I’m working a university and we are using Mattermost for our project. Right now we are transitioning from a manual install to Mattermost Omnibus.
Since we have an IT department with it’s own certificate authority we don’t need letsencrypt to generate the tls certificates for us. We already have the certificates on the installation the we migrate from.
In the ansible playbook
reconfigure.yml certbot always runs and the nginx configuration is configured to the letsencrypt locations.
Is there an official way to not use letsencrypt and configure nginx to use our own cert location?
I can confirm that it is currently not possible using Omnibus only. It can be achieved configuring the SSL certificate in a different server that then routes the traffic to the Omnibus instance, that just needs to be configured with
thanks for the quick feedback. I followed your suggestions and Mattermost itself seem to work fine.
But there are some smaller problems I see with the approach. Aftern installing Mattermost for the first time ansible will start nginx using port 80. In order to server port 80 with another web server (in our case apache2) I have to stop the service, then start the other web server. When updating Mattermost ansible will try to (re)start nginx again, but will fail, because port 80 is already in use.
I think for institutions like our it department it would be a great improvement, when the Mattermost Omnibus package would support the use of your own certificate. The playbook already loads configuration from
/etc/mattermost/mmomni.yml. I think it should be possible to use
ssl_certificate as variables here and change the playbook slightly in order to make the certificates customizable and the certbot optional.
I had a look around where I could suggest this feature, or even provide a pull-request, but I’m not sure where to do so. Could you please give me a hint where I should make the suggestion?
I talked to the engineering team about this and have the following request created:
Hope that helps.
yes, this helps a lot. Thank you!
You are most welcome. Any time!