Discourse installed using official guide on github
Everything went well. but getting 502 error while accessing forum
tried checking rails production logs, and nothing I could see production_error or sidekiq logs
did see this with tail
Creating scope :open. Overwriting existing method Poll.open.
Creating scope :open. Overwriting existing method Poll.open.
Can’t reach ‘/images/welcome/discourse-edit-post-animated.gif’ to get its dimension.
running discourse doctor says
Discourse version at forum.abc.com.au: NOT FOUND
tried disabling ssl and rebuild it, able to access the forum.
There must be problem with ssl, which I can’t figure out. While installing ssl connection to IP resolution succeeded
forum.abc.com.au:Verify error:CAA record for forum.abc.com.au prevents issuance
Before running discourse install script for sub domain we need to verify if main domain is having any CAA records and check the Certificate Authority if it’s not LetsEncrypt (In my case, main domain CAA is comodoca.com) , your letsencrypt certs for discourse won’t be issued
If you know a way to test for those records that requires no extra software, I’d consider having discourse-setup test for it, but I’ve never seen this before.
It’s a fair assumption that if you own a domain and know what CAA is to have been able to configure it that your understand the implications of let’s encrypt.
@pfaffman
dig caa {domain.tld} will return the record.
We want to first search if it returns any record
Then if returns whether the issue authority is other than letsencrypt.org
But this is very rare case. Not sure if we want to include that.
Correct. if I own a domain, I know what I’m doing with it.
I was helping somebody, this problem might have with hosts that are using cpanel and providing autossls with other providers such as comodo. They add bunch of records by default when they create a site (WordPress) in cpanel
Anyway, this is very rare case, have seen this for the first time
We see CAA crop up here occasionally, the default response we get when we point out that they’ve restricted certificate issuance for their entire domain is usually
This is interesting! ! need to check, I don’t know if we can lock certificate issuance on complete domain.
The restricted certificate issuance for entire domain, meaning all sub domains of it ?
If you set a CAA for @ (the domain) then that applies to both the top-level domain and subdomains, you can still add a specific CAA to subdomain.yourdomain.com for a service such as Let’s Encrypt which will restrict the scope for which LE can issue a certificate.
You can also specify issuewild instead of issue to permit a CA to issue a wildcard certificate, and iodef to associate an email address which will be notified of policy violations.
Gleiches Problem hier. Die Befehle haben das Problem nicht gelöst. Ich habe zu Cloudflare DNS und Proxy gewechselt. Das Problem besteht bei mir weiterhin.
Ich habe das mehrmals gemacht und dies nicht erlebt. Aber ich bin definitiv kein Programmierer, kein Experte, kein Experte für alles. Nur ein glücklicher Endbenutzer. Aber das ist frustrierend.
Meine beste Vermutung ist, dass du Cloudflare auf Proxy gestellt hattest und oft genug neu aufgebaut hast, um die Ratenbegrenzungen von Let’s Encrypt zu erreichen, und jetzt eine Woche warten musst, um ein Zertifikat zu erhalten.
Die schnelle und einfache Lösung ist, eine neue Subdomain zu wählen, Cloudflare nur auf DNS einzustellen und neu aufzubauen. Wenn das funktioniert, dann liege ich mit der Ratenbegrenzung richtig und du kannst entweder deine neue Subdomain lieben lernen oder eine Woche warten, bis es dir erlaubt, es erneut zu versuchen.
Ich habe mich gerade dasselbe gefragt, ich bin mir bei der Anfrage nicht sicher, aber es scheint kein neues Zertifikat ausgestellt zu werden, wenn eines als gültig befunden wird (habe gerade eine Sandbox neu erstellt)
