Purpose:
This document provides step-by-step instructions on how to update CA certificates in a Docker-based installation of Terraform Enterprise (TFE) using the Flexible Deployment Option (FDO).
Prerequisites
- Access to the server running the Docker installation of TFE.
- New CA certificates ready to be installed.
- Understanding of where certificates are referenced in your docker-compose.yml file.
- Complete backup of the system.
Procedure
Stop the Terraform Enterprise Application
Before making any changes, you need to stop the TFE application to avoid any disruption or conflicts while updating the certificates.
docker compose down
This command stops all running containers for the TFE application.
Update the Certificates
- Locate the directory where your compose.yml stores certificates.
- By default, the path may be `./certs/`. Ensure your new certificates and key files are copied into this folder on the base machine.
- Replace the old certificates with the new ones, making sure the file names match what is referenced in your docker-compose.yml.
cp /path/to/new-certificate.crt ./certs/cert.pem
cp /path/to/new-certificate.crt ./certs/bundle.pem
cp /path/to/new-private-key.key ./certs/key.pem
Start the Terraform Enterprise Application
After updating the certificates, restart the application using Docker Compose. This will load the new certificates.
docker compose up -d
This command brings the application back online and runs it in detached mode, allowing you to monitor it without tying up your terminal.
Wait for Application to Start
It may take a few minutes for TFE to fully initialize and become available. During this time, you can monitor the logs to ensure that the application starts successfully and that the new certificates are applied correctly.
docker compose logs -f
You should see messages indicating that the containers have started and the services are running correctly.
Verification
After the application has started, access the TFE application using its URL and verify that the new certificates are in place by checking the security details in your browser.
Alternatively, you can use the `curl` command to ensure the new certificates are recognized:
curl -v https://your-tfe-domain.com
Troubleshooting
- If the application fails to start: Check the Docker logs for errors and ensure the certificates are correctly referenced in the docker-compose.yml file.
- If you receive certificate-related errors: Verify that the new certificates are valid and that both the certificate and key files are correctly placed in the `./certs/` directory.
By following these steps, you can successfully update the CA certificates in your Terraform Enterprise Docker installation under the Flexible Deployment Option (FDO).
- If you face issues, raise the issue to HashiCorp support.