Ajuda com SSL/HTTPS na instalação do Discourse

Meu domínio é:
forums.penttbomb.com

Executei este comando:
sudo ./launcher logs app

Ele produziu esta saída:
Uma série de erros indicando que o Nginx não consegue carregar um certificado ECC, como:

x86_64 arch detected.
run-parts: executing /etc/runit/1.d/00-ensure-links
run-parts: executing /etc/runit/1.d/00-fix-var-logs
run-parts: executing /etc/runit/1.d/01-cleanup-web-pids
run-parts: executing /etc/runit/1.d/anacron
run-parts: executing /etc/runit/1.d/cleanup-pids
Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
run-parts: executing /etc/runit/1.d/letsencrypt
[Wed Apr  2 11:11:20 PM UTC 2025] Domains not changed.
[Wed Apr  2 11:11:20 PM UTC 2025] Skip, Next renewal time is: 2025-05-31T22:45:14Z
[Wed Apr  2 11:11:20 PM UTC 2025] Add '--force' to force to renew.
[Wed Apr  2 11:11:20 PM UTC 2025] Installing key to: /shared/ssl/forums.penttbomb.com.key
[Wed Apr  2 11:11:20 PM UTC 2025] Installing full chain to: /shared/ssl/forums.penttbomb.com.cer
[Wed Apr  2 11:11:20 PM UTC 2025] Run reload cmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Wed Apr  2 11:11:20 PM UTC 2025] Reload error for :
[Wed Apr  2 11:11:21 PM UTC 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Apr  2 11:11:21 PM UTC 2025] Single domain='forums.penttbomb.com'
[Wed Apr  2 11:11:21 PM UTC 2025] Getting domain auth token for each domain
[Wed Apr  2 11:11:21 PM UTC 2025] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "too many certificates (5) already issued for this exact set of domains in the last 168h0m0s, retry after 2025-04-04 02:21:19 UTC: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-exact-set-of-hostnames",
  "status": 429
}
[Wed Apr  2 11:11:21 PM UTC 2025] Please check log file for more details: /shared/letsencrypt/acme.sh.log
Could not open file or uri for loading certificate from ca.cer
4097C1C5DA770000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file
4097C1C5DA770000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat(ca.cer)
Unable to load certificate
Error loading file /dev/fd/63
40871A5A507C0000:error:05800088:x509 certificate routines:X509_load_cert_crl_file_ex:no certificate or crl found:../crypto/x509/by_file.c:251:
[Wed Apr  2 11:11:22 PM UTC 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Apr  2 11:11:22 PM UTC 2025] Single domain='forums.penttbomb.com'
[Wed Apr  2 11:11:22 PM UTC 2025] Getting domain auth token for each domain
[Wed Apr  2 11:11:22 PM UTC 2025] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "too many certificates (5) already issued for this exact set of domains in the last 168h0m0s, retry after 2025-04-04 02:29:35 UTC: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-exact-set-of-hostnames",
  "status": 429
}
[Wed Apr  2 11:11:23 PM UTC 2025] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Wed Apr  2 11:11:23 PM UTC 2025] Installing key to: /shared/ssl/forums.penttbomb.com_ecc.key
[Wed Apr  2 11:11:23 PM UTC 2025] Installing full chain to: /shared/ssl/forums.penttbomb.com_ecc.cer
cat: /shared/letsencrypt/forums.penttbomb.com_ecc/fullchain.cer: No such file or directory
Started runsvdir, PID is 1590
warning: redis: unable to open supervise/ok: file does not exist
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
ok: run: redis: (pid 1610) 1s
ok: run: postgres: (pid 1606) 1s
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
supervisor pid: 1623 unicorn pid: 1629
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)

Também mostra mensagens de limite de taxa do Let’s Encrypt (por exemplo, “muitos certificados (5) já emitidos para este conjunto exato de domínios…”).

Estou usando o Nginx como parte da instalação oficial do Discourse via Docker. (A versão do Nginx é a incluída na imagem do Discourse). Não sei qual é a versão, pois ao executar o comando, ele diz que o nginx não existe, embora ele apareça no HTTP, mas não no HTTPS.

O sistema operacional em que meu servidor web está rodando é (inclua a versão):
O host está rodando Ubuntu (por exemplo, Ubuntu 20.04 LTS em um VPS da Hetzner).

Meu provedor de hospedagem, se aplicável, é:
Hetzner

Posso fazer login em um shell root na minha máquina:
Sim (tenho acesso sudo/root via SSH).

Estou usando um painel de controle para gerenciar meu site:
Não, estou gerenciando via linha de comando e a configuração do Discourse Docker.

A versão do meu cliente é (por exemplo, saída de certbot --version ou certbot-auto --version se estiver usando o Certbot): nenhum desses comandos funcionou para mim.

Estou usando o acme.sh integrado à configuração do Discourse Docker (versão não determinada especificamente).

Tenho tentado fazer minha instalação do Discourse funcionar via HTTPS nos últimos 3–4 dias. Sou extremamente novo nisso e tenho feito troubleshooting incessante deste problema, ficando bastante sobrecarregado com tudo. O certificado RSA foi emitido e instalado com sucesso, mas o certificado ECC falha ao carregar — fazendo com que o Nginx recuse conexões HTTPS. Além disso, estou atingindo um erro de limite de taxa do Let’s Encrypt que impede novas solicitações de certificados.

Preciso mesmo esperar uma semana inteira para o limite de taxa ser resetado, ou há uma maneira de desativar completamente a emissão de certificados ECC? Ontem dizia para tentar novamente após 2025-04-02 16:26:56 UTC e eu fiz isso, e agora está dizendo para tentar novamente após 2025-04-04 02:21:19 UTC. Qualquer orientação sobre como resolver os erros seria imensamente apreciada.

Muito obrigado pela ajuda!

Abraços

Você está usando o Cloudflare?

Ainda está pendente no Cloudflare, pois ainda não terminei de configurá-lo. Pode ser por isso?

Você precisa usar a nuvem cinza para poder emitir um certificado.