Letsencrypt certificates not saved? [SOLVED]

Hi, I’m running the latest gitea docker image with the builtin letsencrypt options, but for some reason the certificates are not saved. This caused gitea to order a new certificate on every restart of the docker image, which now led to letsencrypt blocking me for one week with TLS handshake error “too many certificates already issued for exact set of domains”.

My server settings look like this:

[server]
PROTOCOL              = https
APP_DATA_PATH         = /data/gitea
DOMAIN                = my.domain.omitted
SSH_DOMAIN            = my.domain.omitted
HTTP_PORT             = 3000
ROOT_URL              = https://my.domain.omitted/
DISABLE_SSH           = false
SSH_PORT              = 22
SSH_LISTEN_PORT       = 22
LFS_START_SERVER      = true
LFS_CONTENT_PATH      = /data/git/lfs
REDIRECT_OTHER_PORT   = true
PORT_TO_REDIRECT      = 3080
ENABLE_LETSENCRYPT    = true
LETSENCRYPT_ACCEPTTOS = true
LETSENCRYPT_DIRECTORY = https
LETSENCRYPT_EMAIL     = my@email.omitted

but there is no https directory in my /data/gitea directory.

Any idea what might be the issue?

The docker-compose.yaml file looks pretty standard and uses a docker volume to persist /data, which works for all the other settings and data:

version: "2"

networks:
  gitea:
    external: true

services:
  server:
    image: gitea/gitea:latest
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
    restart: always
    networks:
      - gitea
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "80:3080"
      - "443:3000"
      - "222:22"

Got a new subdomain and fixed it.

Please consider updating the documentation for LETSENCRYPT_DIRECTORY, to say that this is an absolute path, so the default value https will not be placed in the APP_DATA_PATH, which for docker installations is the only suggested docker volume. The LETSENCRYPT_DIRECTORY gets directly passed through to the underlying autocert library.

After setting LETSENCRYPT_DIRECTORY=/data/gitea/https it worked correctly.

Could you send a PR for that? Thanks for advance.