Configure cerbot with app.yml?

f1r4s · January 6, 2022, 12:15am

Hello,

My site is using Cloudflare, and everything is good, but i see in checking https checker there is

https 443: Error: A call to SSPI failed, see inner exception.

I’m looking to disable Cloudflare SSL and use certbot insted, but i need to install certbot module with cloudflare as below:

certbot certonly \
  --dns-cloudflare \
  --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \
  -d example.com \
  -d www.example.com

https://certbot-dns-cloudflare.readthedocs.io/en/stable/

Where i can put these cerbot commands in templates of discourse or in app.yml file ?

also there should be a file for cloudflare access and should be chmod 600

~/.secrets/certbot/cloudflare.ini

Please advice how can we achive this.

Thanks!

pfaffman · January 6, 2022, 6:44am

How did you install discourse? If you do a standard installation, you’ll get a certificate from let’s encrypt by default. It won’t work with cloudflare in front, however.

You might be able to look at the let’s encrypt template and modify it to do what you suggest.

f1r4s · January 6, 2022, 10:34am

Hi Jay,

Correct, i’m working on this, but unfortunately i don’t have much experiance in programming or bash script to achive this issue… but i didn’t find any module with cerbot with let’s encrypts to do this… only this line maybe we add our code there

          # Try to issue the cert again if something goes wrong
          issue_cert "4096" "--force"
        fi

        LE_WORKING_DIR="${LETSENCRYPT_DIR}" $$ENV_LETSENCRYPT_DIR/acme.sh \
          --installcert \
          -d $$ENV_DISCOURSE_HOSTNAME \
          --fullchainpath /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer \
          --keypath /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key \
          --reloadcmd "sv reload nginx"

with


certbot certonly \
  --dns-cloudflare \
  --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \
  -d example.com \
  -d www.example.com

I hope who have experiance in coding can help us to include this code with let’s encrypt certificate ?

Falco · January 6, 2022, 4:05pm

There is no reason to use certbot with Discourse. The standard install guide will automatically provision a let’s encrypt certificate.

f1r4s · January 6, 2022, 4:09pm

The reason is to make Let’s Encrypt SSL compatbile with CloudFlare…

https://certbot-dns-cloudflare.readthedocs.io/en/stable/

Topic		Replies	Views
Trying to use Let's Encrypt + Cloudflare Support	20	3253	March 4, 2019
Cloudflare with Discourse Installation	47	5728	January 8, 2020
Let's encrypt failing for IP behind firewall Installation unsupported-install	8	1035	July 7, 2023
Cloud installation not working Installation	4	1034	June 17, 2021
LetsEncrypt DNS Validation Template Using Cloudflare Installation letsencrypt	1	150	October 17, 2024

Configure cerbot with app.yml?

Related topics