Merge branch 'main' into fix/ci-commit-branch

docs/docs/30-administration/10-server-config.md

@@ -275,12 +275,6 @@ The file must be UTF-8 encoded, to ensure all special characters are preserved.
 
 Example: `WOODPECKER_CUSTOM_JS_FILE=/usr/local/www/woodpecker.js`
 
-### `WOODPECKER_LETS_ENCRYPT`
-
-> Default: `false`
-
-Automatically generates an SSL certificate using Let's Encrypt, and configures the server to accept HTTPS requests.
-
 ### `WOODPECKER_GRPC_ADDR`
 
 > Default: `:9000`

docs/docs/30-administration/40-advanced/20-ssl.md

@@ -1,35 +1,5 @@
 # SSL
 
-Woodpecker supports two ways of enabling SSL communication. You can either use Let's Encrypt to get automated SSL support with
-renewal or provide your own SSL certificates.
-
-## Let's Encrypt
-
-Woodpecker supports automated SSL configuration and updates using Let's Encrypt.
-
-You can enable Let's Encrypt by making the following modifications to your server configuration:
-
-```ini
-WOODPECKER_LETS_ENCRYPT=true
-WOODPECKER_LETS_ENCRYPT_EMAIL=ssl-admin@example.tld
-```
-
-Note that Woodpecker uses the hostname from the `WOODPECKER_HOST` environment variable when requesting certificates. For example, if `WOODPECKER_HOST=https://example.com` is set the certificate is requested for `example.com`. To receive emails before certificates expire Let's Encrypt requires an email address. You can set it with `WOODPECKER_LETS_ENCRYPT_EMAIL=ssl-admin@example.tld`.
-
-The SSL certificates are stored in `$HOME/.local/share/certmagic` for binary versions of Woodpecker and in `/var/lib/woodpecker` for the Container versions of it. You can set a custom path by setting `XDG_DATA_HOME` if required.
-
-> Once enabled you can visit the Woodpecker UI with http and the HTTPS address. HTTP will be redirected to HTTPS.
-
-### Certificate Cache
-
-Woodpecker writes the certificates to `/var/lib/woodpecker/certmagic/`.
-
-### Certificate Updates
-
-Woodpecker uses the official Go acme library which will handle certificate upgrades. There should be no addition configuration or management required.
-
-## SSL with own certificates
-
 Woodpecker supports SSL configuration by mounting certificates into your container.
 
 ```ini
@@ -37,17 +7,17 @@ WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt
 WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key
 ```
 
-### Certificate Chain
+## Certificate Chain
 
 The most common problem encountered is providing a certificate file without the intermediate chain.
 
 > LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.
 
-### Certificate Errors
+## Certificate Errors
 
 SSL support is provided using the [ListenAndServeTLS](https://golang.org/pkg/net/http/#ListenAndServeTLS) function from the Go standard library. If you receive certificate errors or warnings please examine your configuration more closely.
 
-### Running in containers
+## Running in containers
 
 Update your configuration to expose the following ports:
 

docs/src/pages/migrations.md

@@ -47,6 +47,7 @@ This will be the next version of Woodpecker.
   - `woodpecker-cli secret [add|rm|...] --repository` is now `woodpecker-cli repo secret [add|rm|...]`
   - `woodpecker-cli pipeline logs` is now `woodpecker-cli pipeline log show`
   - `woodpecker-cli [registry|secret|...] info` is now `woodpecker-cli [registry|secret|...] show`
+- Dropped native Let's Encrypt certificate support. You can either generate Let's Encrypt certificates externally and use `WOODPECKER_SERVER_CERT` and `WOODPECKER_SERVER_KEY` or use Woodpecker behind a reverse proxy like Caddy.
 
 ## Admin migrations