Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
LetsEncrypt configuration after Zulip is already installed (with self-signed certificates)
See original GitHub issueI read the documentation at https://zulip.readthedocs.io/en/latest/production/ssl-certificates.html#after-zulip-is-already-installed. It made me think, that running the command
/home/zulip/deployments/current/scripts/setup/setup-certbot --email=EMAIL HOSTNAME [HOSTNAME2...]
for my server and e-mail, would automatically switch everything over to using LetsEncrypt generated certificates. However, this is not the case. It does not change anything in the NGINX configuration, to make it use the newly generated certificate. One has to modify the NGINX configuration oneself.
This is fine, but I think it deserves to be mentioned in the documentation. The certbot output when running the above command will show, where the CERT_DIR is. So all one still needs to do is to point ssl_certificate and ssl_certificate_key of the NGINX configuration to the certificate and key inside the CERT_DIR and one is done.
Issue Analytics
- State:
- Created 2 years ago
- Comments:8 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I started out with self-signed certs and then the desktop and mobile app did not want to work with that. I concluded, that it is probably because the do not offer a way of reviewing and accepting a self-signed TLS certificate and that I would need to change to letsencrypt or other certificate. So I followed the docs and ran the
setup-certbotcommand. Still, whatever I tried, the website remained self-signed certificate. I tried the following:So I concluded, that it was indeed still serving the self-signed cert and I would need to adapt my NGINX configuration. I went ahead and looked again at the output of the
setup-certbotcommand. I followed the directory and found the actual location of the certs, which I then put into the default NGINX config of the running NGINX and reloaded that one. Case solved, now it served the letsencrypt certs.I have the same/similar issue.
Installed a Zulip Docker on Ubuntu. The server runs, but one can only connect to it via Firefox. The Windows and iPhone apps can not connect to the server. The certificate is shown as untrusted because “self-signed”, as indicated by the curl command (even though my docker-compose.yml has “certbot” in the SSL_CERTIFICATE_GENERATION field). So, I’ve started a shell in the container and ran the setup-certbot as described. The output says it successfully regenerated a certificate and placed the key/cert in the corresponding directory. However, nothing changed. Restarting the server does not help. ZelphirKaltstahl, could you please explain again how you made it work?
Thanks