How to force letsencrypt cert renewal

I just got an email from LetsEncrypt saying we need to force renewal on our certs in the next 12 hours due to a bug on their end. How do we do that with Discourse?

3 Likes

This should work:

ssh root@your.discourse.server
cd /var/discourse/shared/standalone
cp -r ssl ssl_backup
rm ssl/*
cd /var/discourse
./launcher rebuild app
14 Likes

That worked, thank you!

5 Likes

Did not work for me. The certificates are the same as the ones in the ssl_backup directory, after the rebuild.

I tried 2 times ; and the second I deleted the files manually through WinSCP.

How can we force the renew? Likely need --force somewhere.

[Wed 04 Mar 2020 06:33:11 PM UTC] Skip, Next renewal time is: e[1;32mMon 06 Apr 2020 06:24:28 PM UTCe[0m
[Wed 04 Mar 2020 06:33:11 PM UTC] Add 'e[1;31m--forcee[0m' to force to renew.
2 Likes

Per the letsencrypt page, try testing your domain here:

https://checkhost.unboundtest.com/

You may be safe now.

If not, then you do need to force it. I actually forced it from the CLI elsewhere myself as I use that same domain on a non-discourse site as well.

4 Likes

You’re right, I did not check all my domains, I assumed all were concerned, but the one with Discourse can be ignored.

That’s said, I’ve also figured out how to force renew:

  • cd /var/discourse
  • ./launcher enter app
  • "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" --force
  • exit

I don’t know if there is a more direct way, but it worked after refreshing website cache.

6 Likes

You also need to disable cloudflare if you’re using it. I know the discourse devs recommend against it, but it works for me.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.