Skip to content

Fix HTTPS certificate/webserver not loading on first Docker start from environment variables #1574

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

Fix HTTPS certificate/webserver not loading on first Docker start from environment variables #1574

wants to merge 3 commits into from

Conversation

@pauld-0110
Copy link

@pauld-0110 pauld-0110 commented Nov 25, 2025

Problem

When starting the DNS Server in Docker for the first time with HTTPS enabled via environment variables (e.g., DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=true), the TLS certificates failed to load, causing HTTPS to not bind.
A container restart was required for HTTPS to work properly.

Root Cause

The certificate loading process in LoadConfigFile() was called before _dnsServer was initialized in StartAsync(). The CheckAndLoadSelfSignedCertificate() method requires _dnsServer.ServerDomain to generate self-signed certificates (line 2252), which caused a NullReferenceException that was silently caught during the first startup.

Solution

Deferred certificate loading until after _dnsServer initialization by:

  • Added flags to track pending certificate operations:
    _pendingLoadCustomCertificate - for custom certificate paths
    _pendingLoadSelfSignedCertificate - for self-signed certificates
  • Modified LoadConfigFile() to set flags instead of immediately loading certificates when reading from environment variables
  • Added certificate loading in StartAsync() after _dnsServer initialization but before web service starts

Testing

Tested on first Docker container start with:

  • Self-signed certificates (DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=true)
  • Custom certificates (DNS_SERVER_WEB_SERVICE_TLS_CERTIFICATE_PATH=/path/to/cert.pfx)
  • Container restart (existing config file)

Log output showing successful first-start HTTPS binding:

[2025-11-25 10:06:54 Local] Web Service TLS certificate was loaded: /etc/ssl/wildcard-certificate.pfx
[2025-11-25 10:06:54 Local] [0.0.0.0:80] [HTTP] Web Service was bound successfully.
[2025-11-25 10:06:54 Local] [0.0.0.0:443] [HTTPS] Web Service was bound successfully.

@pauld-0110
fix: load TLS certificates from env vars on first Docker start
1e07761 
Certificates are now properly loaded when HTTPS is configured via environment
variables on first start, eliminating the need for a restart.
@pauld-0110
fix: defer certificate loading until after DNS server init in Docker
52db019 
Certificates are now loaded after _dnsServer initialization to prevent
NullReferenceException when CheckAndLoadSelfSignedCertificate() accesses
_dnsServer.ServerDomain during first start from environment variables.
@pauld-0110
fix: defer HTTPS certificate loading until after DNS server init
4a45984 
Certificates are now loaded after _dnsServer initialization to prevent
NullReferenceException when CheckAndLoadSelfSignedCertificate() accesses
_dnsServer.ServerDomain during first start from environment variables.

Adds defensive checks and proper flag management for edge cases.
@ShreyasZare
Copy link
Member

ShreyasZare commented Nov 25, 2025

Thanks for the PR. Will evaluate it soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pauld-0110 @ShreyasZare