[BUG] Bunerweb cannot load custom SSL certs

[OrvilleQ]

What happened?

https://discord.com/channels/854285298476646421/1153229153814978610/1278315662951059519

Since Bunkerweb cannot use DNS-01 to issue wildcard certificates without a subscription, I issued my own certificate with the correct permissions (both readable by the nginx user) and set them up in the Custom HTTPS certificate plugin. However, when I visit the website, it still uses the default certificate instead of the one I provided.

This happened both with linux and docker.

How to reproduce?

1. issue your own cert
2. trying to use them inside custom certificate plugin
3. access the domain

Configuration file(s) (yaml or .env)

#version: "3.5"

services:
  bunkerweb:
    image: bunkerity/bunkerweb:1.5.9
    ports:
      - 80:8080
      - 443:8443
    labels:
      - "bunkerweb.INSTANCE=yes"
    environment:
      - SERVER_NAME=FSN00
      - DATABASE_URI=postgresql://bunkerweb:[email protected]:5432/bunkerweb
      - AUTOCONF_MODE=yes
      - MULTISITE=yes
      - API_WHITELIST_IP=127.0.0.0/8 10.25.0.0/24
    volumes:
      - /var/lib/bunkerweb/certs:/var/lib/certs
    networks:
      - bw-universe
      - bw-services
    extra_hosts:
      - host.docker.internal:host-gateway

  bw-autoconf:
    image: bunkerity/bunkerweb-autoconf:1.5.9
    depends_on:
      - bunkerweb
      - bw-docker
    environment:
      - DATABASE_URI=postgresql://bunkerweb:[email protected]:5432/bunkerweb
      - AUTOCONF_MODE=yes
      - DOCKER_HOST=tcp://bw-docker:2375
    networks:
      - bw-universe
      - bw-docker
    extra_hosts:
      - host.docker.internal:host-gateway

  bw-scheduler:
    image: bunkerity/bunkerweb-scheduler:1.5.9
    depends_on:
      - bunkerweb
      - bw-docker
    environment:
      - DATABASE_URI=postgresql://bunkerweb:[email protected]:5432/bunkerweb
      - DOCKER_HOST=tcp://bw-docker:2375
      - AUTOCONF_MODE=yes
    networks:
      - bw-universe
      - bw-docker
    extra_hosts:
      - host.docker.internal:host-gateway

  bw-docker:
    image: tecnativa/docker-socket-proxy:nightly
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - CONTAINERS=1
      - LOG_LEVEL=warning
    networks:
      - bw-docker

  bw-ui:
    image: bunkerity/bunkerweb-ui:1.5.9
    networks:
      bw-docker:
      bw-universe:
        aliases:
          - bw-ui
    environment:
      - DATABASE_URI=postgresql://bunkerweb:[email protected]:5432/bunkerweb
      - DOCKER_HOST=tcp://bw-docker:2375
      - AUTOCONF_MODE=yes
    labels:
      - "bunkerweb.SERVER_NAME=xxxxxxxxxxxxxxx"
      - "bunkerweb.USE_UI=yes"
      - "bunkerweb.USE_REVERSE_PROXY=yes"
      - "bunkerweb.REVERSE_PROXY_URL=/xxxxxxxxxxxxxxx"
      - "bunkerweb.REVERSE_PROXY_HOST=http://bw-ui:7000"
      - "bunkerweb.INTERCEPTED_ERROR_CODES=400 404 405 413 429 500 501 502 503 504"
      - "bunkerweb.MAX_CLIENT_SIZE=50m"
      - "bunkerweb.AUTO_LETS_ENCRYPT=yes"
    extra_hosts:
      - host.docker.internal:host-gateway

networks:
  bw-universe:
    name: bw-universe
    ipam:
      driver: default
      config:
        - subnet: 10.25.0.0/24
  bw-services:
    name: bw-services
  bw-docker:
    name: bw-docker

Relevant log output

Found no log related to the domain.

BunkerWeb version

1.5.9

What integration are you using?

Docker

Linux distribution (if applicable)

Rocky Linux 9.4

Removed private data

• I have removed all private data from the configuration file and the logs

Code of Conduct

• I agree to follow this project's Code of Conduct

[fl0ppy-d1sk]

Hello @OrvilleQ,

I tried to reproduce but not luck.

First of all, I would suggest to not mix both base64 data and path. I tested using the path.

When using Docker, you need to mount the certificate folder on the scheduler container, not the BW one. You will need to do a chown 101:101 on the files.

And when using Linux double check that nginx user is also owner of the files.