certbot / letsencrypt certificates imported by worker not showing in system brands

[william-bohannan]

Describe the bug
System > Brands > Web Certificate not showing export certificates in /certs directory.

To Reproduce

Updated worker volumes for certs in docker-compose.yml, per the official guide: https://docs.goauthentik.io/docs/core/certificates.
volumes: - /var/run/docker.sock:/var/run/docker.sock - ./media:/media - /etc/letsencrypt:/certs - ./custom-templates:/templates

Checked certificates are showing inside the Docker app.

# docker exec -it bcc2fd0c5a2e /bin/bash root@bcc2fd0c5a2e:/# ls -l /certs/live/auth.example.com/ total 4 -rw-r--r-- 1 authentik authentik 692 Jul 3 07:06 README lrwxrwxrwx 1 authentik authentik 38 Jul 3 07:06 cert.pem -> ../../archive/auth.example.com/cert1.pem lrwxrwxrwx 1 authentik authentik 39 Jul 3 07:06 chain.pem -> ../../archive/auth.example.com/chain1.pem lrwxrwxrwx 1 authentik authentik 43 Jul 3 07:06 fullchain.pem -> ../../archive/auth.example.com/fullchain1.pem lrwxrwxrwx 1 authentik authentik 41 Jul 3 07:06 privkey.pem -> ../../archive/auth.example.com/privkey1.pem

Restarted the Authentik worker
docker ps docker stop authentik-worker-1 docker compose up -d

Logged into Authentik server

• Administration > System Brands (edit)
• Update Brand > Other global settings > Web certificate > Only the self-signed certificate is present

Expected behavior
The Certbot certificates to be present, such as auth.example.com

Screenshots
None

Logs
Below is the logs of when i click on the Update Brand page.

server-1 | {"auth_via": "session", "domain_url": "auth.example.com", "event": "/api/v3/core/brands/f5ad473f-a898-4836-a9f4-a4034e73dfa9/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 164, "remote": "41.139.29.70", "request_id": "e3d5bbc3716647bbbe057dd3e45966b5", "runtime": 413, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-07-03T07:36:48.974383", "user": "akadmin", "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0"} server-1 | {"auth_via": "session", "domain_url": "auth.example.com", "event": "/api/v3/flows/instances/?designation=unenrollment&ordering=slug", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 164, "remote": "41.139.29.70", "request_id": "f23e0217c1a2403ba2fe28d10dbee6e9", "runtime": 131, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-07-03T07:36:49.351437", "user": "akadmin", "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0"} server-1 | {"auth_via": "session", "domain_url": "auth.example.com", "event": "/api/v3/flows/instances/?designation=recovery&ordering=slug", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 165, "remote": "41.139.29.70", "request_id": "c60b59386b9f42b3a3e11b4a393e7db2", "runtime": 236, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-07-03T07:36:49.529573", "user": "akadmin", "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0"} server-1 | {"auth_via": "session", "domain_url": "auth.example.com", "event": "/api/v3/crypto/certificatekeypairs/?has_key=true&include_details=false&ordering=name", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 165, "remote": "41.139.29.70", "request_id": "ea6790aa7dc243dfadb86574b0e57132", "runtime": 318, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-07-03T07:36:49.665521", "user": "akadmin", "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0"} server-1 | {"domain_url": null, "event": "/ws/client/", "level": "info", "logger": "authentik.asgi", "pid": 165, "remote": "41.139.29.70", "schema_name": "public", "scheme": "ws", "timestamp": "2024-07-03T07:36:49.817355", "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0"} server-1 | {"auth_via": "unauthenticated", "domain_url": "0.0.0.0", "event": "/-/health/live/", "host": "0.0.0.0:9000", "level": "info", "logger": "authentik.asgi", "method": "HEAD", "pid": 165, "remote": "127.0.0.1", "request_id": "9782a9d4d8584de39cf39f4237fb2067", "runtime": 33, "schema_name": "public", "scheme": "http", "status": 204, "timestamp": "2024-07-03T07:36:50.920105", "user": "", "user_agent": "goauthentik.io/healthcheck"} server-1 | {"auth_via": "session", "domain_url": "auth.example.com", "event": "/api/v3/flows/instances/?designation=stage_configuration&ordering=slug", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 164, "remote": "41.139.29.70", "request_id": "b786e7452a394b52a3b2640e287fa054", "runtime": 2168, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-07-03T07:36:51.473235", "user": "akadmin", "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0"} server-1 | {"auth_via": "session", "domain_url": "auth.example.com", "event": "/api/v3/flows/instances/?designation=authentication&ordering=slug", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 164, "remote": "41.139.29.70", "request_id": "34ea7b9c6c854da68f9d5bcae04b66d9", "runtime": 2433, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-07-03T07:36:51.706279", "user": "akadmin", "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0"} server-1 | {"auth_via": "session", "domain_url": "auth.example.com", "event": "/api/v3/flows/instances/?designation=invalidation&ordering=slug", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 165, "remote": "41.139.29.70", "request_id": "72cdc8a156844f76aaec705c5c13622e", "runtime": 2403, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-07-03T07:36:51.741706", "user": "akadmin", "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0"} server-1 | {"auth_via": "session", "domain_url": "auth.example.com", "event": "/api/v3/flows/instances/?designation=stage_configuration&ordering=slug", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 165, "remote": "41.139.29.70", "request_id": "bedec0e9862c4902ba29d79d961cf781", "runtime": 2459, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-07-03T07:36:51.768040", "user": "akadmin", "user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0"} worker-1 | {"event": "TenantAwareScheduler: Sending due task clean_expired_models (authentik.core.tasks.clean_expired_models) to 1 tenants", "level": "info", "logger": "tenant_schemas_celery.scheduler", "timestamp": 1719992220.0479949} worker-1 | {"domain_url": null, "event": "Task published", "level": "info", "logger": "authentik.root.celery", "pid": 105, "schema_name": "public", "task_id": "20de1f16cd7f4ad4b8e42fb902a98d74", "task_name": "authentik.core.tasks.clean_expired_models", "timestamp": "2024-07-03T07:37:00.059002"} worker-1 | {"domain_url": null, "event": "Task started", "level": "info", "logger": "authentik.root.celery", "pid": 144, "schema_name": "public", "task_id": "20de1f16-cd7f-4ad4-b8e4-2fb902a98d74", "task_name": "clean_expired_models", "timestamp": "2024-07-03T07:37:00.064487"} worker-1 | {"domain_url": null, "event": "Task finished", "level": "info", "logger": "authentik.root.celery", "pid": 144, "schema_name": "public", "state": "SUCCESS", "task_id": "20de1f16cd7f4ad4b8e42fb902a98d74", "task_name": "clean_expired_models", "timestamp": "2024-07-03T07:37:00.245510"}

Version and Deployment (please complete the following information):

• authentik version: 2024.6.0
• Deployment: docker-compose

Additional context
None

[william-bohannan]

All resolved, has to restart all Authentik docker services. Now showing, thank you.