Usually you would split a pem file into crt and key files.
https://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key
<https://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key>
and use those.
I am not sure why you are getting that error, as that would only occur if
supplying:
--ssl-ca-certificate-file
option and you gave it a wrong path.
Also, have you tried:
CMD [\
"--https-port","443",\
"--ssl-certificate-file","/app/sslCerts/cert.pem",\
"--ssl-certificate-key-file","/app/sslCerts/privkey.pem",\
"--server-name","foo.bar.com",\
"app_entry.wsgi" ]
as the names suggest they are the certificate and key file and shouldn't be
using fullchain.pem.
Graham
> On 9 Apr 2018, at 2:22 pm, Michael Kirk <[email protected]> wrote:
>
> Hi,
>
> I'm trying to setup HTTPS on a cloud server running mod_wsgi-docker.
>
> I've used LetsEncrypt on the host to get a certificate, but it provides a
> fullchain.pem file (along with privkey.pem).
>
> From the information provided by LetsEncrypt, it seems Apache should
> be able to use fullchain.pem. But I'm not sure how to specify this via
> the Docker CMD.
>
> Tried this for example (and a few other things):
>
> CMD [\
> "--https-port","443",\
> "--ssl-certificate-file","/app/sslCerts/fullchain.pem",\
> "--ssl-certificate-key-file","/app/sslCerts/privkey.pem",\
> "--server-name","foo.bar.com",\
> "app_entry.wsgi" ]
>
> But on startup, however, it exits with an error:
>
> server | AH00526: Syntax error on line 531 of
> /tmp/mod_wsgi-localhost:80:1001/httpd.conf:
> server | SSLCACertificateFile: file '/app/sslCerts/ca.crt' does not
> exist or is empty
>
> Basically LetsEncrypt provides fullchain.pem, privkey.pem, cert.pem, and
> chain.pem.
> I can copy all these into the container, but am not sure what, if any,
> switches I can use
> in the CMD to have Apache use them.
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "modwsgi" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected]
> <mailto:[email protected]>.
> To post to this group, send email to [email protected]
> <mailto:[email protected]>.
> Visit this group at https://groups.google.com/group/modwsgi
> <https://groups.google.com/group/modwsgi>.
> For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/modwsgi.
For more options, visit https://groups.google.com/d/optout.
