Closed ygaeon closed 1 year ago
Hey @ygaeon. You can start bridge in cli mode and use the import-tls-cert
command to import your own tls certifactes. You only need to do this once.
Oh, OK thanks. Will try this route... How would I go about to automatically refresh this certificate when manual cli commands are required? (In previous v2 I could refresh the certificate and restart the service for it to pick it up.)
We store the paths to the certificates, not the certificates themselves. Once your certificates update, you just need to restart bridge for the changes to take effect.
As per #315, it was identified that it was possible to export the TLS certificate so that it can be used with tools such as
mbsync
(https://isync.sourceforge.io/). However, I'm self-hosting protonmail-bridge in an container and thus, the self-signed cert provided doesn't work as it complainsError, certificate owner does not match hostname <server>
. (The self-signed cert expects localhost).I've loosely based my own
buildah
script on https://github.com/shenxn/protonmail-bridge-docker/ and everything works fine with Thunderbird etc. (if I turn off "Connection security" such as "STARTTLS", which is far from optimal).Expected Behavior
Allow me to add my own certificate as in v2 so that I can run protonmail-bridge on my server as I did before.
Current Behavior
I have to downgrade security (no STARTTLS).
Possible Solution
Allow me to add my own certificate. In v2 these were exposed in
.config/protonmail/bridge
.Steps to Reproduce
It's well described in the intro.. :)
Version Information
protonmail-bridge 3.2.0
Context (Environment)
Server Debian Bullseye Podman 3.0.1 Buildah 1.19.6
Detailed Description
Detailed in intro.. :)
Possible Implementation
As in "Possible Solution" above.. :)