Unable to add SSL certificate to Metabase

We need to secure our Metabase site with an SSL certificate. I've followed the instructions mentioned here: https://www.metabase.com/docs/latest/operations-guide/customizing-jetty-webserver.html#using-https-with-metabase

I've used the follow docker command to create the container:
sudo docker run -d -p 443:8443 -e "MB_DB_TYPE=postgres" -e "MB_DB_DBNAME=metabase" -v /home/ccc_azureuser:/keystore -e "MB_JETTY_SSL=true" -e "MB_JETTY_SSL_PORT=8443" -e "MB_JETTY_SSL_KEYSTORE=/keystore/CCC.keystore" -e "MB_JETTY_SSL_KEYSTORE_PASSWORD=xxxxxxx" -e "MB_DB_PORT=5432" -e "MB_DB_USER=postgres" -e "MB_DB_PASS=xxxxxx" -e "MB_DB_HOST=x.x.x.x" --name metabasessl metabase/metabase-enterprise

Screenshot of the file system inside the container showing the mounted keystore volume location in the correct location:

Screenshot of the docker image config:

The docker logs show no errors but the page throws this error when you go to access it:

Running the keytool -list -keystore CCC.keystore -v command verifies the certificates validity and it's a copy of a wildcard cert used on other resources without error.

Can you offer any assistance with this?

Sure, first of all it seems that you're trying Metabase Enterprise. We provide support for testers of the Enteprise edition if needed.

Regarding this issue: which domain you generated the certificate for and why are you using an IP address to connect to Metabase instead of a hostname?

I would strongly suggest that you do this with a reverse proxy rather than using JETTY directly to do SSL termination (the reverse proxy is faster, you can do HTTP/2, and you don't use the precious resources of Metabase for encrypting/decrypting traffic)

here's a docker-compose of the solution I would do in your case:

version: '3.7'
    image: metabase/metabase-enterprise:v1.41.0
    #image: metabase/metabase:v0.41.0
    container_name: metabase-reverse
    hostname: metabase-reverse
    - /dev/urandom:/dev/random:ro
    #  - 3000:3000
      - metanet-private
    image: nginx:1.21.3-alpine
    hostname: nginx
    container_name: nginx
      - $PWD/nginx.conf:/etc/nginx/conf.d/default.conf
      - metanet-private
      - metanet-public
      - 8081:80
      - metabase-reverse
    driver: bridge
    driver: bridge

(you need to create the nginx.conf)

also, it seems that you're using Azure, we have a guide for deploying on Azure and they'll do the SSL termination as well: https://www.metabase.com/docs/latest/operations-guide/running-metabase-on-azure.html

Thank you! I have implemented the nginx solution with success.