Can't access site after Let's Encrypt install

Just installed Let’s Encrypt on Discourse and now the site won’t open. Any ideas what I may have done wrong?
I uncommented the lines to install Let’s Encrypt and rebuilt the app.
Now I’m getting “Safari can’t connect …”
Is there anything I missed?

Did you also uncomment port 443 in the expose section?

If there is a # in front of this line, You may remove it and rebuild.

2 Likes

How and when did you install discourse? Let’s encrypt has been the default for quite a while.

You need to make sure that the ports are open, as suggested already. And if you rebuild too many times with stuff not configured rift you can hit rate limits with let’s encrypt.

Yep did that. I’m on an EC2 instance so I’m wondering if there’s somewhere else a redirect has been set up. @pfaffman it was set up already without SSL but I’m attempting to test it with Auth0 so I need https running on the site.

You might need to check the security settings to see that port 443 is open.

If you run discourse-setup it’ll do a check to see if it can access itself on both ports via the host name.

Just tried it and it says it can’t reach the installation on both ports.
Checked the security settings on the instance and I have ports open to the instance from my IP

For letsencrypt to work, you also need to allow their servers to be able to reach your instance. It’ll be best to open port 80 & 443 for 0.0.0.0/0 i.e. everywhere setting in the AWS security groups

Oh, Hey Clement. I just noticed that this was you!

According to an email from last November, you have a load balancer in front of Discourse, so you’ll need to get the load balancer to handle https. That would explain why let’s encrypt wasn’t turned on for your instance. You’ll want to remove the let’s encrypt certificate (and it wouldn’t hurt to not open port 443, but it doesn’t much matter). And then figure out how to make your AWS load balancer do the https.

This also explains why the ports aren’t open, as the load balancer is in the way.

Thanks Jay. I’ll check but I don’t think I put the dev one behind a load balancer. I’ll double check just in case.

1 Like

Hmm. I would think that you would have either, but it would explain what’s happening.

Nope. No load balancer. It’s pointing to the IP address of the instance.
I’ll have to try something else.

If it’s a dev instance, then I would rename app.yml to something else and run discourse-setup again. If its test fails then either DNS is broken or something is blocking the ports (is something else running?)

I get Welcome to nginx when I use http now so maybe I followed the wrong instructions in setting up LetsEncrypt :man_facepalming:t6:

You probably have an external nginx running.

Remove or disable the external nginx.

Don’t follow those instructions, just rename your old app.yml and run discourse-setup it will do everything for you.

1 Like

Just tried that but it didn’t work. The logs initially mentioned firewall problems then it said “error creating new order too many failed authorisations” so I commented out the Lets Encrypt lines, put it behind a load balancer with an Amazon cert so now I’m getting bad gateway errors.

Yeah. If you rebuild too many times you’ll hit rate limiting from them. Behind a load balancer is beyond the kind of help you can get here.

The easiest thing at this point would be to choose another hostname, point it at the EC2 (or a new one) and try again. Another solution is to wait a week and try again.

OK I’ll wait. That’s going to the bottom of my backlog then
Thanks for your help

1 Like

If it were me, I’d disable the load balancer now and triple check that the ports are open today, as there is no way I’d remember to check that in a week. :slight_smile:

1 Like