Cannot start keycloak in docker with letsencrypt certificates

I can run KeyCloakk with folowinfg comand,

./bin/kc.sh start-dev \
--https-certificate-file=/etc/letsencrypt/live/$HOSTNAME/cert.pem \
--https-certificate-key-file=/etc/letsencrypt/live/$HOSTNAME/privkey.pem \
--hostname=$HOSTNAME

works as expected, on the same computer, i try to using docker

docker run -p 80:8080 -p 443:8443 \
  -v /etc/letsencrypt:/etc/letsencrypt:ro \
  -e KEYCLOAK_ADMIN=admin \
  -e KEYCLOAK_ADMIN_PASSWORD=change_me \
  -e JAVA_OPTS_APPEND="$JAVA_OPTS_APPEND" \
  quay.io/keycloak/keycloak:latest \
  start-dev \
  --https-certificate-file=/ect/letsencrypt/live/$HOSTNAME/cert.pem \
  --https-certificate-key-file=/ect/letsencrypt/live/$HOSTNAME/privkey.pem \
  --hostname=$HOSTNAME

It fails

2022-12-23 23:11:59,784 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (development) mode
2022-12-23 23:11:59,785 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: /ect/letsencrypt/live/keycloak.fhir-poc.hcs.us.com/cert.pem
2022-12-23 23:11:59,787 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) Key material not provided to setup HTTPS. Please configure your keys/certificates.

Any suggestions besides a reverse proxy?

Yes. I have one suggestion.

s/ect/etc/

7 Likes

...and if that isn't it, make sure whatever user is running Docker has permissions to read the private key--by default, only root can do so.

7 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.