Arjan H.

The `docker-compose.yml` file is located in `/home/labca/boulder` so normally if you are in that directory, the docker compose command should work

I have no experience with override files. Perhaps the `networks:` field of the nginx service in the override file is **replacing** the networks instead of **appending**? You could try putting...

Let's Encrypt is working on short lived certificates (6 days) by defining profiles in a config file (config/ca.json). I haven't tested it yet and I don't know yet if/how clients...

Is there anything useful in the certbot log on why the certificate for nginx could not be created? ``` docker compose exec nginx cat /etc/nginx/ssl/certbot.log ``` I have seen those...

Well, it is line 62 in the [commander](https://github.com/hakwerk/labca/blob/master/commander) script, which calls the [renew](https://github.com/hakwerk/labca/blob/master/renew) script, but that is just calling certbot to generate the certificate so that isn't very helpful either...

I have added a warning to the release notes of v25.02 that it is no longer possible to upgrade LabCA systems that have the root CA key offline. Going forward...

I agree with you that this should be possible, however I had a quick look and it is not as trivial as I hoped to fix this. Currently mail-tester uses...

In the latest release (v24.09) it is now possible to either use the LabCA root certificate, or skip TLS server certificate validation completely for the email server

That error in the bmysql container is not causing this issue. It happens because of some circular dependency between boulder components. That error should go away after a short while...

Perhaps you could add a reverse proxy web server in front of the LabCA web GUI that uses a public certificate?