How to copy my certfiles into the rocketchat container?
I do not want to use traefik, since that simply does not work and seems to be too difficult to setup.
Server Setup Information
Version of Rocket.Chat Server: 7.3.1
Operating System: Fedora 41
Deployment Method: docker
Number of Running Instances: 1
DB Replicaset Oplog: ?
NodeJS Version:
MongoDB Version:
Proxy: traefik
Firewalls involved: iptables/regular non professional firewalls
Any additional Information
2025-02-19T20:14:51Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [mydomain.net]: error: one or more domains had a problem:\n[mydomain.net] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 31.17.80.151: Timeout during connect (likely firewall problem)\n" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["mydomain.net"] providerName=le.acme routerName=rocketchat@docker rule=Host(`mydomain.net`)
2025-02-19T20:14:52Z ERR error="accept tcp [::]:80: use of closed network connection" entryPointName=web
2025-02-19T20:14:52Z ERR error="accept tcp [::]:443: use of closed network connection" entryPointName=https
You should not expose Rocket directly. It should be sat behind a reverse proxy for your own security.
A proxy will protect you.
Rocket is NOT a web server - it just serves http code over port 3000. So you can’t ‘copy my certfiles into the rocketchat container’ because there is no web server there to use them - if you are not using traefik etc.
So you can use nginx or apache or whatever and add certs via dehydrated or certbot if you want simplicity. All as per the docs .
You probably ought to read some more on web servers, proxies, certificates etc as well so you understand the full interplay between them all.
I wanted to add, that certbot runs smoothly and successfully:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/mydomain.net/fullchain.pem
Key is saved at: /etc/letsencrypt/live/mydomain.net/privkey.pem
This certificate expires on 2025-05-21.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Yes, traefik is involved.
Since it was too difficult to set it up in the way I wanted, I used the traefik.yml, which is recommended along with rc usage.
However, I still had to add traefik to my docker network, which I have set up.
Rocket Chat and Traefik have not been able to communicate, since they were in separate networks.
After attaching them to the according network, the desired LE cert has being pulled.