Ho appena ricevuto un’email da Let’s Encrypt che dice che dobbiamo forzare il rinnovo dei nostri certificati nelle prossime 12 ore a causa di un bug dal loro lato. Come possiamo farlo con Discourse?
This should work:
ssh root@your.discourse.server
cd /var/discourse/shared/standalone
cp -r ssl ssl_backup
rm ssl/*
cd /var/discourse
./launcher rebuild app
That worked, thank you!
Did not work for me. The certificates are the same as the ones in the ssl_backup directory, after the rebuild.
I tried 2 times ; and the second I deleted the files manually through WinSCP.
How can we force the renew? Likely need --force somewhere.
[Wed 04 Mar 2020 06:33:11 PM UTC] Skip, Next renewal time is: e[1;32mMon 06 Apr 2020 06:24:28 PM UTCe[0m
[Wed 04 Mar 2020 06:33:11 PM UTC] Add 'e[1;31m--forcee[0m' to force to renew.
Per the letsencrypt page, try testing your domain here:
https://checkhost.unboundtest.com/
You may be safe now.
If not, then you do need to force it. I actually forced it from the CLI elsewhere myself as I use that same domain on a non-discourse site as well.
You’re right, I did not check all my domains, I assumed all were concerned, but the one with Discourse can be ignored.
That’s said, I’ve also figured out how to force renew:
cd /var/discourse./launcher enter app"/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" --forceexit
I don’t know if there is a more direct way, but it worked after refreshing website cache.
You also need to disable cloudflare if you’re using it. I know the discourse devs recommend against it, but it works for me.