Hi, I am new to Mattermost but successfully managed to setup the dockerized version of MM for our very small team (7 Users). Everything works great, but there is still a big questionmark when it comes to the potential auto-renewal of the LE Certificate.
I found this link docker/docs/issuing-letsencrypt-certificate.md at main · mattermost/docker · GitHub and tried to understand the process (specifically the last part(renewal)). Unfortunately it is unclear to me if this script is outdated or still up to date and can be used as is and furthermore where to use it? As a seperate script or do I have to put this code inside another script?
Then there is also a service that can be used for renewal. When would it make sense to use it instead of the script from the link above?
Is there a complete(step-by-step) and up to date guide of how to renew the LE Certificate for dockerized deploys?
Sorry for all the questions at once 
I made some progress but still need some input.
The script does indeed work and a dry-run completed successfully.
The goal is to use it as a service on a systemd timer.
Therefore I altered the provided service-file for my environment to the following:
[Unit]
Description=Certbot certificate renew trigger
After=network-online.target
Wants=network-online.target
[Service]
Environment="VOLUME_ROOT=/home/mydockerpath"
Type=oneshot
ExecStart=/usr/bin/docker run --rm --name certbot --network mattermost \
-v '${VOLUME_ROOT}/certs/etc/letsencrypt:/etc/letsencrypt' \
-v '${VOLUME_ROOT}/certs/var/lib/letsencrypt:/var/lib/letsencrypt' \
-v shared-webroot:/usr/share/nginx/html \
certbot/certbot renew --webroot-path /usr/share/nginx/html
StandardOutput=file:/var/log/certbot-renew/certbot-renew.log
StandardError=file:/var/log/certbot-renew/certbot-renew.err
[Install]
WantedBy=multi-user.target
I changed the webroot folder to the one used when the intial certificate was generated using the issue-certificate.sh script inside the docker. Is that correct? The original service file just said “/webroot”. More clarification would be welcome.
I also added some logging (because why wouldn’t you?) and configured the timer.
Some help would be very welcome