Permissions for ssl certs in bwdata


#1

I’m running a self-hosted instance of BW and–not surprisingly–I can’t figure out this docker nonsense for the life of me (dev request: lose it). My server is on my lan behind a pfsense box and I use wildcard LetsEncrypt certs distributed from that machine across the rest of the internal machines.

Enter certificate expiration.

So, while I AM using LetsEncrypt, the certs are coming from another machine and I just need to push them into the docker configs…I guess? I’ve tried all manner of options but I can’t get the BW instance to pick up the new certs. Nginx logs indicate the certs are seen but when that occurs it results in the following error:

nginx: [emerg] cannot load certificate “/etc/ssl/FQDN/certificate.crt”: BIO_new_file() failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen(’/etc/ssl/FQDN/certificate.crt’,‘r’) error:2006D002:BIO routines:BIO_new_file:system lib)

I’ve tried changing from crt to pem, various permissions on the file(s), etc, etc etc. No dice. What am I doing wrong here?


#2

this user-to-user support model isn’t working.

why are we paying a subscription fee for an unsupported mvp? :face_with_monocle: