Doing a manual rebuild from command line as it appears certificates expired again.
Sharing in case someone else is experiencing this.
לייק 1
It shouldn’t happen again. There was a fix in December:
2 לייקים
I had a cert expire on one of my two forums. The other one was OK. The main difference I can identify is that the failing forum went through a web update whereas the OK forum stalled on the web update and I chose to recover by doing a CLI update.
Previous version: 2025.12.0-latest (b10ea7929f) as noted on 28 Nov.
On 23rd Dec I patched the nginx script on the forum which turned out later to fail. But I didn’t restart or signal nginx so perhaps that was pointless. I didn’t do anything on the forum which later didn’t fail.
It’s possible I broke it rather than fixed it. But here’s the transcript:
root@ubuntu-4gb-hel1-1-app:/# docker exec -it app bash
root@ubuntu-4gb-hel1-1-app:/# sed -i '/301/s/;/$request_uri;/' /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf
root@ubuntu-4gb-hel1-1-app:/# cat /etc/nginx/conf.d/outlets/beforeserver/20-redirect-http-to-https.conf
server {
listen 80;
listen [::]:80;
location ~ /.well-known {
root /var/www/discourse/public;
allow all;
}
return 301 https://forum.example.com$request_uri;
}
On 1 Jan I updated both forums, one in web the other in CLI.
On 19 Jan or possibly 20 Jan the cert on the failing forum expired and the forum was inaccessible on the web.
When I noticed, I rebooted the host - didn’t do anything else - and a new cert appeared:
Issued On Tuesday, 20 January 2026 at 12:04:25
Very very oddly, it seems that the file I patched has been reverted to an unpatched state, at the time of the reboot, even though this server - both servers - have been updated. I’d like to understand how that happened.
root@ubuntu-4gb-hel1-1:~# docker exec -it app bash
root@ubuntu-4gb-hel1-1-app:/# ls -l /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf
-rw-r--r-- 1 root root 173 Jan 20 13:05 /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf
root@ubuntu-4gb-hel1-1-app:/# cat /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf
server {
listen 80;
listen [::]:80;
location ~ /.well-known {
root /var/www/discourse/public;
allow all;
}
return 301 https://forum.techshedfrome.org;
}
For completeness, the server that’s OK looks like this:
root@rc-debian-hel:~# docker exec -it app bash
root@rc-debian-hel-app:/# ls -l /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf
-rw-r--r-- 1 root root 185 Jan 1 19:57 /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf
root@rc-debian-hel-app:/# cat /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf
server {
listen 80;
listen [::]:80;
location ~ /.well-known {
root /var/www/discourse/public;
allow all;
}
return 301 https://retrocomputingforum.com$request_uri;
}
That working site appears to have got a new cert at rebuild or reboot time:
Issued On Thursday, 1 January 2026 at 18:59:22
Expires On Wednesday, 1 April 2026 at 19:59:21
Both are now running
Discourse 2026.01.0-latest - https://github.com/discourse/discourse version a9008966f0b339b5a00c1629bc61eb2ff8ad812a