Internal Domain Certificate authority for Webhooks and other SSL-Stuff #2678

New Issue

OVERLORD · 2026-02-05T04:46:14+03:00

OVERLORD commented

2026-02-05 04:46:14 +03:00

Originally created by @crpb on GitHub (Feb 28, 2022).

Attempted Debugging

I have read the debugging page

Searched GitHub Issues

I have searched GitHub for the issue.

Describe the Scenario

Hi there,
i have an installation in which we implemented the Webhooks to send Updates to the Intranet-Webserver.
Both the Bookstack and the Intranet-Site are accessible via SSL-Certificates from the internal Microsoft Certtificate Authority and so the verification from an Docker-Installation ( we used the linuxserver/bookstack release ) is throwing an SSL-Cert-Error.

So to be able to do as less as possible when i Update the Image ( Change the Numbers ) and just using one simple Docker-Compose-File I whipped up a script which will be run in the Docker-Guest from the /etc/periodic Folder. The script itself does an reboot which i just used out of laziness as the Guest does that within seconds...
And as it checks for the presence of the local Certificate in /etc/ssl/cert.pem it will only reboot once every update.

Here is my additional line in the docker-compose.yaml

...
    volumes:
...
      - ./bookstack/periodic/ca-add:/etc/periodic/hourly/ca-add
...

The Script with the relative Path
./bookstack/periodic/ca-add

#!/bin/bash

COMMPARED="$(comm -13 <(sort -u /etc/ssl/cert.pem) <(sort -u /config/keys/ca.crt))"
if [[ ! -z $COMMPARED ]]; then
  cp /config/keys/ca.crt /usr/local/share/ca-certificates/MYCA.crt
  update-ca-certificates
  reboot
else
  exit 0
fi

And the ca.crt i just throw in the config/keys-Folder.

It worked for couple of Updates so far.

I just wanted to share that solution for anyone out there who need's SSL-Verification with Non-Globally-Published Certificates from Mozilla :-)

Cheers.

Exact BookStack Version

22.02.1

Log Content

No response

PHP Version

No response

Hosting Environment

Docker with an Compose-File.

Originally created by @crpb on GitHub (Feb 28, 2022). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario Hi there, i have an installation in which we implemented the Webhooks to send Updates to the Intranet-Webserver. Both the Bookstack and the Intranet-Site are accessible via SSL-Certificates from the internal Microsoft Certtificate Authority and so the verification from an Docker-Installation ( we used the [linuxserver/bookstack](https://github.com/linuxserver/docker-bookstack) release ) is throwing an SSL-Cert-Error. So to be able to do as less as possible when i Update the Image ( Change the Numbers ) and just using one simple Docker-Compose-File I whipped up a script which will be run in the Docker-Guest from the `/etc/periodic` Folder. The script itself does an reboot which i just used out of laziness as the Guest does that within seconds... And as it checks for the presence of the local Certificate in `/etc/ssl/cert.pem` it will only reboot once every update. Here is my additional line in the `docker-compose.yaml` ``` ... volumes: ... - ./bookstack/periodic/ca-add:/etc/periodic/hourly/ca-add ... ``` The Script with the relative Path `./bookstack/periodic/ca-add` ``` #!/bin/bash COMMPARED="$(comm -13 <(sort -u /etc/ssl/cert.pem) <(sort -u /config/keys/ca.crt))" if [[ ! -z $COMMPARED ]]; then cp /config/keys/ca.crt /usr/local/share/ca-certificates/MYCA.crt update-ca-certificates reboot else exit 0 fi ``` And the `ca.crt` i just throw in the `config/keys`-Folder. It worked for couple of Updates so far. I just wanted to share that solution for anyone out there who need's SSL-Verification with Non-Globally-Published Certificates from Mozilla :-) Cheers. ### Exact BookStack Version 22.02.1 ### Log Content _No response_ ### PHP Version _No response_ ### Hosting Environment Docker with an [Compose-File.](https://github.com/linuxserver/docker-bookstack#docker-compose-recommended-click-here-for-more-info)

OVERLORD added the 🐕 Support label 2026-02-05 04:46:14 +03:00

OVERLORD closed this issue

2026-02-05 04:46:21 +03:00

OVERLORD commented

2026-02-05 04:46:25 +03:00

@MarcBollmann commented on GitHub (Apr 11, 2023):

In case anyone has also issues with Open-ID-Connect and an identity provider which is located in the intranet:

While logging in I got also an SSL error because the certificate of my intranet identity provider was not trusted. That's why I had to build my own Dockerfile and docker-image with a small modification:

FROM linuxserver/bookstack:23.02.3
ADD ./CERT_TO_BE_TRUSTED.crt  /usr/local/share/ca-certificates/CERT_TO_BE_TRUSTED.crt
RUN chmod 644 /usr/local/share/ca-certificates/CERT_TO_BE_TRUSTED.crt && update-ca-certificates

Build the docker-image with docker build . -t linuxserver/bookstack:YOUR_CUSTOM_TAG_NAME and reference it in the docker-compose file.

@MarcBollmann commented on GitHub (Apr 11, 2023): In case anyone has also issues with Open-ID-Connect and an identity provider which is located in the intranet: While logging in I got also an SSL error because the certificate of my intranet identity provider was not trusted. That's why I had to build my own Dockerfile and docker-image with a small modification: ``` FROM linuxserver/bookstack:23.02.3 ADD ./CERT_TO_BE_TRUSTED.crt /usr/local/share/ca-certificates/CERT_TO_BE_TRUSTED.crt RUN chmod 644 /usr/local/share/ca-certificates/CERT_TO_BE_TRUSTED.crt && update-ca-certificates ``` Build the docker-image with `docker build . -t linuxserver/bookstack:YOUR_CUSTOM_TAG_NAME` and reference it in the docker-compose file.

OVERLORD referenced this issue

2026-02-05 10:26:40 +03:00

[PR #3433] [MERGED] Bunch of tiny improvements #6197

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2678