Traefik certs_config.yaml is hard coded to one site name?

[jermdavis]

Think I've spotted an issue here - but apologies in advance if this is just me not understanding something.

I've cloned the repo and made some tweaks to simplify it to my needs (just want an XM0 instance, no need for the custom solution container) and I seemed to have it all working. Until I changed my site's name from the default of "dockerexamples" to something else.

I deleted the certs files generated in docker\traefik\certs and re-ran init.ps1 with my new value for $HostName. It completes without error, but when I start my containers I now get browser "site is not secure" errors, as it no longer likes the certificate.

Poking about, to try and work out why, I realise that certs_config.yaml is hard coded to assume the certificate files are named with "dockerexamples" (e.g. _wildcard.dockerexamples.localhost.pem) but init.ps1 has now generated cert files that have my new site name in them:

If I manually fix the certs_config.yaml file then it seems to start working again. So should the init script generate the certs config file too, perhaps? Or is there a better way of parameterising that file?

[vtml]

This is an issue. I think the ultimate correct fix is to look at the Sitecore Docker Tools, and take the same inspiration as the Powershell Script / Module that changes the .env files with the specified values, but changes the certs_config.yaml instead.

[ambrauer]

Agree, this is an issue. I think the best solution is probably to just take the hostname out of the equation? mkcert has options to speficy the file names. So...

In init.ps1:

& $mkcert -key-file key.pem -cert-file cert.pem "*.$($HostName).localhost"

and certs_config.yaml becomes:

tls:
  certificates:
    - certFile: C:\etc\traefik\certs\cert.pem
      keyFile: C:\etc\traefik\certs\key.pem