My SSL is not valid for www.domain.com but it is with domain.com
How would I make it secure with www? I have the free SSL you get upon self hosting discourse
You can’t.
Lets Encrypt is free too, so 
Yeah I know it’s free, but what’s a method to encrypt www?
Since I have it to direct to domain.com but it pops up with “this site is not secure” when going through www
Because it is created only for apex, or you are referring it wrong where ever you are trying to terminate it.
Discourse creates SSL when installed. And it’s by Lets Encrypt. So perhaps you should ask from what ever company now gave it to you.
I don’t totally understand why to bother.
Because when you visit www.mysite.com, it prompts with “This site is unsecure, do you wish to continue” type of message, then it redirects to the SSL version (https). I’ll ask Lets Encrypt on any solutions.
You have to create it for www too.
If you create it by manually you have to use something like certbot certonly --nginx -d domain.com -d www.domain.com. Basically every sub-domain needs its own.
I don’t know how it is now, but wildcard certificate (same for apex and every subdomains) didn’t work too well when created using Lets Encrypt.
But again. You don’t need to worry that, because Discourse does it for you — except if your DNS settings are wrong or some other reason when your forum is unreachable.
Sorry I don’t exactly understand, DNS works fine I guess, its just a URL redirect.
www → https://domain.com
this part says
www.domain.com doesn't support a secure connection
You are seeing this warning because this site does not support HTTPS
But when using domain.com its fine.
Should I try certbot certonly --nginx -d domain.com -d www.domain.com?
I don’t know what you should try, Idon’t even know what you are trying to do, how and where.
All I try to say is:
- you need different certificates for apex and www, or your sites in web server are configurated wrong
- you don’t need to do anything because Discourse creates SSL certificate for you when setting up a forum
There’s a topic on this:
4 Likes
Thank you.
after_ssl:
# tell letsencrypt what additional certs to get
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--keylength/
to: "-d site.com -d www.mysite.com --keylength"
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--fullchainpath/
to: "-d site.com -d www.mysite.com --fullchainpath"
So this should make the www go to mysite.com? Or is it the opposite way around?
No. It gives to you two certificates. One for apex, one for www.
1 Like
If your hostname is site.com then you have it right. And that seems to be the case.
It’s generally recommended that your site be at www.site.com and have the apex domain redirect to the www. What I would do is change your hostname to www.site.com and do it the other way around.
I think that it gives one certificate that is valid for both.
4 Likes
Hello, I am bumping this because I thought I fixed it yesterday, but now when accessing www.mysite.com I am getting a non SSL redirection still.
The apex has a SSL, just not www.
Even though I applied this in my app.yml in hooks:
after_ssl:
# tell letsencrypt what additional certs to get
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--keylength/
to: "-d mysite.com -d www.mysite.com --keylength"
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--fullchainpath/
to: "-d mysite.com -d www.mysite.com --fullchainpath"
Are you following the instructions at Set up Let’s Encrypt with multiple domains / redirects?
If you plug www.mysite.com in the tempate in the OP it generates this:
after_ssl:
# tell letsencrypt what additional certs to get
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--keylength/
to: "-d www.mysite.com --keylength"
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--fullchainpath/
to: "-d www.mysite.com --fullchainpath"
global: true
So you’re doing it wrong.
Ah, so that is not manually typed.
after_ssl:
# tell letsencrypt what additional certs to get
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--keylength/
to: "-d =domain2= --keylength"
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--fullchainpath/
to: "-d =domain2= --fullchainpath"
global: true
So do I have to do this and replace domain2 with mysite.com, then rebuild app?
If you enter your domain name in the field it will automatically fill in the =domain2= with the domain so you can copy/paste that block.
Yes.
1 Like
Hey, just did this, unfortunately same result. This is what I did but with my domain instead.
No whitespaces, proper formatting.
after_ssl:
# tell letsencrypt what additional certs to get
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--keylength/
to: "-d =mysite.com= --keylength"
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--fullchainpath/
to: "-d =mysite.com= --fullchainpath"
global: true
Since you haven’t solved this, I un-checked the solved box.
If you did a bunch of rebuilds with the other stanza then you might be rate limited.
There is a chance that the template has changed again and this no longer works, but I doubt it.
The solutions to rate limiting are to wait a week or to add a third subdomain.
You can get inside the container and run a command to request the URL and see what the error is, but I can’t remember what it is. You might be able to see an error if you look at
docker logs app
1 Like
Ah I found it!
Cannot issue for \"=mysite.com=\": Domain name contains an invalid character"
So get rid of the = because those were for a variable?
Did you use the form on the other page as I suggested and put your hostname in the blank?
1 Like