Zammad doesn't use Let's Encrypt Certificate

I have one UCS-VM which I installed only for “additional” Apps.
I installed “Open Project” and “Zammad” from App-Center.

When I access “Open Project” I get the right ssl-Certificate which is generated by Let’s Encrypt -App.
When I access “Zammad” on standard port (10412 for SSL) it serves the self-generated SSL-Certificate not the Let’s Encrypt one.

The idea is not to connect to the ports of Docker apps directly, but instead connect to the regular Apache running on the regular 443 which will act as a reverse proxy for all the Docker apps. That Apache will then use the LE certificate (or you can configure it to do so).

Caveat: I haven’t tried Zammad on UCS myself yet. The above is general advice for how apps usually work on UCS.


nano /etc/apache2/sites-available/zammad.conf


<VirtualHost *:10412>
        ServerName subdomain.domain.tld
        ServerAlias *.domain.tld

        Require local

    # Enable SSL
    SSLEngine on
    SSLProxyEngine on
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
    SSLCertificateFile /etc/univention/letsencrypt/signed_chain.crt
    SSLCertificateKeyFile /etc/univention/letsencrypt/domain.key
    SSLCACertificateFile /etc/univention/ssl/ucsCA/CAcert.pem

    RewriteEngine On
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass /ws ws:// "retry=1 acque=3000 timeout=600 keepalive=On"
    ProxyPass / "retry=1 acque=3000 timeout=600 keepalive=On"

Maybe the Zammad developers will want to check how these scenarios are handled in other apps. The code for this in the Mattermost app is located at

1 Like