Discourse website not loading after installation without enabling Let's Encrypt

I know enough to be dangerous when sitting in front of an open SSH session. I went through the installation just fine the other day and it worked.

Today, however, I had to rebuild (I’ve been on a development server, not production) and after going through the same steps, nothing comes up after running ./discourse-setup and going to the website after the installation was complete.

I’ve also run ./launcher start app and still nothing.

What are some typical things I should do to troubleshoot the install?

No message, error of any kind after ./discourse-setup or ./launcher start app ?

Tell us how the environments are different.

Are you using a reverse proxy? CloudFlare?

Where are you hosting the production install?

Nope, installation seems to have been successful. When I check docker info I’m seeing that the container is running as well.

I’m running Amazon Linux 2 on AWS and this worked the other day on this same OS. CloudFlare is used for DNS only for this domain.

Here’s the exact order of what I did. Git, docker, and ncat were installed via amazon-linux-extras as prompted during the install (but this shouldn’t be an issue since I had a working dev forum the other day).

  1. Install git
  2. Install and start docker
  3. Install ncat
  4. Install discourse
  5. Install nginx1.12

Why did you do that?

A fair question. :joy: I did that because it wasn’t working after step 4… haha. Should I uninstall?

Yes. Uninstall.

It’s probably a DNS problem.

What does curl localhost return?

What does tail /var/discourse/shared/logs/var-log/nginx/access.log show?

Discourse includes a webserver inside the container.

curl: (7) Failed to connect to localhost port 80: Connection refused

tail: cannot open ‘/var/discourse/shared/logs/var-log/nginx/access.log’ for reading: No such file or directory

I ran the normal install, but I confirmed the shared folder doesn’t even exist.

Thanks for your help, by the way! Like I said, I know enough to be dangerous… and not always in a good way. :sunglasses:

Sorry.

tail /var/discourse/shared/standalone/logs/var-log/nginx/access.log

Or, if it’s still wrong,

find /var/discourse/shared -name access.log

to see where the log file is.

Found it in here:

/var/discourse/shared/standalone/log/var-log/nginx/

There was no access.log, but there was an error.log.

The same line was in it over and over (real domain replaced with example.com here):

2020/04/08 19:46:34 [emerg] 2112#2112: cannot load certificate "/shared/ssl/example.com.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

I didn’t go through the certificate process with Let’s Encrypt because I already have a certificate for this domain. Do I still need to do Let’s Encrypt as well?

You need a certificate.

You can search for and find the instructions for installing your own certificate, that say that it’s a huge pain, or you can get one for free and zero trouble by allowing Let’s Encrypt to get it for you.

1 Like

Well, would you look at that. It worked.

Thanks @pfaffman and everyone else who replied. :+1:

1 Like

Actually, I take that back. Chrome loaded the window in a mode where it showed the last successful page load but an incognito refresh shows it’s still not working. Total fail on my part. :man_facepalming:

Is there a link to how to get the Let’s Encrypt certificate set up? I need to review what I did (or didn’t do).

Just run discourse-setup. When it asks about let’s encrypt, give it any email address, or your own if you want to get an email if they think you need to renew.

Ok, that’s what I did… I figured that was all based on the install guide, but I’m still getting blank pages.

Looks like Discourse is looking for the cert in the /shared/ssl/ directory, but the actual location of my cert is /shared/standalone/ssl/

My app.yml configuration is set to:

   ## The Docker container is stateless; all data is stored in /shared
volumes:
  • volume:
    host: /var/discourse/shared/standalone
    guest: /shared
  • volume:
    host: /var/discourse/shared/standalone/log/var-log
    guest: /var/log

You can try

cd /var/discourse
rm -r shared/standalone/ssl shared/standalone/letsencrypt
./launcher rebuild app

The rm line is from memory. If those don’t exist, find what I should have typed.

2 Likes

So, it looks like I’m up against a 10 certificate in a week limit with Let’s Encrypt. I guess that explains part of why I can’t continue past this step.

Here’s what I found from somebody else experiencing this problem after several rebuilds: Trouble with SSL after lots of rebuilds

So, I supposed I have no other option right now than to install my own cert that I already own?

2 Likes