2018-12-23 11:00:12 +02:00
# Adjusting SSL certificate retrieval (optional, advanced)
2023-02-26 16:14:05 +02:00
By default, this playbook retrieves and auto-renews free SSL certificates from [Let's Encrypt ](https://letsencrypt.org/ ) for the domains it needs (e.g. `matrix.<your-domain>` and others)
2018-12-23 11:00:12 +02:00
2023-02-26 16:14:05 +02:00
This guide is about using the integrated Traefik server and doesn't apply if you're using [your own webserver ](configuring-playbook-own-webserver.md ).
2019-02-01 16:50:02 +02:00
2019-02-08 11:59:00 +02:00
2023-02-26 16:14:05 +02:00
## Using staging Let's Encrypt certificates instead of real ones
2019-02-08 11:59:00 +02:00
2023-02-26 16:14:05 +02:00
For testing purposes, you may wish to use staging certificates provide by Let's Encrypt.
2019-02-08 11:59:00 +02:00
2023-02-26 16:14:05 +02:00
You can do this with the following configuration:
2019-02-01 16:50:02 +02:00
```yaml
2023-02-26 16:14:05 +02:00
devture_traefik_config_certificatesResolvers_acme_use_staging: true
2019-02-01 16:50:02 +02:00
```
2019-02-08 11:59:00 +02:00
2023-02-26 16:14:05 +02:00
## Disabling SSL termination
2019-02-08 11:59:00 +02:00
2023-02-26 16:14:05 +02:00
For testing or other purposes, you may wish to install services without SSL termination and have services exposed to `http://` instead of `https://` .
2019-02-08 11:59:00 +02:00
2023-02-26 16:14:05 +02:00
You can do this with the following configuration:
2019-02-08 11:59:00 +02:00
```yaml
2023-02-26 16:14:05 +02:00
devture_traefik_config_entrypoint_web_secure_enabled: false
2019-02-08 11:59:00 +02:00
```
2023-02-26 16:14:05 +02:00
## Using self-signed SSL certificates
2022-03-03 18:15:39 +02:00
2023-02-28 22:07:16 +02:00
To use self-signed SSL certificates, you need to disable the certResolvers and the traefik-certs-dumper tool.
You also need to override the providers.file setting in the Traefik configs.
Create a file 'certificates.yml' in /devture-traefik/config/ with the following content:
2022-03-03 18:15:39 +02:00
2023-02-28 22:07:16 +02:00
```yaml
tls:
certificates:
- certFile: /ssl/cert.pem
keyFile: /ssl/privkey.pem
stores:
default:
defaultCertificate:
certFile: /ssl/cert.pem
keyFile: /ssl/privkey.pem
```
Place the key and your certificate in /devture-traefik/ssl/
You can use the matrix-aux role for this:
```yaml
matrix_aux_file_definitions:
- dest: /devture-traefik/ssl/privkey.pem
src: /path/to/privkey.pem
- dest: /devture-traefik/ssl/cert.pem
src: /path/to/cert.pem
- dest: /devture-traefik/config/certificates.yml
src: /path/to/certificates.yml
```
Then add the following to your vars.yml:
```yaml
devture_traefik_config_certificatesResolvers_acme_enabled: false
devture_traefik_certResolver_primary: ''
devture_traefik_ssl_dir_enabled: true
devture_traefik_configuration_extension_yaml: |
providers:
file:
filename: /config/certificates.yml
watch: true
matrix_playbook_traefik_certs_dumper_role_enabled: false
```