Ayuda con SSL/HTTPS en la instalación de Discourse

penttbomb · 3 Abril, 2025 01:48

Ejecuté este comando:
sudo ./launcher logs app

Y generó esta salida:
Una serie de errores que indican que Nginx no puede cargar un certificado ECC, como:

x86_64 arch detected.
run-parts: executing /etc/runit/1.d/00-ensure-links
run-parts: executing /etc/runit/1.d/00-fix-var-logs
run-parts: executing /etc/runit/1.d/01-cleanup-web-pids
run-parts: executing /etc/runit/1.d/anacron
run-parts: executing /etc/runit/1.d/cleanup-pids
Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
run-parts: executing /etc/runit/1.d/letsencrypt
[Wed Apr  2 11:11:20 PM UTC 2025] Domains not changed.
[Wed Apr  2 11:11:20 PM UTC 2025] Skip, Next renewal time is: 2025-05-31T22:45:14Z
[Wed Apr  2 11:11:20 PM UTC 2025] Add '--force' to force to renew.
[Wed Apr  2 11:11:20 PM UTC 2025] Installing key to: /shared/ssl/forums.penttbomb.com.key
[Wed Apr  2 11:11:20 PM UTC 2025] Installing full chain to: /shared/ssl/forums.penttbomb.com.cer
[Wed Apr  2 11:11:20 PM UTC 2025] Run reload cmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Wed Apr  2 11:11:20 PM UTC 2025] Reload error for :
[Wed Apr  2 11:11:21 PM UTC 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Apr  2 11:11:21 PM UTC 2025] Single domain='forums.penttbomb.com'
[Wed Apr  2 11:11:21 PM UTC 2025] Getting domain auth token for each domain
[Wed Apr  2 11:11:21 PM UTC 2025] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "too many certificates (5) already issued for this exact set of domains in the last 168h0m0s, retry after 2025-04-04 02:21:19 UTC: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-exact-set-of-hostnames",
  "status": 429
}
[Wed Apr  2 11:11:21 PM UTC 2025] Please check log file for more details: /shared/letsencrypt/acme.sh.log
Could not open file or uri for loading certificate from ca.cer
4097C1C5DA770000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file
4097C1C5DA770000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat(ca.cer)
Unable to load certificate
Error loading file /dev/fd/63
40871A5A507C0000:error:05800088:x509 certificate routines:X509_load_cert_crl_file_ex:no certificate or crl found:../crypto/x509/by_file.c:251:
[Wed Apr  2 11:11:22 PM UTC 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Apr  2 11:11:22 PM UTC 2025] Single domain='forums.penttbomb.com'
[Wed Apr  2 11:11:22 PM UTC 2025] Getting domain auth token for each domain
[Wed Apr  2 11:11:22 PM UTC 2025] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "too many certificates (5) already issued for this exact set of domains in the last 168h0m0s, retry after 2025-04-04 02:29:35 UTC: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-exact-set-of-hostnames",
  "status": 429
}
[Wed Apr  2 11:11:23 PM UTC 2025] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Wed Apr  2 11:11:23 PM UTC 2025] Installing key to: /shared/ssl/forums.penttbomb.com_ecc.key
[Wed Apr  2 11:11:23 PM UTC 2025] Installing full chain to: /shared/ssl/forums.penttbomb.com_ecc.cer
cat: /shared/letsencrypt/forums.penttbomb.com_ecc/fullchain.cer: No such file or directory
Started runsvdir, PID is 1590
warning: redis: unable to open supervise/ok: file does not exist
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
ok: run: redis: (pid 1610) 1s
ok: run: postgres: (pid 1606) 1s
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
supervisor pid: 1623 unicorn pid: 1629
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)

También muestra mensajes de límite de velocidad de Let’s Encrypt (por ejemplo, “demasiados certificados (5) ya emitidos para este conjunto exacto de dominios…”).

Estoy usando Nginx como parte de la instalación oficial de Discourse en Docker. (La versión de Nginx es la incluida en la imagen de Discourse). No sé qué versión es tampoco, ya que al ejecutar el comando dice que nginx no existe, aunque aparece en HTTP pero no en HTTPS.

El sistema operativo en el que se ejecuta mi servidor web es (incluye versión):
El host está ejecutando Ubuntu (por ejemplo, Ubuntu 20.04 LTS en un VPS de Hetzner).

Mi proveedor de alojamiento, si corresponde, es:
Hetzner

Puedo iniciar sesión en una shell de root en mi máquina:
Sí (tengo acceso sudo/root a través de SSH).

Estoy usando un panel de control para administrar mi sitio:
No, lo estoy administrando a través de la línea de comandos y la configuración de Discourse Docker.

La versión de mi cliente es (por ejemplo, la salida de certbot --version o certbot-auto --version si estás usando Certbot): ninguno de estos comandos funcionó para mí en absoluto.

Estoy usando acme.sh integrado en la configuración de Discourse Docker (la versión no se determinó específicamente).

He estado intentando que mi instalación de Discourse funcione a través de HTTPS durante los últimos 3-4 días. Soy extremadamente nuevo en esto y he estado solucionando este problema sin descanso, y me estoy volviendo bastante abrumado con todo. El certificado RSA se emitió e instaló correctamente, pero el certificado ECC falla al cargarse, lo que hace que Nginx rechace las conexiones HTTPS. Además, estoy alcanzando un error de límite de velocidad de Let’s Encrypt que impide nuevas solicitudes de certificados.

¿Realmente tengo que esperar una semana completa para que se restablezca el límite de velocidad, o hay alguna forma de deshabilitar completamente la emisión de certificados ECC? Ayer decía que intentara de nuevo después del 2025-04-02 16:26:56 UTC y lo hice, y ahora dice que intentes de nuevo después del 2025-04-04 02:21:19 UTC. Cualquier orientación para resolver cualquier error sería enormemente apreciada.

¡Muchas gracias por su ayuda!

Saludos

pfaffman · 3 Abril, 2025 01:51

¿Estás usando Cloudflare?

penttbomb · 3 Abril, 2025 01:53

Todavía está pendiente en Cloudflare ya que aún no he terminado de configurarlo. ¿Podría ser esa la razón?

pfaffman · 3 Abril, 2025 08:01

Necesitas usar la nube gris para poder emitir un certificado.

Tema		Respuestas	Vistas
ERR_SSL_PROTOCOL_ERROR with Letsencrypt Self-hosting letsencrypt	4	6576	1 Marzo 2018
Set up HTTPS support with Let's Encrypt Self-Hosting how-to , domains	2	110182	25 Febrero 2024
Discourse setup completed successfully but not working due to SSL error Support	6	344	18 Diciembre 2024
Hit Let's encrypt renewal limit Self-hosting	7	2145	31 Julio 2020
No connection accepted on http / https after fresh installation on Ubuntu 22.04 LTS Self-hosting	5	2402	16 Diciembre 2022

Ayuda con SSL/HTTPS en la instalación de Discourse

Temas relacionados