![]() ![]() So ServerHello TLSv1. Now I have a ejabberd container that has the CA certs required permanently.Finally I checked it with this tool tsp hello dump and escalus By changing image: to build: # image: ejabberd/ecs:latest FROM ejabberd/ecs:latestĬhange my docker-compose.yml from using an image to building the Dockerfile. This means I have to build my own container by creating my own build/ejabbed/Dockerfile. Then I have to make the change permanent. Now I can see the certificates load without error in the log. ![]() A quick proof of this by going into the container and add ca-certificates and restarting ejabberd: docker-compose exec -u root ejabberd sh ![]() These are Let’s Encrypt certs and I know they are trusted, so why the error? Turns out the image ejabberd/ecs:latest doesn’t come with any CA certificates. When I started the service it complains that the certificate is signed by an untrusted CA! ejabberd/conf/certs:/home/ejabberd/conf/certs:rw ejabberd/conf/ejabberd.yml:/home/ejabberd/conf/ejabberd.yml:rw ejabberd/upload:/home/ejabberd/upload:rw ejabberd/database:/home/ejabberd/database:rw Which are mounted using my docker-compose.yml ejabberd: home/ejabberd/conf/certs/fullchain.pem Then add in the location of the certs I’m using: certfiles: A quick proof of this by going into the container and add ca-certificates and restarting ejabberd: docker-compose exec -u root ejabberd sh apk add ca-certificates exit docker-compose exec ejabberd sh bin/ejabberdctl restart Now I can see the certificates load without error in the log. # "/.well-known/acme-challenge": ejabberd_acme Should be easy enough, all I have to do is comment out the acme: stanza and the request_handlers:, maybe just the request_handler: would do it. This meant I could switch to the staging ACME, which would mean untrusted CA certificate errors, or use a previously issued certificate set until my blockage was cleared. When running the ejabberd docker image in my container set I ran into a problem where I hit the rate limiter on Let’s Encrypt. ![]()
0 Comments
Leave a Reply. |