[SOLVED] How to use Lets Encrypt with the Docker Image of Mattermost

Troubleshooting
1

Can anyone advise how to get the Docker image of MM to work with Let’s Encrypt? I’ve already got the LE certificates loaded in /etc/letsencrypt/live/my-domain but I don’t know how to get these certificates to be read/seen by MM?

I’m installing the docker image of Mattermost on Ubuntu 16.04. I’m following the instructions at https://docs.mattermost.com/install/prod-docker.html. However, step 3 ‘Setup TLS’ leads to this page https://github.com/mattermost/mattermost-docker#install-with-ssl-certificate and from there, the instructions read

Put your SSL certificate as ./volumes/cert/cert.pem and the private key that has no password as ./volumes/cert/key-no-password.pem. If you don’t have them you may generate a self-signed SSL certificate.

MM starts fine if environment: - MATTERMOST_ENABLE_SSL=false in docker-compose.yml

Thanks!

2

Sorry, the document has some typos. The correct paths are ./volumes/web/cert/cert.pem and ./volumes/cert/key-no-password.pem. Could you please try again with this corrected paths?

3

Ok, I tried adding these symlinks but I got an error in my browser after I edited MATTERMOST_ENABLE_SSL=true

sudo ln -s /etc/letsencrypt/live/mydomain.com/fullchain.pem /home/myuser/mattermost-docker/volumes/web/cert/fullchain.pem
sudo ln -s /etc/letsencrypt/live/mydomain.com/cert.pem /home/myuser/mattermost-docker/volumes/web/cert/cert.pem
sudo ln -s /etc/letsencrypt/live/mydomain.com/privkey.pem /home/myuser/mattermost-docker/volumes/cert/key-no-password.pem

Do you know what I’m doing wrong?

4

I think the symlinks don’t work because docker containers can’t access host’s filesystem outside of docker volume.

Could you copy the cert files into the volume instead and try again?

5

Hi eungjun.yi,

Thank you for this… unfortunately when I copied the let’s encrypt generated certificates to the locations below, I couldn’t access MM

/home/myuser/mattermost-docker/volumes/web/cert/fullchain.pem
/home/myuser/mattermost-docker/volumes/web/cert/cert.pem
/home/myuser/mattermost-docker/volumes/cert/privkey.pem
/home/myuser/mattermost-docker/volumes/cert/key-no-password.pem # this is just a renamed copy of privkey.pem

Do you know what I’m doing wrong?

6

Sorry, my mistake again. Please try ./volumes/web/cert/key-no-password.pem instead of ./volumes/cert/key-no-password.pem.

7

Great, thank you eungjun.yi, that’s done the trick…

All 3 certificates are now in

/home/myuser/mattermost-docker/volumes/web/cert/fullchain.pem
/home/myuser/mattermost-docker/volumes/web/cert/cert.pem
/home/myuser/mattermost-docker/volumes/web/cert/key-no-password.pem

And key-no-password.pem is just a renamed copy of privkey.pem from the Let’s Encrypt certificates…

8

How do you renew your Let’s Encrypt certificate? I guess Mattermost doesn’t do this for you. And I’m wondering how certbot can renew the certificate if ports 80/443 are bound to Mattermost?

9

FYI for non-Docker people: On a non-Docker AWS instance, I just had to copy fullchain.pem and the key.pem into any specific location and set the config.json cert and key configs to point to them. (this is Using Let’s Encrypt)