My Certificates com from an acme-pod which fetches the certificates from the Let's encrypt CA.
They are stored as files in a volume which can be mounted into various containers needing them, but the exact filenames and directory structure is given.
To use them with this ejabberd-image it would be necessary to add another pre-script which takes the in-container path of a certificate for each domain (and the host-cert) and copies them to the .pem-file locations required by the startup procedure.
Furthermore, most cert sources do not naturally produce the combined format (priv-key ü cert + intermediate) required by ejabberd, so it would be necessary to specify multiple files which would be joined by the startup-script.
For example such a config would match the current scheme:
Edit: while trying to implement a PR for this I have found another issue: the private keys written by the acme-pod are only readable by root. The scripts inside this container run as the "ejabberd" user, which is not allowed to read the files. The use is already switched in the Dockerfile so it's not possible to move the script info an earlier state, gosu is not available in the base-image so it would be best to fetch a gosu binary in the Dockerfile.
My Certificates com from an acme-pod which fetches the certificates from the Let's encrypt CA. They are stored as files in a volume which can be mounted into various containers needing them, but the exact filenames and directory structure is given.
To use them with this ejabberd-image it would be necessary to add another pre-script which takes the in-container path of a certificate for each domain (and the host-cert) and copies them to the .pem-file locations required by the startup procedure.
Furthermore, most cert sources do not naturally produce the combined format (priv-key ü cert + intermediate) required by ejabberd, so it would be necessary to specify multiple files which would be joined by the startup-script.
For example such a config would match the current scheme:
Edit: while trying to implement a PR for this I have found another issue: the private keys written by the acme-pod are only readable by root. The scripts inside this container run as the "ejabberd" user, which is not allowed to read the files. The use is already switched in the Dockerfile so it's not possible to move the script info an earlier state, gosu is not available in the base-image so it would be best to fetch a gosu binary in the Dockerfile.