-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ocis_wopi with embedded certificates - certificates get recreated on each compose up #9224
Comments
After a discussion with @dragonchaser the current behaviour is maybe intended (to be discussed) and as alternative, we could add manually created self signed certificates. Q: With the current example, are LE certificates reused from the traefik volume defined or re-downloaded from LE post startup? |
Without manual intervention there are no LetsEncrypt certificates at all. example@example.org is not a email you could get certificates for. (Please check the logs, those should state this) I'm not sure if it is possible to stop Traefik from generating self signed certificates over and over again. Please not that this is only happening for self signed certificates, not when LetsEncrypt is involved. |
With a lot of searching, I have found a potential solution. The way to go is to define own self signed certificates, where you need to tell traefik which certificates to use. As reference to derive from, we can take docker compose with traefik and certs. Any additional configuration needed for self singend certs could be made in an extra compose file that gets defined in |
@mmattel Yes the can be stored but not as you might expect it. If you run multi-node traefik installations. You can use a persistent volume to share these certs between the nodes. But if you restart/upgrade the traefik-deployment it will still regenerate the certs. This is expected/intended behaviour with traefik and lets encrypt. For any other use-case you can configure traefik with your own bought certs or your own toolchain. But this is not a use-case for the example deployment and IMHO not relevant. |
Out of scope, Letsencrypt is the farthest we will document for the entry-level documentation. |
When the
ocis_wopi
deployment example is started withdocker compose up
, self signed certificates are created if no internet is available.But when getting the example down and restarting it with up, the certificates are recreated.
This makes any formerly accepted certrifcates for *.owncloud.test useless and you must manually re-accept all certificates of the test-domain in the browser. This is bad for the easy entry docs.
Could the example be adapted in a way that if self signed certificates have been created, they do not get recreated on each startup?
@wkloucek do you have an idea?
@tbsbdr @micbar
The text was updated successfully, but these errors were encountered: