phew ok I have now, it appears, succeeded in getting my discourse over to https. For the benefit of those that follow, and perhaps to be updated in post 1 at the top.
Before you start, remember to do a backup. Because I needed it to recover my site that got destroyed because I screwed up this process.
- YES, you DO want to create the
/var/discourse/shared/standalone/ssl/ path that does not already exist so you can put the cert files into it as instructed.
- If you need them, any and all intermediate certs get concatonated into your
ssl.crt file. So you have your
ssl.crt followed by any and all intermediate certs within the same file. In my case with startSSL certs I had to combine two
.pem files plus the contents of
ssl.crt into one file that is called
Above, @Lee_Ars gives the answer to #2 but is confusing because the file has to actually end up being called
chain_cert.pem. In my case, the command that did it is this:
mv ssl.crt ssl.crt-src
cat ssl.crt-src ca.pem sub.class2.server.ca.pem > ssl.crt
ssl.crt is what then gets placed in the
/var/discourse/shared/standalone/ssl/ path in #1 above.