Using already existing ssl certificates

[panomitrius]

I'm wondering how I should configure my already existing ssl certificates in docker-compose.yml? It says to use the argument "CUSTOM_CA_CERTIFICATES" but with what parameters should I use that?

[panomitrius]

I found a sollution by commenting the SSL_CERTIFICATE_GENERATION option and linking my current ssl certicates by adding them as volumes:
volumes:
#...after the other volume settings
- '/etc/letsencrypt/live/privkey.pem:/data/certs/zulip.key:ro'
- '/etc/letsencrypt/live/fullchain.pem:/data/certs/zulip.combined-chain.crt:ro'

[misaflo]

Hello,

Putting the certificates here works:

• /opt/docker/zulip/zulip/certs/zulip.key
• /opt/docker/zulip/zulip/certs/zulip.combined-chain.crt

[shanzez]

Which is the proper location? I don't see it mentioned in the documentation. Commenting out (or just not including) SSL_CERTIFICATE_GENERATION in the docker-compose.yml is not intuitive (to me at least). Especially, when I see in entrypoint that when you don't define it, it is just set to "self-signed".

I suppose I should set SSL_CERTIFICATE_GENERATION to anything except "self-signed" and "certbot". I'll go with "false".

docker-zulip/entrypoint.sh

Lines 162 to 165 in cd7692a

	*)
	echo "Not requesting auto-generated self-signed certs."
	GENERATE_CERTBOT_CERT="False"
	GENERATE_SELF_SIGNED_CERT="False"

I don't know about putting the certs in /opt/docker/zulip/zulip/certs. I don't see that in the documentation. I'll jump into the docker container once it exists and see if I can tell what the directory is doing.

I think perhaps the right place is:

      - "./zulip.key:/data/certs/zulip.key:ro"
      - "./zulip.combined-chain.crt:/data/certs/zulip.combined-chain.crt:ro"

with SSL_CERTIFICATE_GENERATION set to 'False'.

Update:
This worked for me on version 8.2-0.