Bring Your Own (BYO) certificates flow #1363

bwbroersma · 2024-03-26T12:19:50Z

Currently certbot is always enabled (although it's using staging on dev/testing).
In the case of non-ACME certificates, or if running in an air-gapped environment it's needed to:

remove tls_init.sh

Internet.nl/docker/webserver.Dockerfile

Line 24 in 30be0e8

COPY docker/webserver/tls_init.sh /docker-entrypoint.d/tls_init.sh
remove certbot.sh

Internet.nl/docker/webserver.Dockerfile

Line 18 in 30be0e8

COPY docker/webserver/certbot.sh /docker-entrypoint.d/certbot.sh

mount/copy certificates to the letsencrypt path

Internet.nl/docker/webserver/nginx_templates/app.conf.template

Lines 140 to 141 in 30be0e8

    
           ssl_certificate /etc/letsencrypt/live/${INTERNETNL_DOMAINNAME}/fullchain.pem; 
        
           ssl_certificate_key /etc/letsencrypt/live/${INTERNETNL_DOMAINNAME}/privkey.pem;

Would be nice to document this, and maybe better facilitate the BYO certificates, by having a flag to disable certbot.

The text was updated successfully, but these errors were encountered:

bwbroersma added documentation documentation infrastructure-docker labels Mar 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bring Your Own (BYO) certificates flow #1363

Bring Your Own (BYO) certificates flow #1363

bwbroersma commented Mar 26, 2024 •

edited

Bring Your Own (BYO) certificates flow #1363

Bring Your Own (BYO) certificates flow #1363

Comments

bwbroersma commented Mar 26, 2024 • edited

bwbroersma commented Mar 26, 2024 •

edited