kamal accessory boot fails with "unable to load certificate" due to failed certificate mount or invalid path generation #1769
Description
When configuring an accessory (e.g., CouchDB) with custom SSL in deploy.yml, deploying the accessory using kamal accessory boot fails during the kamal-proxy configuration phase. The proxy container reports that it is unable to load certificate because it cannot find the certificate files at the path generated by Kamal, even though the certificates seem to exist elsewhere (or are not being correctly mounted for the accessory context).
Steps to Reproduce
- Configure an accessory in deploy.yml with a proxy.ssl section pointing to valid PEM secrets.
- Run kamal setup to deploy the main application (works fine).
- Run kamal accessory boot <accessory_name>.
ERROR (SSHKit::Command::Failed): Exception while executing on host : docker exit status: 1
docker stdout: Nothing written
docker stderr: Error: unable to load certificate
Inspecting the generated kamal-proxy deploy command shows it is looking for certificates at: .../apps-config/<service>/tls/cert.pem
However, manual inspection of the kamal-proxy container reveals that certificates are not at that location. They appear to be generated in a role-specific directory (e.g., .../apps-config/<service>/web/) likely from the main app deployment, and the accessory deployment does not seem to place its own specific certificates in the path it expects.
A full reproduction setup using Docker-in-Docker is available here: https://github.com/tandibar/kamal-accessory-ssl-test
Used Kamal Version: 2.10.1