SSl 无法使用 NGINX 在 Dockerized certbot 中获得本地颁发者证书

Question

我在 docker-compose 中的配置有问题。我有一个 docker 容器，后端服务器很少，NGINX 和一个单独的 certbot。所有配置文件都被固定，问题是首先，问题是certbot正确添加了所有内容，之后，NGINX看不到给客户端证书。几乎相同的配置适用于另一个域，所以我不知道出了什么问题，期待任何猜测。

docker-compose 文件

version: '3'
services:
  uploader:
    image: badconfig/backend2
    container_name: uploader
    tty: true
    environment:
      - DATABASE_URL=
    volumes:
      - ./migrations/:/redrufus/migrations/
    networks:
      - app-network
  server:
    image: badconfig/backend1
    container_name: server
    tty: true
    environment:
      - DATABASE_URL=
    ports:
      - "8088:8088"
    volumes:
      - ./migrations/:/redrufus/migrations/
    networks:
      - app-network
  redrufus_postgres:
    image: "postgres:12.6"
    container_name: redrufus_postgres
    restart: unless-stopped
    ports:
      - "7089:5432"
    environment:
      POSTGRES_DB: diesel_db
      POSTGRES_PASSWORD: 
      POSTGRES_USER: main
    networks:
      - app-network
    volumes:
      - pg_redrufus:/var/lib/postgresql/data
  nginx:
    image: nginx:1.15-alpine
    container_name: nginx
    restart: unless-stopped
    volumes:
      - ./data/nginx:/etc/nginx/conf.d
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    ports:
      - "80:80"
      - "443:443"
    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
    networks:
      - app-network
  certbot:
    image: certbot/certbot
    restart: unless-stopped
    container_name: cert-bot
    volumes:
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
    networks:
      - app-network
    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
volumes:
  pg_redrufus:
networks:
  app-network:
    driver: bridge

文件数据/nginx/app.conf

server {
    listen 80;
    server_name redrufus.art www.redrufus.art;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name redrufus.art www.redrufus.art;
    server_tokens off;
    client_max_body_size 15M;

    ssl_certificate /etc/letsencrypt/live/redrufus.art/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/redrufus.art/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    ## All static files will be served directly.
    root /var/tools;
    location /static {
        access_log off;
        expires 30d;
        add_header Cache-Control public;

        ## No need to bleed constant updates. Send the all shebang in one
        ## fell swoop.
        tcp_nodelay off;

        ## Set the OS file cache.
        open_file_cache max=3000 inactive=120s;
        open_file_cache_valid 45s;
        open_file_cache_min_uses 2;
        open_file_cache_errors off;
    }

    location /uploader/load {
        proxy_pass http://uploader:8088;
    }

    location /api {
        proxy_pass http://server:8088;
    }
}