justyn ?

@M_R_LY perhaps you could shell into the docker instance and double check that the file is where you think it is? The error says it can’t find the file at /etc/rasa/bot_support/certs/fullchain.pem so that location would be the first thing I would check.

indeed that was it. i was specifying the wrong location, forgot that when you run docker-compose up -d command docker mounts certs folder in container according to what we wrote in docker-compose.yml as configuration in the nginx part. so instead of specifying the /etc/certs/fullchain.pem (the one in the container) i was referencing my /etc/rasa/bot_support/certs/fullchain.pem

Last question !! the certificate work only with mozilla ??? @justyn

Glad you sorted it, not sure about the mozilla question but in my case it certainly works with chrome.

Oh in my case its not working with chrome but with mozilla yes

Did you link it with telegram ? Am having some error with telegram integration @justyn

Hi Majnun, How do I generate certificate & copy them in certs folder?

hi you can do it with certbot

certbot certonly 

and then you follow the instructions you can follow this video if you want more informations (Ep #11 - Rasa Masterclass) Connecting an assistant to external messaging channels | Rasa 1.8.0 - YouTube

Hello ! For me, the complete solution was :

• Check that snap is installed (or look here)

sudo snap install core; sudo snap refresh core

• Install certbot :

sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

• Shutdown Rasa-X

cd /etc/rasa 
sudo docker-compose down

• Get the certificate:
  • It will ask you to choose an authentication method, choose 1 (Standalone)

sudo certbot certonly -d yourdomain.com

• Copy the files to let the docker container access them

sudo cp /etc/letsencrypt/live/yourdomain.com/privkey.pem /etc/rasa/certs/
sudo cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem /etc/rasa/certs/

• According to https://github.com/RasaHQ/rasa/issues/5689

sudo chmod 640 certs/privkey.pem

• According to How to debug HTTPS/SSL not working in Rasa X with docker-compose - #2 by justyn

  1. sudo nano nginx-config-files/rasax.nginx.template
  2. Uncomment the row # include /etc/nginx/conf.d/ssl.conf; and save.
  3. sudo nano nginx-config-files/ssl.conf.template
  4. Uncomment and change the files path: /etc/nginx/certs/{fullchain,privkey}.pem to /etc/certs/{fullchain,privkey}.pem

• Restart Rasa-X

sudo docker-compose up -d

Rasa-X is then available at https://yourdomain.com

Can you mark that this is the solution? thanks

Hi, I’ve now marked the steps I took as the solution, thanks.