The NGINX configuration in Promote requires TLS/SSL certificates. You must have files for keys and certificates accessible at /var/promote/certs on each node in the proper format. Otherwise, NGINX won't run.
The installer generates self-signed certificates if the user doesn't have other certificates, but we don't recommend you use those for SSL/TLS encryption. We recommend using certificates that a certificate authority issues. However, self-signed certificates are adequate for on-premise installations that do not expose your servers to the internet.
Add or Change Certificates
Add or change certificates by following these instructions.
You must restart NGINX as part of this process, which may cause downtime.
- Obtain these from a certificate authority:
- CA bundle
- To create a certificate bundle, put the certificate and CA bundle in one file, certificate first.
- Rename the key to "key.pem."
- Rename the certificate to "cert.pem."
- Secure copy the files to all three nodes, overwriting the existing cert.pem and key.pem in /var/promote/certs.
- Restart NGINX:
# You only need to run this command on the master node. docker service update -force promote_nginx
You've updated your certificates for Promote.