diff --git a/web/rootfs/defaults/ssl.conf b/web/rootfs/defaults/ssl.conf index a52503d78c..f5f903f4d4 100644 --- a/web/rootfs/defaults/ssl.conf +++ b/web/rootfs/defaults/ssl.conf @@ -5,8 +5,8 @@ ssl_session_tickets off; # ssl certs {{ if .Env.ENABLE_LETSENCRYPT | default "0" | toBool }} -ssl_certificate /etc/nginx/acme/{{ .Env.LETSENCRYPT_DOMAIN }}/fullchain.pem; -ssl_certificate_key /etc/nginx/acme/{{ .Env.LETSENCRYPT_DOMAIN }}/key.pem; +ssl_certificate /config/acme-certs/{{ .Env.LETSENCRYPT_DOMAIN }}/fullchain.pem; +ssl_certificate_key /config/acme-certs/{{ .Env.LETSENCRYPT_DOMAIN }}/key.pem; {{ else }} ssl_certificate /config/keys/cert.crt; ssl_certificate_key /config/keys/cert.key; diff --git a/web/rootfs/etc/cont-init.d/10-config b/web/rootfs/etc/cont-init.d/10-config index 6b774df5b3..abe19490d6 100644 --- a/web/rootfs/etc/cont-init.d/10-config +++ b/web/rootfs/etc/cont-init.d/10-config @@ -16,7 +16,7 @@ if [[ $DISABLE_HTTPS -ne 1 ]]; then sh ./acme.sh --install --home /config/acme.sh --accountemail $LETSENCRYPT_EMAIL popd fi - if [[ ! -f /etc/nginx/acme/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then + if [[ ! -f /config/acme-certs/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then STAGING="" if [[ $LETSENCRYPT_USE_STAGING -eq 1 ]]; then STAGING="--staging" @@ -37,11 +37,11 @@ if [[ $DISABLE_HTTPS -ne 1 ]]; then echo "Exiting." exit 1 fi - mkdir -p /etc/nginx/acme/$LETSENCRYPT_DOMAIN + mkdir -p /config/acme-certs/$LETSENCRYPT_DOMAIN if ! /config/acme.sh/acme.sh \ --install-cert -d $LETSENCRYPT_DOMAIN \ - --key-file /etc/nginx/acme/$LETSENCRYPT_DOMAIN/key.pem \ - --fullchain-file /etc/nginx/acme/$LETSENCRYPT_DOMAIN/fullchain.pem ; then + --key-file /config/acme-certs/$LETSENCRYPT_DOMAIN/key.pem \ + --fullchain-file /config/acme-certs/$LETSENCRYPT_DOMAIN/fullchain.pem ; then echo "Failed to install certificate." # this tries to get the user's attention and to spare the # authority's rate limit: