SSL self-signed config does not work

The web page just continuously reverts to 'Warning: Potential Security Risk Ahead" after clicking through the self-signed warning. Tested in both firefox and chrome. The following is from the pydio.json file:

“cert”: {
“proxy”: {
“self”: true,
“ssl”: true

The following are the env vars in the docker-compose file:

  • CELLS_EXTERNAL=https://:8087

The actual domain has been replaced above with DOMAIN. Cells worked initially with SSL but when I removed the pydio container and recreated it, that is when things started to go awry.

How do I resolve this issue? Is the cells container creating new SSL certs each time the container is recreated?

Hello @alpha23,

The web server used by Cells is Caddy, and caddy stores the self signed certificates in memory and they are also only valid for 7 days, you should either use your own self signed (mounted in a volume) or no ssl.

The above occurred on day 1 so adding the self-signed certs may not resolve the issue. Please advise.

Also, what is the volume that the self-signed certs need to be added to and what commands need to be executed to ensure that the self-signed certs are recognized by the server?

When you re-run a container Caddy regenerates a new self-signed, your browser might be confused by that.

Follow the instruction about custom certificates (yours will be a self signed).

I added custom ssl certs to an existing install (by bind mounting the files per the example) but the cert for the server is still the Caddy self-signed cert. I verified that the files were correctly mounted in the container.

Server certificate
subject=/O=Caddy Self-Signed
issuer=/O=Caddy Self-Signed

No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits

SSL handshake has read 759 bytes and written 423 bytes
Verification error: unable to verify the first certificate

New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Protocol : TLSv1.2
Session-ID: A1D9C8E247ECA01E25B01671812CE987A21D9E9F8572293AC54329B8CDE3A0DB
Master-Key: D314B480003EBBC80761776D87B504C7493F56EA6930CE8FC47A3117E5504B9641CB42EDB07288EAE6462A9B2F2BB714
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket:
0000 - 11 85 d2 ba e2 15 06 d7-20 6a e2 1b 63 b9 38 67 … j…c.8g
0010 - 1b 51 c6 34 bb c8 82 73-cd 94 29 62 92 f3 14 45 .Q.4…s…)b…E
0020 - dd 18 e9 1d 38 67 37 35-fc ce 89 36 be 39 e5 bb …8g75…6.9…
0030 - b7 20 45 a3 27 8f ad dc-46 d4 e2 db e6 c6 a0 c7 . E.’…F…
0040 - cd 3e 23 81 44 20 35 bb-d0 73 1e b4 2b ef 76 8f .>#.D 5…s…+.v.
0050 - 71 63 6e 27 98 58 95 77-cb 1a 53 71 3d ca 19 d6 qcn’.X.w…Sq=…
0060 - 7b 95 d9 90 c8 73 0f 82-3f 1b b2 22 8d 8f 76 65 {…s…?.."…ve
0070 - 61 2d 16 50 cd c9 c7 da- a-.P…

Start Time: 1568219590
Timeout   : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no


Are you also storing this in the data volume?