How to get SSL-certified django-daphne app?

Using Django Deployment
1

I am working on deploying dockerized Django app (4.0) with channels and daphne (4.0). I am using pure gunicorn for WSGI and daphne for ASGI both. I have deployed the app and is working fine in http without SSL certified. However, I can’t make it work to use HTTPS, because it fails the test. I have now spent many hours without success finding solutions.
certbot log

certbot  | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot  | Skipped user interaction because Certbot doesn't appear to be running in a terminal. You should probably include --non-interactive or --force-interactive on the command line.
certbot  | Account registered.
certbot  | Requesting a certificate for examples.com
certbot  | 
certbot  | Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
certbot  |   Domain: codeforkitchen.com
certbot  |   Type:   unauthorized
certbot  |   Detail: 23.xx.xx.xxx: Invalid response from http://codeforkitchen.com/.well-known/acme-challenge/_yTtIrfLPkCPzyrkDISG3MjSS6a3d2asZAxMUQZIc1Q: 404
certbot  | 
certbot  | Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
certbot  | 
certbot  | Some challenges have failed.
certbot  | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

/etc/nginx/conf.d/default.conf for testing purpose

upstream web {
    server dajngo-app:8000;
}

upstream daphne {
    server daphne:8001;
}

# server {
#     listen 80 default_server;
#     server_name _;
#     return 301 https://$host$request_uri;
# }

server {
    listen 80;
    server_name codeforkitchen.com;

    # use the certificates
    # ssl_certificate     /etc/letsencrypt/live/codeforkitchen.com/fullchain.pem;
    # ssl_certificate_key /etc/letsencrypt/live/codeforkitchen.com/privkey.pem;
    # root /var/www/html;
    # index index.php index.html index.htm;


    location /static/ {
        alias /app/static_root/;
        #   root /backend;
    }


    location /ws/ {
        proxy_pass         http://daphne;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection "Upgrade";
        proxy_set_header   Host $host;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

    location / {
        proxy_pass http://web;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_redirect     off;
        client_max_body_size 20M;
    }

    location ~ /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }
}

Here is the docker-compose.yaml

version: "3.9"

networks:
  umami:
    external: true

volumes:
  local_postgres_data:
  local_postgres_data_backups:
  # rabbitmq_data:
  static_volume:
  media_volume:
  # certbot:
  # html:
  # vhost:
  # acme:
  # portainer_data: {}

services:
  dajngo-app:
    container_name: "web"
    build:
      context: .
      dockerfile: "./docker/django/Dockerfile"
    command: "/start"
    restart: "always"
    env_file:
      - "./.env_files/.prod"
    # ports:
    #   - 8080:8000
    expose:
      - 8000
    volumes:
      - ".:/backend"
      # django static file -- collected
      - "static_volume:/backend/static_root"
      - "media_volume:/backend/media_root"
    depends_on:
      - "postgres"
      - "redis"
    networks:
      - umami

  daphne:
    container_name: "daphne"
    build:
      context: .
      dockerfile: "./docker/django/Dockerfile"
    command: "/start-daphne"
    restart: "always"
    env_file:
      - "./.env_files/.prod"
    # ports:
    #   - 8080:8000
    expose:
      - 8001
    volumes:
      - ".:/backend"
      # django static file -- collected
      - "static_volume:/backend/static_root"
      - "media_volume:/backend/media_root"
    depends_on:
      - "postgres"
      - "redis"
      - "dajngo-app"
    networks:
      - umami

  postgres:
    container_name: "postgres"
    build:
      context: .
      dockerfile: "./docker/postgres/Dockerfile"
    restart: "always"
    expose:
      - 5432
    volumes:
      - "local_postgres_data:/var/lib/postgresql/data"
      - "local_postgres_data_backups:/backups"
    env_file:
      - "./.env_files/.prod"
    networks:
      - umami

  redis:
    container_name: "redis"
    image: "redis:7.0-alpine"
    expose:
      - 6379
    networks:
      - umami

  nginx-proxy:
    container_name: "nginx"
    build:
      context: .
      dockerfile: "./docker/nginx/Dockerfile"
    restart: "always"
    ports:
      - "443:443"
      - "80:80"
    volumes:
      - "static_volume:/app/static_root"
      - "media_volume:/app/media_root"
      - "./docker/nginx:/etc/nginx/conf.d"
      - "./certbot/conf:/etc/letsencrypt"
      - "./certbot/www:/var/www/certbot"
    depends_on:
      - "dajngo-app"
      - "daphne"
    networks:
      - umami

  certbot:
    image: certbot/certbot
    container_name: certbot
    # Better internal volume; ext will be removed when container is removed
    volumes: 
      - ./certbot/conf:/etc/letsencrypt
      - ./certbot/www:/var/www/certbot
    # Better force-renewal; otherwise, error occurred when image is rebuilt
    command: certonly --webroot -w /var/www/certbot --force-renewal --email ${LETSENCRYPT_EMAIL} -d ${LETSENCRYPT_HOST} --agree-tos 
    depends_on:
      - "nginx-proxy"
    networks:
      - umami

Please give me some idea how to get SSL certified app.

Thanks in advance!

2

I’m sure there’s a way of making that all work, but we switched to doing DNS validation instead of HTTP validation. You might want to look at that as an option.