HTTPS certificates

Gitpod needs HTTPS certificates, your own Docker registry, or both to function properly. If you don’t have certificates, but a Docker registry available, jump to the next step.

Important: The HTTPS certificates for your domain must include, * and * Beware that wildcard certificates are valid for one level only (i.e. * is not valid for

To use the HTTPS certificates for your domain

  • echo values/https.yaml >> configuration.txt
  • place your certificates in secrets/https-certificates/ like so:

    |- cert.pem
    |- chain.pem
    |- fullchain.pem
    |- privkey.pem

Generate the dhparams.pem file using

openssl dhparam -out secrets/https-certificates/dhparams.pem 2048

Using Let’s Encrypt

If you do not have HTTPS certificates for your domain already, you can generate some using Let’s Encrypt. Asuming you have certbot installed, the following script will generate and configure the required certificates (notice the placeholders):

export WORKDIR=/workspace/letsencrypt

certbot certonly \
    --config-dir $WORKDIR/config \
    --work-dir $WORKDIR/work \
    --logs-dir $WORKDIR/logs \
    --manual \
    --preferred-challenges=dns \
    --email $EMAIL \
    --server \
    --agree-tos \
    -d *.ws.$DOMAIN \
    -d *.$DOMAIN \
    -d $DOMAIN

# move them into place
mkdir secrets/https-certificates
find $WORKDIR/config/live -name "*.pem" -exec cp {} secrets/https-certificates \;

# Generate dhparams
openssl dhparam -out secrets/https-certificates/dhparams.pem 2048

# Enable HTTPS
echo values/https.yaml >> configuration.txt