Kill me. localhost.key needs to be copied to key.pem and localhost.crt to cert.pem
Will update with more details. Long stories short, I forgot to document a step and retrieved that through my bash command history.
Update: in order to use the letsencrypt certificate from the NethServer host for the container as well, start by getting a letsencrypt certificate.
Next step is to simply copy the created certificate and key to the expected locations. Defaults are:
cp /etc/pki/tls/certs/localhost.crt /var/lib/machines/nsdc/var/lib/samba/private/tls/cert.pem
cp /etc/pki/tls/private/localhost.key /var/lib/machines/nsdc/var/lib/samba/private/tls/key.pem
chmod 600 /var/lib/machines/nsdc/var/lib/samba/private/tls/key.pem
chmod 644 /var/lib/machines/nsdc/var/lib/samba/private/tls/cert.pem
shutdown -r now
The last step can probably be done more elegant, but I am of the ‘reboot to make sure’-school (aka, not entirely sure, lets use a big gun) No other configuration was needed to get this working. Just some documentation to not miss the copy step