Internet.nl icon indicating copy to clipboard operation
Internet.nl copied to clipboard
verified publisher icon internetstandards

Bring Your Own (BYO) certificates flow

Open bwbroersma opened this issue 1 year ago • 0 comments

Currently certbot is always enabled (although it's using staging on dev/testing). In the case of non-ACME certificates, or if running in an air-gapped environment it's needed to:

  • remove tls_init.sh https://github.com/internetstandards/Internet.nl/blob/30be0e8f5c15ed7aee22c5b136bd3fc4e546a947/docker/webserver.Dockerfile#L24
  • remove certbot.sh https://github.com/internetstandards/Internet.nl/blob/30be0e8f5c15ed7aee22c5b136bd3fc4e546a947/docker/webserver.Dockerfile#L18
  • mount/copy certificates to the letsencrypt path https://github.com/internetstandards/Internet.nl/blob/30be0e8f5c15ed7aee22c5b136bd3fc4e546a947/docker/webserver/nginx_templates/app.conf.template#L140-L141

Would be nice to document this, and maybe better facilitate the BYO certificates, by having a flag to disable certbot.

bwbroersma avatar Mar 26 '24 12:03 bwbroersma