Discourse letsencrypt not working


(Kim) #1

Hi, i’m not receiving a certificate from letsencrypt. Currently my website is not working at all, i get ‘This site can’t be reached. dutchfurs.nl refused to connect.’. Does anyone have a clue how i can fix this? Thanks!

## this is the all-in-one, standalone Discourse Docker container template
##
## After making changes to this file, you MUST rebuild
## /var/discourse/launcher rebuild app
##
## BE *VERY* CAREFUL WHEN EDITING!
## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
## visit http://www.yamllint.com/ to validate this file as needed

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - "templates/web.ratelimited.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
  - "templates/web.ssl.template.yml"
  - "templates/web.letsencrypt.ssl.template.yml"

## which TCP/IP ports should this container expose?
## If you want Discourse to share a port with another webserver like Apache or nginx,
## see https://meta.discourse.org/t/17247 for details
expose:
  - "80:80"   # http
  - "443:443" # https

params:
  db_default_text_search_config: "pg_catalog.english"

  ## Set db_shared_buffers to a max of 25% of the total memory.
  ## will be set automatically by bootstrap based on detected RAM, or you can override
  db_shared_buffers: "128MB"

  ## can improve sorting performance, but adds memory usage per-connection
  #db_work_mem: "40MB"

  ## Which Git revision should this container use? (default: tests-passed)
  #version: tests-passed

env:
  LANG: en_US.UTF-8
  # DISCOURSE_DEFAULT_LOCALE: en

  ## How many concurrent web requests are supported? Depends on memory and CPU cores.
  ## will be set automatically by bootstrap based on detected CPUs, or you can override
  UNICORN_WORKERS: 2

  ## TODO: The domain name this Discourse instance will respond to
  DISCOURSE_HOSTNAME: dutchfurs.nl

  ## Uncomment if you want the container to be started with the same
  ## hostname (-h option) as specified above (default "$hostname-$config")
  #DOCKER_USE_HOSTNAME: true

  ## TODO: List of comma delimited emails that will be made admin and developer
  ## on initial signup example 'user1@example.com,user2@example.com'
  DISCOURSE_DEVELOPER_EMAILS: 'kimwillemstein@live.nl'

  ## TODO: The SMTP mail server used to validate new accounts and send notifications
  DISCOURSE_SMTP_ADDRESS: smtp.mailgun.org
  DISCOURSE_SMTP_PORT: 587
  DISCOURSE_SMTP_USER_NAME: postmaster@mg.dutchfurs.nl
  DISCOURSE_SMTP_PASSWORD: "passhere"
  #DISCOURSE_SMTP_ENABLE_START_TLS: true           # (optional, default true)

  ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
  LETSENCRYPT_ACCOUNT_EMAIL: myemail@live.nl

  ## The CDN address for this Discourse instance (configured to pull)
  ## see https://meta.discourse.org/t/14857 for details
  #DISCOURSE_CDN_URL: //discourse-cdn.example.com

## The Docker container is stateless; all data is stored in /shared
volumes:
  - volume:
      host: /var/discourse/shared/standalone
      guest: /shared
  - volume:
      host: /var/discourse/shared/standalone/log/var-log
      guest: /var/log

## Plugins go here
## see https://meta.discourse.org/t/19157 for details
hooks:
  after_code:
    - exec:
        cd: $home/plugins
        cmd:
          - git clone https://github.com/discourse/docker_manager.git

## Any custom commands to run after building
run:
  - exec: echo "Beginning of custom commands"
  ## If you want to set the 'From' email address for your first registration, uncomment and change:
  ## After getting the first signup email, re-comment the line. It only needs to run once.
  #- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
  - exec: echo "End of custom commands"

(Michael Brown) #3

Likely not related to this announcement - the TLS-SNI challenge is a different authentication method of proving control that turns out to be exploitable on shared hosts.

@FuzzerFox’s setup is using the HTTP verification method, but it’s returning a 404 on the challenge. It’s possible the challenge didn’t make it back to the right web server.


(Jay Pfaffman) #4

Hey, @itsbhanusharma, I thought that TLS thing might be related too & have been wondering about it since I saw those messages.

And just to be sure, I just did a standard install with Let’s Encrypt and it worked just fine.


(Bhanu Sharma) #5

I’ll try a dry run tomorrow to test if it works.
I recall I had to issue certs in standalone mode to fix ssl renewal problem on my side. But maybe it was a temporary issue.


(Jay Pfaffman) #6

If you did what I think you’re saying, then you are not using the standard Discourse Let’s Encrypt stuff.


(Kim) #7

If i buy a ssl certificate from namecheap, would that cause any issues? I just want ssl and don’t mind paying 7$ for a year if that works


(Jay Pfaffman) #8

Are you using a standard install or do you have an nginx running outside the container?


(Kim) #9

I think standard install, i used this tutorial : How To Install Discourse on Ubuntu 16.04 | DigitalOcean


(Jay Pfaffman) #10

Visiting http://dutchfurs.nl gives a plane that says “not found”. A standard install doesn’t do that. Are you running a multi site instance?