Custom SSL deploy using mup/bitbucket pipeline

Hey all,

I have a BitBucket Pipeline which is able to deploy perfectly using mup. It’s currently set up to use letsencrypt and it sets up a reverse proxy. The problem is that we need to have the app behind a firewall (blocking all access to 80/443). On initial deploy the firewall wasn’t set up yet, so it’s working fine right now. But it’s going to cause a problem when certbot tries to renew.

Unfortunately the letsencrypt image used with mup doesn’t support DNS verification (it depends on simp_le which doesn’t implement DNS challenge).

I installed certbot on the app’s server directly, and I have it set up renewing the certs using a DNS challenge. But, I have no idea how to get mup to tell the nginx reverse proxy to use these certs, or if it’s possible.

During mup deploy the paths specified for key/cert are local, so they are within the pipeline build env, so that’s a no go.

Is there any way to accomplish this?
Would I just have to manage nginx/ the reverse proxy myself? And if I were to do that, how would I go about configuring nginx to serve the app?

Any pointers would be helpful. Thank you!