-
-
Notifications
You must be signed in to change notification settings - Fork 254
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
certbot support broken in ≥ 4.9-0 #381
Comments
Getting this on my self-hosted docker instance as well, even though I'm using an external certificate deployed by Nginx Proxy Manager to talk to the zulip container. I'm able to connect to the deployed URL, however zulip clients intermittently throw a self-signed certificate error. |
@thelazyoxymoron You’re seeing something unrelated that you’re going to have to debug on the Nginx Proxy Manager side. This issue is about the internal Certbot support inside docker-zulip. |
Zulip Server 4.9+ regressed Docker setups by always creating a /etc/letsencrypt directory in the top layer of the Docker container, meaning it couldn't be symlinked over from the volume mount. Since that volume mount has useful properties (providing and/or overriding LetsEncrypt setting), restore it and copy the in-image configs into the volume as defaults if and only if those files don't already exist in the volume. Fixes zulip#381.
Zulip Server 4.9+ regressed Docker setups by always creating a /etc/letsencrypt directory in the top layer of the Docker container, meaning it couldn't be symlinked over from the volume mount. Since that volume mount has useful properties (providing and/or overriding LetsEncrypt setting), restore it and copy the in-image configs into the volume as defaults if and only if those files don't already exist in the volume. Fixes zulip#381.
Zulip Server 4.9+ regressed Docker setups by always creating a /etc/letsencrypt directory in the top layer of the Docker container, meaning it couldn't be symlinked over from the volume mount. Since that volume mount has useful properties (providing and/or overriding LetsEncrypt setting), restore it and copy the in-image configs into the volume as defaults if and only if those files don't already exist in the volume. Fixes zulip#381.
Was anyone able to fix this or work around this? |
Between 4.8-1 and 4.9-0, we backported zulip/zulip#20512 and started unconditionally installing
certbot
, resulting in/etc/letsencrypt
existing in the base image, so this symlink never happens. This results in a broken symlink where the certificate should be.Discussion.
The text was updated successfully, but these errors were encountered: