I just got an email from LetsEncrypt saying we need to force renewal on our certs in the next 12 hours due to a bug on their end. How do we do that with Discourse?
This should work:
ssh root@your.discourse.server
cd /var/discourse/shared/standalone
cp -r ssl ssl_backup
rm ssl/*
cd /var/discourse
./launcher rebuild app
That worked, thank you!
Did not work for me. The certificates are the same as the ones in the ssl_backup directory, after the rebuild.
I tried 2 times ; and the second I deleted the files manually through WinSCP.
How can we force the renew? Likely need --force
somewhere.
[Wed 04 Mar 2020 06:33:11 PM UTC] Skip, Next renewal time is: e[1;32mMon 06 Apr 2020 06:24:28 PM UTCe[0m
[Wed 04 Mar 2020 06:33:11 PM UTC] Add 'e[1;31m--forcee[0m' to force to renew.
Per the letsencrypt page, try testing your domain here:
https://checkhost.unboundtest.com/
You may be safe now.
If not, then you do need to force it. I actually forced it from the CLI elsewhere myself as I use that same domain on a non-discourse site as well.
You’re right, I did not check all my domains, I assumed all were concerned, but the one with Discourse can be ignored.
That’s said, I’ve also figured out how to force renew:
cd /var/discourse
./launcher enter app
"/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" --force
exit
I don’t know if there is a more direct way, but it worked after refreshing website cache.
You also need to disable cloudflare if you’re using it. I know the discourse devs recommend against it, but it works for me.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.