I recently followed the install-cloud guide to install discourse on an AWS lightsail instance. Despite closely following the instructions and starting from scratch several times I unfortunately get a “connection refused” error when attempting to access my forum.
The steps I followed were:
Create a new lightsail instance
Assign a static IP address
Open port 443
Point my subdomain (forum.procedural.audio) to the IP address
Follow the discourse installation commands in the guide, including providing an email address for LETS_ENCRYPT
Browsing to my forum… connection refused
Running ./discourse-doctor outputs that the discourse version at forum.procedural.audio is NOT FOUND. I can successfully receive a test email from discourse.
Running ping forum.procedural.audio doesn’t receive data back but does find the correct static IP.
So it seems like the problem is SSL related, though I’m unsure how to fix it. In the shared/standalone/ssl/ directory there are four files
forum.procedural.audio.cer (file is empty)
forum.procedural.audio.key (file contains a key)
forum.procedural.audio_ecc.cer (file is empty)
forum.procedural.audio_ecc.key (file contains a key)
So I’m not sure if the .cer files being empty is part of the problem. I also notice, however, that the logs indicate it is looking for the file at /shared/ssl/* instead of /shared/standalone/ssl/*, which also seems relevant.
The problem is that your lightsail instance isn’t contactable externally. That’s what discourse-doctor was telling you - if you only opened port 443 this is probably why.
HTTPS on 443 isn’t going to work until you have a certificate. You don’t have a certificate (and those certificate files are empty) because let’s encrypt was unable to enroll due to the communications issue.
Assuming you assigned a static external address also open port 80 then try again. 80 will need to be open anyhow so that any client which connects via HTTP can be redirected.
forum.procedural.audio doesn’t appear in DNS, or to put it another way the hostname doesn’t resolve to an IP. I’ve just checked via CloudFlare and Google DNS, neither can find that hostname. If I can’t resolve it, then neither can discourse-doctor.
When did you create the ‘a’ record for your server? Have you checked their replication times?
Make sure this is fixed before you try to build the server again. Let’s Encrypt gives a finite number of tries to enrol/renew and when you hit that you won’t be able to get a certificate for seven days.
I’ve had the domain in namecheap for two days, which points to route 53 (the extra layer if indirection is because route 53 doesn’t support .audio domains). The main domain entry has existed for most of those two days. The subdomain record there has existed for about an hour.
If this was the problem then I think running ping forum.procedural.audio from my instance would fail to resolve the IP address. But it the IP does resolve.
Hmm. Well DNS Checker - DNS Check Propagation Tool shows that the name resolves in a bunch of places, so maybe it’s a propagation issue. When I have 1.1.1.1 or 8.8.8.8 look it up, I get no response. NS-337.AWSDNS-42.COM does return it though, so you might just need to wait a while.
But discourse-setup will try to look up the address and see if it can connect to itself. If that is failing it’s typically either and DNS issue or that ports are not open.
It has been almost a week and I continue to be unable to deploy a forum. Does anyone have additional ideas? Ports 80 and 443 are open. I do not think this is a DNS issue – discourse-doctor does not find the discourse version at localhost (in addition to at forum.procedural.audio). Any help is appreciated.