Error 521 after latest update due to CloudFlare settings

Hello Guys!!

The whole site is down after update to the latest version. After the update, I rebooted the whole server. I am using Cloudflare. Don’t know what is the real issue. Need some serious help!!

I have the same issue!

https://businesscomputingworld.co.uk

Can you share a screenshot of your Cloudflare SSL settings?

Have you tried this feature??

I have removed my site from cloudflare and now my site is back online. Seems like cloudflare is the culprit.

1 Like

I am(/was) having the same issue with forum.confident.faith. I can confirm that simply ‘pausing’ the site in the Cloudflare interface fixes the issue. This is particularly odd as I have several other sites with the same configuration not experiencing this problem.

How long did your site take to go back live once you re-pointed the DNS settings to Digital Ocean?

Should be after 5 Seconds up to a minute, if your TTL is on Auto.

Depends on your TTL (Time to Life) Settings.

My website is also not working after the update. I have updated TLS settings to 1.2 but still the website is not loading. Please tell what could be the issue and how to fix this?

Switching to TLS 1.2+ is definitely not the solution.

Pleased compare your settings to the ones I posted in After updating website wont come back online. A rebuild of your Docker container, as mentioned in that post, might help too.

I followed the instructions in that thread but my website is still not working. Can you please tell what could be the issue. I also replied in that thread with the error showing in my error logs.

I tried to delete ./shared/standalone/ssl/website.com_ecc.cer and ./shared/standalone/ssl/website.com_ecc.key as stated by @gerhard in a private thread. And then I rebuild the app but the website is still not loading up. I unable to find the perfect solution for this. Please someone help me, as my website is down for more than 10 hours now.

Just check error logs and found this error there.

nginx: [emerg] cannot load certificate "/shared/ssl/website.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

I think that I had this problem on a site recently, but it had a couple of other issues so the details are fuzzy in my mind. You might try

rm -rf /var/discourse/shared/standalone/ssl
rm -rf /var/discourse/shared/standalone/letsencrypt

and then rebuild.

If you’re stuck and want to throw money at the problem, I’ll get you up and running for $300. I’m at my desk now. Fix Your Broken Site – Literate Computing, LLC.

2 Likes

I tried what you said and the website is still not loading. The logs still throwing the error

nginx: [emerg] cannot load certificate "/shared/ssl/website.com.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

I am really sorry but I am not in the condition of putting $300 out right now.

$300 is a lot of money, but I’m pretty busy today (when I’m not waiting on the thing I’m testing to break). My last bit of free advice is to

cd /var/discourse/containers
grep DISCOURSE app.yml
mv app.yml app.broken
cd ..
./discourse-setup

This will generate a new app.yml. Perhaps you have something in it that’s causing the problem. The grep is so that you’ll have the information you need to answer the questions that discourse-setup requires.

1 Like

I tried this but the setup didn’t start. Grep did work and I copied all data to a safe place so I can use it again. But now when I try to run the setup again it says

This will show you what command is using port 80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 27737 root 4u IPv6 47517368 0t0 TCP *:http (LISTEN)

If you are trying to run Discourse simultaneously with another web
server like Apache or nginx, you will need to bind to a different port

See https://meta.discourse.org/t/17247

If you are reconfiguring an already-configured Discourse, use

./launcher stop app

to stop Discourse before you reconfigure it and try again.

I think the situation is now just getting worse.

Sorry. You may have q more difficult problem than can be solved here

Given that your container file was banned app.yml, You need to first stop the old container with

docker stop app

Then discourse-setup can run.

I can’t imagine why the grep would not work.

Hello @pfaffman, I am trying to fix this from hours and here is what I did. I was successful to remove the SSL and letsencrypt folder. Then I removed letsencrypt lines from app.yml and rebuild the app. Finally I removed https from cloudflare, after doing all of this the website is showing back again. But, now the website is not on https. I think I need to see what I should do from here.

1 Like

You need not to turn on the orange cloud from cloudflare. I hadn’t noticed that you were using cloudflare and if you had read the title of this topic you might have thought that it was the problem.

Just enable let’s encrypt in app.yml and it will work.

If you turn on the orange cloud then Let’s Encrypt cannot enrol or renew certificates.

2 Likes