ssl configuration for citrixhoneypot

[FloppyDucks]

my real issue is my inability to set up my ssl certificate for the citrixhoneypot over 443. I was able to set up my ssl cert for port 64297 using the nginx configurations. So I set up the ssl cert for the nginx management portal using a letsencrypt ssl cert. So I figured when I went to go and set up an ssl cert for port 443 it would be a similar process (FYI my 443 is running citrixhoneypot incase it wasn’t clear). I added in the Citrixdocker file a few extra lines to copy my ssl cert to /opt/citrixhoneypot/cert/ I also figured because I am using letsencrypts cert I wont need the self singed cert in the docker file , so I removed that. I made sure to add the paths in the volume area in the docker-compose-yml. I’m not sure if the way the honey pot is set for citrix, if it supports ssl? Or not? I figured it was allowed to, because the python code said that http server is wrapping the socket in the ssl/tls layer.

trouble shoot steps: I tried following "[t3chn0m4g3]" recommendation and only edit the files mentioned
“The fix for this is "You are modifying the wrong files. Identify the Dockerfile in docker/citrixhoneypot, you will find all the necessary files / folder names to adjust citrixhoneypot service in docker-compose.yml in tpotce/ folder (not in the docker/citrixhoneypot/ folder) with volumes for the certificate. Examples how to handle docker volumes are available in the Wiki.”
And the part that confused me is I did also edit the main yml file in the ~/tpotce before I even opened the ticket that is what the "FULL-modded-docker-compose-yml.txt" file is, I just also edited the yml file in ~/tpotce/docker/citrixhoneypot/docker-compose-yml. = "modded-citrixhoneypot-docker-compose-yml.txt"

So im still a bit confused, by the previous statement of you are editing the wrong file you need to edit the docker compose in ~/tpotce i did edit the main docker-compose.yml. I just also edited the files in ~/tpotce/docker/citrixhoneypot/docker-compose-yml. & ~/tpotce/compose....becuase I didnt know what I was doing, So im not sure why the ssl cert still isnt being recognized? because I reverted the not mentioned files back to the original status, and low and behold still no ssl cert for 443.

I have tried to a lot of systemctl daemon-reload (tbh i dont think it does anything i do it for good luck) I also stop tpot when i make changes when to the configs/ yaml/ docker files. then when I am finished with my modifications I run the daemon reload, docker compose up -d , then systemctl status tpot (make sure its actually down), systemctl start tpot. Then I load up a incognito tab and check to see if port 443 for my website has a valid ssl cert. and it doesn't.
Then I will change the file permissions to give the certificate 777 file permission, because maybe the user citrixhoneypot cant read the cert and priv key, but that cant be it, because in my Docker file, as you will see I made sure (unless I did it wrong) to give user citrixhoneypot ownership over /opt/citrixhoneypot (the path the cert lives in) and JUST IN CASE, I also made the path /opt/citrixhoneypot 774 file perm ....even tho there is no reason to overwrite a privkey and cert...any who. If you know what I am missing or what I am doing wrong any help would be MUCH appreciated!

if I missed anything or forgot to add any files or need to add/clarify anything just let me know I check this documentation daily so I should see any msg's

df -h.txt
docker stats.txt
FULL-modded-docker-compose-yml.txt


install_tpot_yaml.txt
modded-citrixhoneypot-docker-compose-yml.txt
Modded-DockerFile.txt
netstat.txt

[FloppyDucks]

i figured out my issue I was calling the wrong path in my Docker file, I was supposed be

cp /root/cert/cert.cert /opt/citrixhoneypot/ssl/cert.pem &&
cp /root/cert/key.key /opt/citrixhoneypot/ssl/key.pem && \

NOT

cp /root/citrixhoneypot/cert/cert.cert /opt/citrixhoneypot/ssl/cert.pem &&
cp /root/citrixhoneypot/cert/key.key /opt/citrixhoneypot/ssl/key.pem && \