Configure SSL

[danciaclara]

Description

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• Feature (non-breaking change which adds functionality)
• Improvement (change that would cause existing functionality to not work as expected)
• Code refactoring
• Performance improvements
• Documentation update

Screenshots and Media (if applicable)

Test Scenarios

References

---

Note

Adds a new self-hosting SSL/TLS setup guide and links it in the docs navigation.

• Documentation:
  • New guide: self-hosting/govern/configure-ssl.mdx detailing Let's Encrypt-based SSL setup, required env vars (CERT_EMAIL, SITE_ADDRESS, WEB_URL), optional DNS validation (CERT_ACME_DNS), restart via prime-cli, and verification steps.
• Navigation:
  • Add self-hosting/govern/configure-ssl to mint.json under Configure.

^{Written by Cursor Bugbot for commit 050a5d4. This will update automatically on new commits. Configure here.}

Summary by CodeRabbit

• Documentation
  • Added comprehensive guide for configuring SSL/TLS certificates in self-hosted Docker deployments, including prerequisites, environment setup, optional DNS-based validation, Let's Encrypt certificate issuance, and verification steps.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
developer-docs	Error		Dec 15, 2025 9:30pm

[coderabbitai]

Walkthrough

These changes introduce documentation for configuring SSL/TLS certificates in Plane Commercial Edition Docker deployments. A new guide is added covering prerequisites, environment variable setup, DNS-based validation, configuration steps, and verification procedures. A corresponding navigation entry is added to the documentation structure.

Changes

Cohort / File(s)	Summary
Documentation navigation mint.json	Added navigation entry for SSL/TLS configuration guide under Self-hosting > Configure section
New SSL configuration guide self-hosting/govern/configure-ssl.mdx	Comprehensive guide covering SSL/TLS setup for Docker deployments without external reverse proxy, including prerequisites, environment variables (CERT_EMAIL, SITE_ADDRESS, WEB_URL), DNS-based validation options, configuration steps, and verification procedures

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify navigation entry syntax and structure in mint.json
• Review documentation clarity, completeness, and markdown formatting in the new guide
• Confirm command examples and configuration steps are accurate and up-to-date

Poem

🐰 A guide hops into place with gentle care,
SSL certificates blooming in the Docker air,
From Let's Encrypt's embrace to DNS's delight,
Plane now secures its traffic, wrapped tight! 🔒✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Configure SSL' is concise and clearly describes the main change: adding SSL/TLS configuration documentation for Plane Commercial Edition with corresponding navigation entry.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch configure-ssl

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

self-hosting/govern/configure-ssl.mdx (2)

89-98: LGTM!

Basic verification steps are provided and appropriate for most users.

For enhanced verification, you could optionally add a command to check certificate details:

# Check certificate details including expiry
openssl s_client -connect plane.yourcompany.com:443 -servername plane.yourcompany.com < /dev/null 2>/dev/null | openssl x509 -noout -dates -issuer

---

6-6: Consider documenting certificate renewal behavior.

The guide mentions that Plane handles certificate provisioning and renewal automatically, but doesn't explain when or how renewal occurs. Consider adding a brief note about:

• Automatic renewal timing (e.g., certificates renew 30 days before expiry)
• Whether any user action is required
• How to check renewal logs if needed

This would help users understand the full lifecycle and reduce support questions about certificate expiry.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b3f2961 and 050a5d4.

📒 Files selected for processing (2)

• mint.json (1 hunks)
• self-hosting/govern/configure-ssl.mdx (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Cursor Bugbot

🔇 Additional comments (7)

mint.json (1)

118-118: LGTM!

The navigation entry is properly positioned within the Configure group and follows the correct format.

self-hosting/govern/configure-ssl.mdx (6)

1-12: LGTM!

The introduction clearly defines the scope and provides appropriate guidance for users with external reverse proxies.

---

14-24: LGTM!

Prerequisites are clearly listed with an appropriate DNS warning. The requirement for ports 80 and 443 is mentioned, though later the guide notes DNS validation as an alternative when port 80 is blocked.

---

26-55: LGTM!

The configuration variables are clearly explained with good examples distinguishing between SITE_ADDRESS (no protocol) and WEB_URL (with protocol).

---

74-87: LGTM!

The restart process is clearly explained with appropriate timing expectations. The step-by-step breakdown helps users understand what's happening during the SSL setup.

---

101-103: LGTM!

The limitation is clearly stated. Users needing custom certificates are already directed to use external reverse proxies in the introduction.

---

63-68: Regarding plaintext credentials: This is documentation using a placeholder example. Per project conventions, keeping examples simple with concrete placeholder values improves readability for users learning the API configuration.

Verify the CERT_ACME_DNS format: The format CERT_ACME_DNS=acme_dns cloudflare <cloudflare-api-token> should be confirmed against Plane's actual implementation. Standard acme.sh typically uses provider-specific environment variables (e.g., CF_Token, CF_Key for Cloudflare). Confirm this is the correct format for Plane's DNS provider configuration or update the documentation accordingly.