Deploying Wazuh with Docker Compose is usually straightforward, but certificate and version mismatches can break startup quickly.
This guide covers two common failures:
not a directoryduring certificate bind mountsNon-string key at top level: 404while runninggenerate-certs.yml
Root issue: Docker treats file path as directory
Typical error:
Error response from daemon: ... error mounting ".../wazuh-certificates/root-ca.pem" ... not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)?Why it happens
Wazuh expects .pem files to exist on the host. If a mapped file does not exist, Docker may create a directory path instead. The container later reads it as a certificate file and fails.
Second trap: 404 masquerading as YAML
Common output:
docker-compose -f generate-certs.yml run --rm generator
# Non-string key at top level: 404This usually means you downloaded an HTML 404 Not Found page instead of a real YAML file due to wrong repository path/version.
Definitive fix
Step 1: clean broken state
docker-compose down
docker container prune -f
rm -rf wazuh-certificates/Optional image reset:
docker rmi wazuh/wazuh-dashboard:4.9.0 wazuh/wazuh-indexer:4.9.0 wazuh/wazuh-manager:4.9.0Step 2: clone matching version
git clone https://github.com/wazuh/wazuh-docker.git -b v4.9.0 wazuh_novo
cd wazuh_novo/single-nodeStep 3: generate certificates
docker-compose -f generate-certs.yml run --rm generatorStep 4: validate generated files
ls -l wazuh-certificates/Ensure entries are regular files (-rw-...), not directories (d...).
Step 5: start stack
docker-compose up -dGolden rule
Keep these aligned at all times:
- Docker image version
- YAML files from the same tag/branch
- Certificates generated from that exact config set
That consistency prevents most Wazuh Docker startup incidents.
This post is licensed under CC BY-NC.
Comments
Join the discussion below.
Comments are not configured yet. Add Cusdis settings in /assets/json/config/blog-comments-config.json.