Certify
The NGINX configuration in Promote requires TLS/SSL certificates. You must have files for keys and certificates accessible at /var/promote/certs on each node in the proper format. Otherwise, NGINX won't run.
Important
The installer generates self-signed certificates if the user doesn't have other certificates, but we don't recommend you use those for SSL/TLS encryption. We recommend using certificates that a certificate authority issues. However, self-signed certificates are adequate for on-premise installations that do not expose your servers to the internet.
Add or Change Certificates
Add or change certificates by following these instructions.
Note
You must restart NGINX as part of this process, which may cause downtime.
Obtain these from a certificate authority:
Key
Certificate
CA bundle
To create a certificate bundle, put the certificate and CA bundle in one file, certificate first.
Rename the key to "key.pem."
Rename the certificate to "cert.pem."
Secure copy the files to all three nodes, overwriting the existing cert.pem and key.pem in /var/promote/certs.
Restart NGINX:
# You only need to run this command on the master node. docker service update -force promote_nginx
You've updated your certificates for Promote.