Aiuto con SSL/HTTPS nell'installazione di Discourse

penttbomb · 3 Aprile 2025, 1:48am

Ho eseguito questo comando:
sudo ./launcher logs app

Ha prodotto questo output:
Una serie di errori che indicano che Nginx non riesce a caricare un certificato ECC, ad esempio:

x86_64 arch detected.
run-parts: executing /etc/runit/1.d/00-ensure-links
run-parts: executing /etc/runit/1.d/00-fix-var-logs
run-parts: executing /etc/runit/1.d/01-cleanup-web-pids
run-parts: executing /etc/runit/1.d/anacron
run-parts: executing /etc/runit/1.d/cleanup-pids
Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
run-parts: executing /etc/runit/1.d/letsencrypt
[Wed Apr  2 11:11:20 PM UTC 2025] Domains not changed.
[Wed Apr  2 11:11:20 PM UTC 2025] Skip, Next renewal time is: 2025-05-31T22:45:14Z
[Wed Apr  2 11:11:20 PM UTC 2025] Add '--force' to force to renew.
[Wed Apr  2 11:11:20 PM UTC 2025] Installing key to: /shared/ssl/forums.penttbomb.com.key
[Wed Apr  2 11:11:20 PM UTC 2025] Installing full chain to: /shared/ssl/forums.penttbomb.com.cer
[Wed Apr  2 11:11:20 PM UTC 2025] Run reload cmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Wed Apr  2 11:11:20 PM UTC 2025] Reload error for :
[Wed Apr  2 11:11:21 PM UTC 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Apr  2 11:11:21 PM UTC 2025] Single domain='forums.penttbomb.com'
[Wed Apr  2 11:11:21 PM UTC 2025] Getting domain auth token for each domain
[Wed Apr  2 11:11:21 PM UTC 2025] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "too many certificates (5) already issued for this exact set of domains in the last 168h0m0s, retry after 2025-04-04 02:21:19 UTC: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-exact-set-of-hostnames",
  "status": 429
}
[Wed Apr  2 11:11:21 PM UTC 2025] Please check log file for more details: /shared/letsencrypt/acme.sh.log
Could not open file or uri for loading certificate from ca.cer
4097C1C5DA770000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file
4097C1C5DA770000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat(ca.cer)
Unable to load certificate
Error loading file /dev/fd/63
40871A5A507C0000:error:05800088:x509 certificate routines:X509_load_cert_crl_file_ex:no certificate or crl found:../crypto/x509/by_file.c:251:
[Wed Apr  2 11:11:22 PM UTC 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Apr  2 11:11:22 PM UTC 2025] Single domain='forums.penttbomb.com'
[Wed Apr  2 11:11:22 PM UTC 2025] Getting domain auth token for each domain
[Wed Apr  2 11:11:22 PM UTC 2025] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "too many certificates (5) already issued for this exact set of domains in the last 168h0m0s, retry after 2025-04-04 02:29:35 UTC: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-exact-set-of-hostnames",
  "status": 429
}
[Wed Apr  2 11:11:23 PM UTC 2025] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Wed Apr  2 11:11:23 PM UTC 2025] Installing key to: /shared/ssl/forums.penttbomb.com_ecc.key
[Wed Apr  2 11:11:23 PM UTC 2025] Installing full chain to: /shared/ssl/forums.penttbomb.com_ecc.cer
cat: /shared/letsencrypt/forums.penttbomb.com_ecc/fullchain.cer: No such file or directory
Started runsvdir, PID is 1590
warning: redis: unable to open supervise/ok: file does not exist
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
ok: run: redis: (pid 1610) 1s
ok: run: postgres: (pid 1606) 1s
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
supervisor pid: 1623 unicorn pid: 1629
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)

Mostra anche messaggi sui limiti di frequenza da Let’s Encrypt (ad esempio, “too many certificates (5) already issued for this exact set of domains…”).

Sto utilizzando Nginx come parte dell’installazione ufficiale di Discourse Docker. (La versione di Nginx è quella inclusa nell’immagine Discourse) Non conosco nemmeno la versione poiché quando eseguo il comando dice che nginx non esiste, eppure appare su HTTP ma non su HTTPS.

Il sistema operativo su cui gira il mio server web è (inclusa la versione):
L’host sta eseguendo Ubuntu (ad esempio, Ubuntu 20.04 LTS su un VPS Hetzner).

Il mio provider di hosting, se applicabile, è:
Hetzner

Posso accedere a una shell root sulla mia macchina:
Sì (ho accesso sudo/root tramite SSH).

Sto utilizzando un pannello di controllo per gestire il mio sito:
No, lo gestisco tramite la riga di comando e la configurazione Docker di Discourse.

La versione del mio client è (ad esempio l’output di certbot --version o certbot-auto --version se stai utilizzando Certbot): nessuno di questi comandi ha funzionato per me.

Sto utilizzando acme.sh integrato nella configurazione Docker di Discourse (la versione non è specificamente determinata).

Da 3-4 giorni sto cercando di far funzionare la mia installazione di Discourse su HTTPS. Sono estremamente nuovo in materia e ho dedicato molto tempo alla risoluzione di questo problema, ma mi sto sentendo sopraffatto da tutto. Il certificato RSA è stato emesso e installato con successo, ma il certificato ECC non riesce a essere caricato, causando il rifiuto delle connessioni HTTPS da parte di Nginx. Inoltre, sto raggiungendo un errore di limite di frequenza da Let’s Encrypt che impedisce ulteriori richieste di certificati.

Devo davvero aspettare un’intera settimana affinché il limite di frequenza si resettì, o c’è un modo per disabilitare completamente l’emissione di certificati ECC? Ieri diceva di riprovare dopo il 2025-04-02 16:26:56 UTC e l’ho fatto, e ora dice di riprovare dopo il 2025-04-04 02:21:19 UTC. Qualsiasi guida per risolvere gli errori sarebbe immensamente apprezzata.

Grazie mille per il vostro aiuto!

Saluti

pfaffman · 3 Aprile 2025, 1:51am

Stai usando Cloudflare?

penttbomb · 3 Aprile 2025, 1:53am

È ancora in sospeso in Cloudflare poiché non ho ancora finito di configurarlo. Potrebbe essere questo il motivo?

pfaffman · 3 Aprile 2025, 8:01am

Devi usare gray cloud per poter ottenere un certificato.

Argomento		Risposte	Visualizzazioni
ERR_SSL_PROTOCOL_ERROR with Letsencrypt Self-hosting letsencrypt	4	6576	Marzo 1, 2018
Set up HTTPS support with Let's Encrypt Self-Hosting how-to , domains	2	110172	Febbraio 25, 2024
Discourse setup completed successfully but not working due to SSL error Support	6	344	Dicembre 18, 2024
Hit Let's encrypt renewal limit Self-hosting	7	2142	Luglio 31, 2020
No connection accepted on http / https after fresh installation on Ubuntu 22.04 LTS Self-hosting	5	2400	Dicembre 16, 2022

Aiuto con SSL/HTTPS nell'installazione di Discourse

Argomenti correlati