diff --git a/enterprise/quick-start.mdx b/enterprise/quick-start.mdx index cf686e4b..6e9a83ac 100644 --- a/enterprise/quick-start.mdx +++ b/enterprise/quick-start.mdx @@ -43,6 +43,13 @@ You will need a VM to host OpenHands Enterprise. Choose one of the options below Follow the README instructions to configure and apply the Terraform configuration. + + + The recommended Terraform path provisions a publicly trusted TLS certificate. If you bring + your own certificate instead, use a publicly trusted CA whenever possible. Private CA + certificates require every external webhook or OAuth provider that calls OpenHands to trust + your CA. + @@ -282,6 +289,11 @@ If the install command fails after preflight checks pass, run `sudo ./openhands If you provisioned manually and have your own certificates on the VM, pass them the same way. You can also omit the `--tls-cert` and `--tls-key` flags and upload certificates later through the Admin Console. + + For trials and production deployments, use a publicly trusted TLS certificate whenever possible. + Private CA certificates may work for users after manual trust setup, but external integrations + such as GitHub, GitLab, Slack, Jira, and Bitbucket must also trust the certificate chain. If they + do not, webhook or OAuth callbacks can fail TLS verification and repeatedly retry. ![Installation commands](./images/install-commands.png) @@ -302,6 +314,9 @@ Click **Advanced**, then **Proceed** to continue to the Admin Console. If you did not provide certificates with the `install` command, select **"Upload your own"**, enter your base domain under **Hostname**, upload your private key and SSL certificate, then click **Continue**. +If you upload a private CA certificate, make sure any external webhook or OAuth provider that +calls OpenHands also trusts that CA. + ![Upload TLS certificate](./images/upload-tls-certificate.png) ### 6. Log in to the Admin Console