I set up acme.sh Docker container alongside my HAProxy container to manage my certificates. I added
labels:
- sh.acme.autoload.domain=xxx.xxx
to my HAProxy container and
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DEPLOY_DOCKER_CONTAINER_LABEL=sh.acme.autoload.domain=xxx.xxx
- DEPLOY_DOCKER_CONTAINER_KEY_FILE=/xxx/certs/xxx.xxx.key
- DEPLOY_DOCKER_CONTAINER_CERT_FILE="/xxx/certs/cert.pem"
- DEPLOY_DOCKER_CONTAINER_CA_FILE="/xxx/certs/ca.pem"
- DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE="/xxx/certs/fullchain.pem"
- DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="pkill -SIGUSR2 haproxy"
to the acme.sh container.
Some time later my devices refused to connect to my services caused by an expired certificate. When I checked the certificate had been renewed the certificate files on the host machine were the correct new ones. So I checked the reload command to verify it is working and it is correct. Still the container was using the old certificate.
Is it possible that this way of deploying certificates to containers conflicts with bind mounts somehow?
I set up acme.sh Docker container alongside my HAProxy container to manage my certificates. I added
to my HAProxy container and
to the acme.sh container.
Some time later my devices refused to connect to my services caused by an expired certificate. When I checked the certificate had been renewed the certificate files on the host machine were the correct new ones. So I checked the reload command to verify it is working and it is correct. Still the container was using the old certificate.
Is it possible that this way of deploying certificates to containers conflicts with bind mounts somehow?