Configure cerbot with app.yml?

Hello,

My site is using Cloudflare, and everything is good, but i see in checking https checker there is

https 443: Error: A call to SSPI failed, see inner exception.

I’m looking to disable Cloudflare SSL and use certbot insted, but i need to install certbot module with cloudflare as below:

certbot certonly \
  --dns-cloudflare \
  --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \
  -d example.com \
  -d www.example.com

https://certbot-dns-cloudflare.readthedocs.io/en/stable/

Where i can put these cerbot commands in templates of discourse or in app.yml file ?

also there should be a file for cloudflare access and should be chmod 600

~/.secrets/certbot/cloudflare.ini

Please advice how can we achive this.

Thanks!

1 Like

How did you install discourse? If you do a standard installation, you’ll get a certificate from let’s encrypt by default. It won’t work with cloudflare in front, however.

You might be able to look at the let’s encrypt template and modify it to do what you suggest.

1 Like

Hi Jay,

Correct, i’m working on this, but unfortunately i don’t have much experiance in programming or bash script to achive this issue… but i didn’t find any module with cerbot with let’s encrypts to do this… only this line maybe we add our code there

          # Try to issue the cert again if something goes wrong
          issue_cert "4096" "--force"
        fi

        LE_WORKING_DIR="${LETSENCRYPT_DIR}" $$ENV_LETSENCRYPT_DIR/acme.sh \
          --installcert \
          -d $$ENV_DISCOURSE_HOSTNAME \
          --fullchainpath /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer \
          --keypath /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key \
          --reloadcmd "sv reload nginx"

with


certbot certonly \
  --dns-cloudflare \
  --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \
  -d example.com \
  -d www.example.com

I hope who have experiance in coding can help us to include this code with let’s encrypt certificate ?

1 Like

There is no reason to use certbot with Discourse. The standard install guide will automatically provision a let’s encrypt certificate.

2 Likes

The reason is to make Let’s Encrypt SSL compatbile with CloudFlare…

https://certbot-dns-cloudflare.readthedocs.io/en/stable/

1 Like