Usually you would split a pem file into crt and key files.

    https://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key 
<https://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key>

and use those.

I am not sure why you are getting that error, as that would only occur if 
supplying:

    --ssl-ca-certificate-file

option and you gave it a wrong path.

Also, have you tried:

CMD [\
    "--https-port","443",\
    "--ssl-certificate-file","/app/sslCerts/cert.pem",\
    "--ssl-certificate-key-file","/app/sslCerts/privkey.pem",\
    "--server-name","foo.bar.com",\
    "app_entry.wsgi" ]

as the names suggest they are the certificate and key file and shouldn't be 
using fullchain.pem.

Graham

> On 9 Apr 2018, at 2:22 pm, Michael Kirk <bandjal...@gmail.com> wrote:
> 
> Hi,
> 
> I'm trying to setup HTTPS on a cloud server running mod_wsgi-docker.
> 
> I've used LetsEncrypt on the host to get a certificate, but it provides a
> fullchain.pem file (along with privkey.pem).
> 
> From the information provided by LetsEncrypt, it seems Apache should
> be able to use fullchain.pem. But I'm not sure how to specify this via
> the Docker CMD.
> 
> Tried this for example (and a few other things):
> 
> CMD [\
>     "--https-port","443",\
>     "--ssl-certificate-file","/app/sslCerts/fullchain.pem",\
>     "--ssl-certificate-key-file","/app/sslCerts/privkey.pem",\
>     "--server-name","foo.bar.com",\
>     "app_entry.wsgi" ]
> 
> But on startup, however, it exits with an error:
> 
> server      | AH00526: Syntax error on line 531 of 
> /tmp/mod_wsgi-localhost:80:1001/httpd.conf:
> server      | SSLCACertificateFile: file '/app/sslCerts/ca.crt' does not 
> exist or is empty
> 
> Basically LetsEncrypt provides fullchain.pem, privkey.pem, cert.pem, and 
> chain.pem.
> I can copy all these into the container, but am not sure what, if any, 
> switches I can use
> in the CMD to have Apache use them.
> 
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "modwsgi" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to modwsgi+unsubscr...@googlegroups.com 
> <mailto:modwsgi+unsubscr...@googlegroups.com>.
> To post to this group, send email to modwsgi@googlegroups.com 
> <mailto:modwsgi@googlegroups.com>.
> Visit this group at https://groups.google.com/group/modwsgi 
> <https://groups.google.com/group/modwsgi>.
> For more options, visit https://groups.google.com/d/optout 
> <https://groups.google.com/d/optout>.

-- 
You received this message because you are subscribed to the Google Groups 
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to modwsgi+unsubscr...@googlegroups.com.
To post to this group, send email to modwsgi@googlegroups.com.
Visit this group at https://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.

Reply via email to