Mattermost Peer-to-Peer Forum

SSL certificate for dockerized Mattermost installation

#1

Hi all - I was renewing the certificate from docker installation of Mattermost, following those instructions: https://github.com/mattermost/mattermost-docker#install-with-ssl-certificate

I renewed the certificate using certbot, then copied the cert.pem file to ./volumes/web/cert/cert.pem, and privkey.pem to ./volumes/web/cert/key-no-password.pem

but when I run docker-compose up, the app container fails. The error being:

Error: failed to load: invalid config: Config.IsValid: model.config.is_valid.tls_cert_file.app_error,

I think it’s because of the file permissions on the cert files, but I’m not sure.

$ sudo ls -al volumes/web/cert/
total 12
drwxrwxr-- 2 majdal docker   70 May  2 11:26 .
drwxr-xr-x 3 root   root     18 Sep 17  2018 ..
-rwxrwxr-- 1 majdal docker 1919 May  2 10:19 cert.pem
-rwxrwxr-- 1 majdal docker 3566 May  2 11:26 fullchain.pem
-rwxrwxr-- 1 majdal docker 1704 May  2 10:19 key-no-password.pem

Many thanks!

#2

Hi @majdal,

Would you be open to creating an issue on the docker project and the project creators will be able to assist you: https://github.com/mattermost/mattermost-docker/issues?

#3

Hey @amy.blais - I definitely can, but should we first make sure that it’s not an obvious problem that could be resolved here first?

#4

@pichouk Can you help take a look at this one?

1 Like
#5

In theory the certificate is only mounted on the web container so I don’t think that a permission issue will trigger an error message in Mattermost application.

This Mattermost application log message is on this part of the Mattermost code, but I don’t know what it means. If a Mattermost developper could help to explain what conditions triggers this message, maybe we would find the issue.

1 Like
#6

Is there someone we could mention here to follow up?

#7

Did you configured your Mattermost app to use TLS ? Because in your setup it’s the web container that terminate TLS so your Mattermost application should be configured to not using TLS. That’s maybe your trouble.

#8

@pichouk I did no changes beyond the basic setup described in the docker tutorial

Do you mean changing those lines? I tried both commented and uncommented versions, neither resolve the issue.

#9

Can you please provide the content of your config.json file please ?
Especially those keys :

  • ServiceSettings.ListenAddress
  • ServiceSettings.ConnectionSecurity
  • ServiceSettings.TLSCertFile
  • ServiceSettings.TLSKeyFile
  • ServiceSettings.UseLetsEncrypt
  • ServiceSettings.LetsEncryptCertificateCacheFile
  • ServiceSettings.Forward80To443