Closed gadget1999 closed 5 years ago
v2ray plugin with ECC certificates can work normally.
Make sure the cert path is /root/.acme.sh/yourdomain.com_ecc/fullchain.cer
.
Looks the issue is behavior in v2ray plugin (it only reads domain.com folder by default, not _ecc folder). This is not something the Dockerfile should handle. I can get it working by specify the cert and key options for v2ray-opts, like below: server;mode=quic;host=yourdomain.com;cert=/root/.acme.sh/yourdomain.com_ecc/fullchain.cer;key=/root/.acme.sh/yourdomain.com_ecc/yourdomain.com.key
Thanks a lot for your help! closing this issue now.
It seems the docker image was updated today and custom cert path no longer works after this. (but it seems the Dockerfile on github was not changed?)
The V2RAY options used: server;mode=quic;host=yourdomain.com;path=/v2ray;cert=/root/.acme.sh/yourdomain.com/yourdomain.com.cer;key=/root/.acme.sh/yourdomain.com/yourdomain.com.key
Then it reports the following error (even though the file does exist and same as before) 2019/07/20 20:42:48 main: failed to parse config > main: failed to read cert > open /root/.acme.sh/yourdomain.com/yourdomain.com.cer: no such file or directory
Default option without specifying cert/key path still works though.
sorry, it's kind of strange. Now it's working again.
Some update: found that the issue was caused by a dumb mistake: the path to certificate was using host path, should have used mapped path within container.
Since ECC certificates are more secure, is it possible to support Acme.sh created ECC certificates? These certificates can be created like below, and located in domain.com_ecc folder, everything else are the same as regular RSA certificates. acme.sh --issue --keylength ec-384 -d domain.com --standalone
Thanks!