After Discourse installation can’t reach it in browser

paulraines68 · September 4, 2020, 8:25pm

@Rafeal In the prompt $letsencrypt_status == “ENTER to skip”

@Stephen I just spun up a new CentOS8 VM, switch firewalld to use iptables, installed docker and went through the Discourse install steps from the beginning as in INSTALL-cloud.md. I got the same result – instant disconnect on connections to port 80 and 443. I am not using Let’s Encrypt. I just hit ENTER when I get that prompt.

[root@disctest discourse]# telnet localhost 80
Trying ::1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
[root@disctest discourse]# ls shared/standalone/ssl/
disctest.nmr.mgh.harvard.edu.cer      disctest.nmr.mgh.harvard.edu_ecc.key
disctest.nmr.mgh.harvard.edu_ecc.cer  disctest.nmr.mgh.harvard.edu.key

[root@disctest discourse]# ls -l shared/standalone/ssl/disctest.nmr.mgh.harvard.edu.cer
-rw-r--r--. 1 root root 0 Sep  4 16:06 shared/standalone/ssl/disctest.nmr.mgh.harvard.edu.cer

[root@disctest discourse]# tail -1 shared/standalone/log/var-log/nginx/error.log
2020/09/04 20:20:37 [emerg] 6186#6186: cannot load certificate "/shared/ssl/disctest.nmr.mgh.harvard.edu.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

Stephen · September 4, 2020, 9:05pm

disctest.nmr.mgh.harvard.edu doesn’t appear to be a valid DNS address. Is that the hostname? Is it hosted on the Harvard public net block?

Are you using split horizon?

paulraines68 · September 4, 2020, 10:28pm

It is in a private network with internal DNS

No, no idea what that is.

Stephen · September 4, 2020, 10:37pm

Ok, so the reason the standard install didn’t behave as expected is because you aren’t using a typical setup.

If your DNS entry is only valid internally, then yes you’re using split DNS. There’s no way for Let’s Encrypt to carry out DNS validation, which is how it decides whether to issue your certificate. Your configuration is very uncommon outside of academic networks.

Split DNS is an advanced configuration, ./discourse-setup isn’t designed for those cases. If you take a look at this doc the beginner install isn’t aimed at you.

pfaffman · September 5, 2020, 1:42am

Then you’ll need to edit app.yml by hand and remove the let’s encrypt template

Topic		Replies	Views
Installation without subdomain not working Installation	21	1390	November 11, 2022
No connection accepted on http / https after fresh installation on Ubuntu 22.04 LTS Installation	5	2097	December 16, 2022
Fresh install returning 502 Bad Gateway Installation unsupported-install	28	541	April 11, 2024
Discourse has stopped opening Installation	39	5665	March 19, 2022
Discourse installation for beginners but are willing to be part of the community Installation	62	3566	September 17, 2019

After Discourse installation can’t reach it in browser

Related topics