How should I enable letsencrypt while discourse is beside other websites

that also makes no sense to me too. However I’ve got that from @Sergiz in this topic. I removed it from my /etc/nginx/conf.d/discourse.conf and It works. so I suppose that was a redundant line?

anyway, I think I got it working However I’m not pretty much sure if I’m doing everything right. so I share it here.

for future reference. My discourse is running with VestaCP on Centos 7, which I managed to configure it here.

to make it working with https, I changed the following files thanks to @fefrei and @riking

1- /etc/nginx/conf.d/discourse.conf:

server {
listen      185.51.200.214:80;
server_name talk.zabanshenas.com;
location /.well-known/acme-challenge/ {
root /home/admin/web/talk.zabanshenas.com/public_html;
}
location / {
proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
proxy_http_version 1.1;
}

}
server {
  listen 185.51.200.214:443 http2 ssl;
  server_name talk.zabanshenas.com;  # <-- change this

  ssl on;
  ssl_certificate      /etc/letsencrypt/live/talk.zabanshenas.com/fullchain.pem;
  ssl_certificate_key  /etc/letsencrypt/live/talk.zabanshenas.com/privkey.pem;

  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;

  add_header Strict-Transport-Security "max-age=63072000;";
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;
  ssl_stapling on;
  ssl_stapling_verify on;

  client_max_body_size 0;

  location / {
    proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
    proxy_set_header Host $http_host;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
  }
}

2- /home/admin/conf/web/snginx.conf :

server {
    listen      185.51.200.214:443 http2 ssl;
    server_name talk.zabanshenas.com;
    ssl         on;
    ssl_certificate      /etc/letsencrypt/live/talk.zabanshenas.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/talk.zabanshenas.com/privkey.pem;
    error_log  /var/log/httpd/domains/talk.zabanshenas.com.error.log error;

    location / {
        proxy_pass      https://185.51.200.214:8443;
        location ~* ^.+\.(jpg|jpeg|gif|png|ico|svg|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|odt|ods|odp|odf|tar|wav|bmp|rtf|js|mp3|avi|mpeg|flv|html|htm)$ {
            root           /home/admin/web/talk.zabanshenas.com/public_html;
            access_log     /var/log/httpd/domains/talk.zabanshenas.com.log combined;
            access_log     /var/log/httpd/domains/talk.zabanshenas.com.bytes bytes;
            expires        max;
            try_files      $uri @fallback;
        }
    }

    location /error/ {
        alias   /home/admin/web/talk.zabanshenas.com/document_errors/;
    }

    location @fallback {
        proxy_pass      https://185.51.200.214:8443;
    }

    location ~ /\.ht    {return 404;}
    location ~ /\.svn/  {return 404;}
    location ~ /\.git/  {return 404;}
    location ~ /\.hg/   {return 404;}
    location ~ /\.bzr/  {return 404;}

    include /home/admin/conf/web/snginx.talk.zabanshenas.com.conf*;
}

3- /home/admin/conf/web/shttpd.conf :

<VirtualHost 185.51.200.214:8443>

    ServerName talk.zabanshenas.com
    ServerAlias www.talk.zabanshenas.com
    ServerAdmin info@talk.zabanshenas.com
    DocumentRoot /home/admin/web/talk.zabanshenas.com/public_html
    ScriptAlias /cgi-bin/ /home/admin/web/talk.zabanshenas.com/cgi-bin/
    Alias /vstats/ /home/admin/web/talk.zabanshenas.com/stats/
    Alias /error/ /home/admin/web/talk.zabanshenas.com/document_errors/
    #SuexecUserGroup admin admin
    CustomLog /var/log/httpd/domains/talk.zabanshenas.com.bytes bytes
    CustomLog /var/log/httpd/domains/talk.zabanshenas.com.log combined
    ErrorLog /var/log/httpd/domains/talk.zabanshenas.com.error.log
    <Directory /home/admin/web/talk.zabanshenas.com/public_html>
        AllowOverride All
        SSLRequireSSL
        Options +Includes -Indexes +ExecCGI
        php_admin_value open_basedir /home/admin/web/talk.zabanshenas.com/public_html:/home/admin/tmp
        php_admin_value upload_tmp_dir /home/admin/tmp
        php_admin_value session.save_path /home/admin/tmp
    </Directory>
    <Directory /home/admin/web/talk.zabanshenas.com/stats>
        AllowOverride All
    </Directory>


    <IfModule mod_ruid2.c>
        RMode config
        RUidGid admin admin
        RGroups apache
    </IfModule>
    <IfModule itk.c>
        AssignUserID admin admin
    </IfModule>

    IncludeOptional /home/admin/conf/web/shttpd.talk.zabanshenas.com.conf*

</VirtualHost>

Now normally, I should put the following in the shttpd.conf

SSLEngine on
    SSLVerifyClient none
    SSLCertificateFile /etc/letsencrypt/live/talk.zabanshenas.com/cert.pem;
    SSLCertificateKeyFile /etc/letsencrypt/live/talk.zabanshenas.com/privkey.pem;
    SSLCertificateChainFile /etc/letsencrypt/live/talk.zabanshenas.com/chain.pem;

However when I added that and restarted httpd, It gave error telling that cert.pem is missing while it was obviously there. So I removed all of these lines and restarted httpd and it worked. So at this point, I dont know if I’m doing something wrong.