Keycloak from docker Letsencrypt cert and ERR_SSL_VERSION_OR_CIPHER_MISMATCH

You will need to make sure the key file is readable by jboss user inside the docker. Here are some key steps in my solution:

1. get cert/key from let's encrypt.
2. change file mode to 655
3. mount them to keycloak:
      - /opt/www/sso/cert/fullchain.pem:/etc/x509/https/tls.crt
      - /opt/www/sso/cert/privkey.pem:/etc/x509/https/tls.key
4. launch docker image
5. change file mode back to 600 for the key file.

Here is an example code I'm using:

cp ../ssl-certs/etc/live/xxx.cn/*.pem cert/
chmod 644 cert/*
docker-compose -p sso.xxx.cn down
docker-compose -p sso.xxx.cn up -d
sleep 120
chmod 600 cert/*key*