Hi Graham, You are right, there was a server_args file applying a --ssl-ca-certificate-file option with a wrong file name.
FYI - it's working now - and it will use the fullchain.pem file as the --ssl-certificate-file and it seems to work. So no need to extract things from the pem perhaps. Thank you! On Monday, 9 April 2018 14:25:59 UTC+10, Michael Kirk wrote: > > Hi, > > I'm trying to setup HTTPS on a cloud server running mod_wsgi-docker. > > I've used LetsEncrypt on the host to get a certificate, but it provides a > fullchain.pem file (along with privkey.pem). > > From the information provided by LetsEncrypt, it seems Apache should > be able to use fullchain.pem. But I'm not sure how to specify this via > the Docker CMD. > > Tried this for example (and a few other things): > > CMD [\ > "--https-port","443",\ > "--ssl-certificate-file","/app/sslCerts/fullchain.pem",\ > "--ssl-certificate-key-file","/app/sslCerts/privkey.pem",\ > "--server-name","foo.bar.com",\ > "app_entry.wsgi" ] > > But on startup, however, it exits with an error: > > server | AH00526: Syntax error on line 531 of > /tmp/mod_wsgi-localhost:80:1001/httpd.conf: > server | SSLCACertificateFile: file '/app/sslCerts/ca.crt' does not > exist or is empty > > Basically LetsEncrypt provides fullchain.pem, privkey.pem, cert.pem, and > chain.pem. > I can copy all these into the container, but am not sure what, if any, > switches I can use > in the CMD to have Apache use them. > > > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
