New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[HELP] Custom certificates producing exceptions #1175
Comments
Hello @mrUlrik, You should generate the base64 while keeping the header and footer of files. An example is available here : https://github.com/bunkerity/bunkerweb/tree/master/examples/kubernetes-tls $ head app3.crt
-----BEGIN CERTIFICATE-----
MIIFFzCCAv+gAwIBAgIUETXxobflxWhnHIL/u7KBRE/y4eswDQYJKoZIhvcNAQEL
...
$ base64 app3.crt
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZGekNDQXYrZ0F3SUJBZ0lVRVRYeG9iZmx4
...
Please tell us if that does the trick. |
Hello @mrUlrik, Don't hesitate to open a new issue if it's needed. |
Just wanted to come back and say thank you! I haven't been able to try it until now. Like so any others, I was certain I tried exactly what you said previously. :) |
What happened?
I am using Docker from Ubuntu packages, version: Docker version 26.1.1, build 4cf5afa
When attempting to apply a custom security certificate the scheduler produces the error in the log output below.
Originally I was attempting to use bunkerweb.CUSTOM_SSL_KEY and bunkerweb.CUSTOM_SSL_CERT on the individual containers which was producing this error. I assumed it was a file permissions issue so I attempted to brute force my way in by mounting the certificates directly into the scheduler. This also produced the same error. Failing that I went to include the base64 on CUSTOM_SSL_(KEY|CERT)_DATA
After a couple of days, I began to wonder if somehow Python did not like the SSL certificates being generated so I ripped the self-signed certificate Bunkerweb generated automatically and attempted to apply it using the methods outlined above.
For the sake of this post, I'll be including the config using CUSTOM_SSL_(KEY|CERT)_DATA and the self-signed certificate Bunkerweb generated as a demonstration.
I see that Python check_cert() function is doing b64decode on the string. Unsure of how it would react to the header and footer of the certificates (-----BEGIN CERTIFICATE----- / -----END CERTIFICATE-----) I also tried to include the certificates without them. This produces the same result.
I attempted to increase the log severity, but unfortunately that doesn't appear to impact the log level of the scheduler to gather more information. Though it doesn't appear that Python function responsible for failing would produce much more information either.
How to reproduce?
Using the Docker autoconf functionality, start a container using the bunkerweb.CUSTOM_SSL_KEY_DATA and bunkerweb.CUSTOM_SSL_CERT_DATA options using a self-signed certificate, perhaps one created by BunkerWeb.
Observe the error the log output below and observe that the Service is not responding through BunkerWeb.
Configuration file(s) (yaml or .env)
I also attempted on another service, to double check the work:
These logs are directly from the scheduler. bunkerweb simply reports that the certificates do not exist.
Relevant log output
BunkerWeb version
1.5.6
What integration are you using?
Docker
Linux distribution (if applicable)
Ubuntu 24.04 LTS
Removed private data
Code of Conduct
The text was updated successfully, but these errors were encountered: