Hi, growthbook proxy can use certificates generate...
# ask-questionsl
loud-lock-75828
01/09/2025, 4:04 PMHi, growthbook proxy can use certificates generated by lets encrypt like fullchain.pem and privkey.pem? I get this error: "Error: error0480006CPEM routines::no start line"
h
happy-autumn-40938
01/10/2025, 6:38 AMIf you're putting your certs into your env variables, its likely the newline character. You can get around this via something like:
Copy code
HTTPS_KEY="-----BEGIN RSA PRIVATE KEY-----\nh13ufh13uhf91uhefu0h1ef.......\n-----END DSA PRIVATE KEY---"HTTPS_CERTl
loud-lock-75828
01/10/2025, 8:37 AMI am using them like this: -e "HTTPS_CERT=/certs/server.crt" \
-e "HTTPS_KEY=/certs/key.pem" \
-e "CACHE_ENGINE=memory" \
-e "NODE_TLS_REJECT_UNAUTHORIZED=0" \
-e "VERBOSE_DEBUGGING=1" \
-v "/GB/certsro" \
loud-lock-75828
01/10/2025, 8:45 AMI put them in the format you recommended but same error? Do you have a working gbproxy configuration for docker?
loud-lock-75828
01/10/2025, 8:47 AMalso what is the required certificate format: fullchain and private key or apache style?
loud-lock-75828
01/13/2025, 8:34 AM@happy-autumn-40938 I understand from Graham you worked on this, can you please advise? I cannot get gbproxy to work due to SSL errrors
loud-lock-75828
01/14/2025, 3:22 PM@happy-autumn-40938 @fresh-football-47124 please guys why its not working?
h
happy-autumn-40938
01/14/2025, 5:15 PMI can't seem to recreate your issue, my self-signed certs are working. What are you using to generate, or are these provided externally?
l
loud-lock-75828
01/14/2025, 5:43 PMThis is how I start the gbproxy
loud-lock-75828
01/14/2025, 5:44 PMmy certs are located in folder /GB/live/gb..../ as fullchain.pem and privkey.pem from LetsEncryot
loud-lock-75828
01/14/2025, 5:44 PMWhat do I do wrong in the command above or the certificates should be in another format than LetsEncrypt for webservers?
h
happy-autumn-40938
01/14/2025, 6:52 PMI mean HTTPS_CERT and KEY should be the value of the cert with "\n" replacing the newline character. But you already had that in a prior iteration. I don't know what else could be going wrong offhand.
Wondering if you have considered termination at the networking level instead of in the proxy itself
l
loud-lock-75828
01/14/2025, 6:54 PMI tried haproxy too but its not loading if I terminate SSL at haproxy level
loud-lock-75828
01/14/2025, 6:55 PMmind sharing a working configuration of your own?
h
happy-autumn-40938
01/14/2025, 6:57 PMmine is basically identical to yours but less production-ready. I think I followed this guide
https://stackoverflow.com/questions/66604487/how-do-i-generate-fullchain-pem-and-privkey-pem
l
loud-lock-75828
01/14/2025, 10:00 PMI think I progressed a bit
19 Views