docker: migrate to new external tls logic

- remove all traces of CHATMAIL_NOACME; purge certwatch service - introduce TLS_EXTERNAL_CERT_AND_KEY as per new logic
2026-06-09 21:21:09 +00:00 · 2026-02-20 08:50:29 +01:00
parent d9dce2ccee
commit dc2a6fda05
10 changed files with 29 additions and 56 deletions
@@ -3,5 +3,7 @@ MAIL_DOMAIN="chat.example.com"
 # CMDEPLOY_STAGES - default: "configure,activate". Set to "install,configure,activate" to force full reinstall.
 # CMDEPLOY_STAGES="configure,activate"

-# Skip acmetool when using an external certificate manager (e.g. Traefik, Caddy).
-# CHATMAIL_NOACME="True"
+# External TLS certificates (e.g. from Traefik, Caddy, certbot on the host).
+# Paths refer to locations *inside* the container.
+# Mount the cert files via a volume (see docker-compose.override.yaml.example).
+# TLS_EXTERNAL_CERT_AND_KEY="/certs/fullchain.pem /certs/privkey.pem"