Discourse setup completed successfully but not working due to SSL error

Support
1

Here is the error log

2024/12/14 14:04:39 [warn] 5993#5993: duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
2024/12/14 14:04:39 [emerg] 5993#5993: cannot load certificate "/shared/ssl/masked.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
2024/12/14 14:04:40 [warn] 5995#5995: duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
2024/12/14 14:04:40 [emerg] 5995#5995: cannot load certificate "/shared/ssl/masked.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
2024/12/14 14:04:41 [warn] 5997#5997: duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
2024/12/14 14:04:41 [emerg] 5997#5997: cannot load certificate "/shared/ssl/masked.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
2024/12/14 14:04:42 [warn] 5999#5999: duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
2024/12/14 14:04:42 [emerg] 5999#5999: cannot load certificate "/shared/ssl/masked.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
2024/12/14 14:04:43 [warn] 6001#6001: duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
2024/12/14 14:04:43 [emerg] 6001#6001: cannot load certificate "/shared/ssl/masked.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE).

When I looked into SSL its look empty. I tried rebuilding the application and my email id provided to letsencrypt is right one.

Regards,
Nu

2

This must often happens if you bypass the host name check in discourse-setup and rebuild several times so that you get rate limited by discourse. Maybe you have cloudflare orange cloud?

You can look at the logs, though they are hard to find. If that’s the problem, the solution is to wait a week or add another hostname as described at Set up Let’s Encrypt with multiple domains / redirects

3

Thanks for your reply. I am using Digital Ocean, I didn’t bypass hostname check and didn’t do rebuild. I did as mentioned in the GitHub instructions for docker based setup. I think I have to setup Let’s Encrypt manually.

2 Likes
4

Also I couldn’t find /etc/ngnix/ngnix.conf file ? Is there any thing I am missing before running the.installation script ?

-Nu

5

It’s inside the container. You can

 ./launcher enter app

To get in it. You can poke around and find the command that tries to get the certificate. I do it infrequently enough that I can never remember what it is. You can likely search here and find it.

My best guess is still a dns issue, but it sounds like you’ve done things right.

6

found the root cause , 1. Installation was not successful because in DNS IPv4 pointed correctly but IPv6 pointed wrongly (not updated). 2. Digital ocean not supporting smtp mail service on their droplets.

Installation now completed but still unable to receive admin verification email because of digital ocean restriction, checking with multiple options.

  • Sendgrid option failed :frowning: don’t know whether its technology limitation or my mistake.

Nu