Mattermost, Inc.

[SOLVED] How to use Lets Encrypt with the Docker Image of Mattermost

Can anyone advise how to get the Docker image of MM to work with Let’s Encrypt? I’ve already got the LE certificates loaded in /etc/letsencrypt/live/my-domain but I don’t know how to get these certificates to be read/seen by MM?

I’m installing the docker image of Mattermost on Ubuntu 16.04. I’m following the instructions at https://docs.mattermost.com/install/prod-docker.html. However, step 3 ‘Setup TLS’ leads to this page https://github.com/mattermost/mattermost-docker#install-with-ssl-certificate and from there, the instructions read

Put your SSL certificate as ./volumes/cert/cert.pem and the private key that has no password as ./volumes/cert/key-no-password.pem. If you don’t have them you may generate a self-signed SSL certificate.

MM starts fine if environment: - MATTERMOST_ENABLE_SSL=false in docker-compose.yml

Thanks!

Sorry, the document has some typos. The correct paths are ./volumes/web/cert/cert.pem and ./volumes/cert/key-no-password.pem. Could you please try again with this corrected paths?

Ok, I tried adding these symlinks but I got an error in my browser after I edited MATTERMOST_ENABLE_SSL=true

sudo ln -s /etc/letsencrypt/live/mydomain.com/fullchain.pem /home/myuser/mattermost-docker/volumes/web/cert/fullchain.pem
sudo ln -s /etc/letsencrypt/live/mydomain.com/cert.pem /home/myuser/mattermost-docker/volumes/web/cert/cert.pem
sudo ln -s /etc/letsencrypt/live/mydomain.com/privkey.pem /home/myuser/mattermost-docker/volumes/cert/key-no-password.pem

Do you know what I’m doing wrong?

I think the symlinks don’t work because docker containers can’t access host’s filesystem outside of docker volume.

Could you copy the cert files into the volume instead and try again?

Hi eungjun.yi,

Thank you for this… unfortunately when I copied the let’s encrypt generated certificates to the locations below, I couldn’t access MM

/home/myuser/mattermost-docker/volumes/web/cert/fullchain.pem
/home/myuser/mattermost-docker/volumes/web/cert/cert.pem
/home/myuser/mattermost-docker/volumes/cert/privkey.pem
/home/myuser/mattermost-docker/volumes/cert/key-no-password.pem # this is just a renamed copy of privkey.pem

Do you know what I’m doing wrong?

Sorry, my mistake again. Please try ./volumes/web/cert/key-no-password.pem instead of ./volumes/cert/key-no-password.pem.

Great, thank you eungjun.yi, that’s done the trick…

All 3 certificates are now in

/home/myuser/mattermost-docker/volumes/web/cert/fullchain.pem
/home/myuser/mattermost-docker/volumes/web/cert/cert.pem
/home/myuser/mattermost-docker/volumes/web/cert/key-no-password.pem

And key-no-password.pem is just a renamed copy of privkey.pem from the Let’s Encrypt certificates…

How do you renew your Let’s Encrypt certificate? I guess Mattermost doesn’t do this for you. And I’m wondering how certbot can renew the certificate if ports 80/443 are bound to Mattermost?

FYI for non-Docker people: On a non-Docker AWS instance, I just had to copy fullchain.pem and the key.pem into any specific location and set the config.json cert and key configs to point to them. (this is Using Let’s Encrypt)