bringing docker-compose up-to-date loads wrong certificate for updated containers under some circumstances

[rogervdf]

When updating a container to a new version with docker-compose up -d the new container doesn't always load the SSL certificate that has been specified for it in docker-compose.yaml.

For instance, I updated a container with #production cert and it loaded the #staging cert

I'll update this issue if I can be more specific when it happens again

[rogervdf]

it happened again - the things I did to force the correct certificate from being loaded, some of which may not have had any effect:

• specify steveltn/https-portal:1 instead of 1.x
• specify stage #production explicitly on a container
• docker-compose down and back up from scratch
• delete certificates that were not the production one

is there any reason or circumstance where https-portal should load no certificate or a staging one even though a production one is available?

[SteveLTN]

The way HTTPS-PORTAL loads certificate does not have "memory" of what was last used, it always try to read from Environment variable. It's rather strange that it loads the wrong certificate. I'd suspect it somehow reads the "wrong" ENV variable.

I would try add DEBUG: true and look for something like the following, to see if the stage was read correctly:

    puts "----------- BEGIN DOMAIN CONFIG -------------"
    puts "name: #{name}"
    puts "stage: #{stage}"
    puts "upstream: #{upstream}"
    puts "upstreams: #{upstreams.inspect}"
    puts "upstream_proto: #{upstream_proto}"
    puts "redirect_target_url: #{redirect_target_url}"
    puts "basic_auth_username: #{basic_auth_username}"
    puts "basic_auth_password: #{basic_auth_password}"
    puts "access_restriction: #{access_restriction}"
    puts "-------- --- END DOMAIN CONFIG  -------------"

[rogervdf]

Ever since strictly specifying the level of certificate per domain, this issue has not occurred