-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Let's Encrypt certificate #71
Comments
Why not?
True that, but since we generate if on every boot it will be there when needed. Are you running into specific issues? |
Actually, I am. Let's Encrypt allows only 5 certificates for the same domain per week. If you are testing or debugging your solution, you may blow that limit easily. After I tried testing something yesterday, I got this error message: |
For testing purposes you can use staging certificates instead. I think they should work fine with jitsi. @saghul Are untrusted certificates a problem for jitsi or maybe the mobile app? But yes when you deploy your application multiple times a week to production it may be a problem. |
A solution to easily integrate the staging environment to the init script would be to set an environment variable that will switch the |
Gotcha. We could store the certs in the volume and assume the cron job will renew them on time. We could also have an env variable to force-renew on startup.
Untrusted certs won't work on mobile. We already get tons of bogus reports from people trying to use self-signed certs on mobile, so I'd rather explore other solutions that don't involve untrusted certs. @carlososuna86 @sapkra so how about this: we start storing the certs in the data volume, then if some If you like the above, a PR would be most welcome, as I won't have time to work on it this week. |
Store them in the config volume so they are not regenerated on every boot. Closes: #71
Fixed in the |
Hey, I run into the same issue again because of testing. The reason is based on the docu, which says: "IMPORTANT: At the moment, configuration is not regenerated on every container boot, so if you make any changes to your .env file, make sure you remove the configuration directory before starting your containers again". See https://github.com/jitsi/docker-jitsi-meet#configuration Please update the docu, to watch out for the certificate. So it wont be deleted if necessary. Thx Cheers dennis |
For anyone finding this in the future, LE say that there's no way to clear the status of your domain-set until the 7 days "sliding window" has elapsed, regardless of how you spell, or arrange the domains in the |
Store them in the config volume so they are not regenerated on every boot. Closes: jitsi/docker-jitsi-meet#71
I am looking at the Let's Encrypt implementation.
Should we generate a new certificate every time the container is booted? Because validating
/etc/letsencrypt/live/$LETSNECRYPT_DOMAIN/fullchain.pem
will fail, since the container will not keep files that are not in volumes, after the container is shut down.The text was updated successfully, but these errors were encountered: