SSL Certificate using internal MS CA #5408

New Issue

OVERLORD · 2026-02-05T10:02:35+03:00

OVERLORD commented

2026-02-05 10:02:35 +03:00

Originally created by @jdakel88 on GitHub (Aug 22, 2025).

Attempted Debugging

I have read the debugging page

Searched GitHub Issues

I have searched GitHub for the issue.

Describe the Scenario

Hello,

I recently spun up a bookstack VM on ubuntu server running in docker with docker compose. It's been working flawlessly. I now wish to secure the site with an SSL cert. using my own CA, which is through Microsoft ADCA. I decided to use NGINX for this.

Following all documentation I could find, I generated the CSR request and private cert. on the server. I then placed that request into my CA and generated the cert itself, along with the CA chain, which includes the cert and intermediates.

I created paths to each cert file and uploaded the certs onto the server using nano: /opt/bookstack/certs

Then I updated the compose file, and NGINX config (in the same location), brought docker down and back up and are now getting ERR_CONNECTION_REFUSED. Please advise.

I actually restored the VM back to a working state so I can start fresh if someone can provide true guidance on how to do this properly :)

Exact BookStack Version

BookStack v25.07.1

Log Content

N/a - restored the VM back to working config.  Need assistance doing it properly.

Hosting Environment

docker compose | ubuntu server |

Originally created by @jdakel88 on GitHub (Aug 22, 2025). ### Attempted Debugging - [x] I have read the debugging page ### Searched GitHub Issues - [x] I have searched GitHub for the issue. ### Describe the Scenario Hello, I recently spun up a bookstack VM on ubuntu server running in docker with docker compose. It's been working flawlessly. I now wish to secure the site with an SSL cert. using my own CA, which is through Microsoft ADCA. I decided to use NGINX for this. Following all documentation I could find, I generated the CSR request and private cert. on the server. I then placed that request into my CA and generated the cert itself, along with the CA chain, which includes the cert and intermediates. I created paths to each cert file and uploaded the certs onto the server using nano: /opt/bookstack/certs Then I updated the compose file, and NGINX config (in the same location), brought docker down and back up and are now getting ERR_CONNECTION_REFUSED. Please advise. I actually restored the VM back to a working state so I can start fresh if someone can provide true guidance on how to do this properly :) ### Exact BookStack Version BookStack v25.07.1 ### Log Content ```text N/a - restored the VM back to working config. Need assistance doing it properly. ``` ### Hosting Environment docker compose | ubuntu server |

OVERLORD added the 🐕 Support label 2026-02-05 10:02:35 +03:00

OVERLORD closed this issue

2026-02-05 10:02:37 +03:00

OVERLORD commented

2026-02-05 10:02:38 +03:00

@ssddanbrown commented on GitHub (Aug 23, 2025):

Hi @jdakel88,

To help, I'll need to understand what container image you're using, what your compose looks like, and what nginx config changes you've made (and how you've made them).
Also, is nginx running on the Ubuntu machine (docker host) or as a container? Or something else?

@ssddanbrown commented on GitHub (Aug 23, 2025): Hi @jdakel88, To help, I'll need to understand what container image you're using, what your compose looks like, and what nginx config changes you've made (and how you've made them). Also, is nginx running on the Ubuntu machine (docker host) or as a container? Or something else?

OVERLORD commented

2026-02-05 10:02:41 +03:00

@jdakel88 commented on GitHub (Aug 24, 2025):

Hi ssddanbrown,

Thank you much for your assistance and willingness to help! I was able to figure this out. It was a few things I think (first time 😅).

I put each piece of the cert in their own directories. This time I placed each of the 3 files in the root cert dir: (/opt/bookstack/certs)
The nginx cert path was missing, or at least I think it was. I didn't manually create it last time like I did this time: (/opt/bookstack/nginx/certs)
Invalid CA chain, which our ADCA requires. When I went back to check my notes, I noticed I didn't have all the intermediaries bundled in there.

After updating these things above, I brought docker-compose down and back up -d again and successful!!

Thanks again for providing support. It makes me glad to know this community is thriving. :-)

@jdakel88 commented on GitHub (Aug 24, 2025): Hi ssddanbrown, Thank you much for your assistance and willingness to help! I was able to figure this out. It was a few things I think (first time 😅). 1. I put each piece of the cert in their own directories. This time I placed each of the 3 files in the root cert dir: (/opt/bookstack/certs) 2. The nginx cert path was missing, or at least I think it was. I didn't manually create it last time like I did this time: (/opt/bookstack/nginx/certs) 3. Invalid CA chain, which our ADCA requires. When I went back to check my notes, I noticed I didn't have all the intermediaries bundled in there. After updating these things above, I brought docker-compose down and back up -d again and successful!! Thanks again for providing support. It makes me glad to know this community is thriving. :-)

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5408