Map certificate folder instead of single file to allow live renewal

.github/workflows/ci.yml

@@ -77,8 +77,7 @@ jobs:
       SECRET_KEY: ${{ secrets.ENV_SECRET_KEY }}
       DB_USER: ${{ secrets.ENV_DB_USER }}
       DB_PASSWORD: ${{ secrets.ENV_DB_PASSWORD }}
-      SSL_CERTIFICATE_PATH: ${{ secrets.ENV_SSL_CERTIFICATE_PATH }}
-      SSL_PRIVATEKEY_PATH: ${{ secrets.ENV_SSL_PRIVATEKEY_PATH }}
+      SSL_CERTIFICATE_LOCATION: ${{ secrets.ENV_SSL_CERTIFICATE_LOCATION }}
       AWS_S3_ACCESS_KEY_ID: ${{ secrets.ENV_AWS_S3_ACCESS_KEY_ID }}
       AWS_S3_SECRET_ACCESS_KEY: ${{ secrets.ENV_AWS_S3_SECRET_ACCESS_KEY }}
       AWS_S3_REGION: ${{ secrets.ENV_AWS_S3_REGION }}

backend/docker-compose.ssl.yml

@@ -9,7 +9,6 @@ services:
       target: ssl
     image: spellbook-nginx-ssl
     volumes:
-      - ${SSL_CERTIFICATE_PATH:?}:/etc/nginx/ssl/cert.crt:ro
-      - ${SSL_PRIVATEKEY_PATH:?}:/etc/nginx/ssl/cert.key:ro
+      - ${SSL_CERTIFICATE_LOCATION:?}:/etc/nginx/ssl/:ro
     ports:
       - 443:443

backend/nginx/ssl.conf

@@ -1,8 +1,8 @@
 listen              443 ssl http2;
 listen              [::]:443 ssl http2;
 server_name         backend.commanderspellbook.com;
-ssl_certificate     /etc/nginx/ssl/cert.crt;
-ssl_certificate_key /etc/nginx/ssl/cert.key;
+ssl_certificate     /etc/nginx/ssl/fullchain.pem;
+ssl_certificate_key /etc/nginx/ssl/privkey.pem;
 
 if ($scheme = http) {
     return 301 https://$server_name$request_uri;