I got the warning email but don’t know how to renew it. [image]

There should be a cronjob that does it automatically for you. Also: [image] Set up HTTPS support with Let's Encrypt Self-Hosting bookmark This is a guide for enabling HTTPS on an existing Discourse installation using Let’s Encrypt. It assumes prior installati…

Our forum is down (i.e. blocked by Safari) due to this certificate having expired today. What’s the cron job? Can I run it manually?

It should happen automatically for you if you are running via Docker. I have never needed to manually renew mine.

Thanks, Robby. The problem was due to the fact that I was blocking port 80 (seemed like a good idea from a security perspective) and didn’t realize that LetsEncrypt used port 80

Yep - outright blocking port 80 is usually a bad idea: people trying to get to the http side won’t be able to connect and thus won’t get the redirect to https let’s encrypt uses http to verify by necessity

Let’s Encrypt needs to expose itself on :80 because verification of the DNS name is done via HTTP. You want to leave it open anyhow as Discourse will take care of any redirection from :80 to 443 for clients who try to visit the insecure URL. The same instance of nginx is listening on :80 and :443 s…

[image] Stephen: Let’s Encrypt needs to expose itself on :80 because verification of the DNS name is done via HTTP. You want to leave it open anyhow as Discourse will take care of any redirection from :80 to 443 for clients who try to visit the insecure URL. Ah yes, if I’d known then what I …

That’s always going to be the risk when you deviate from the recommended configuration. There’s a lot of knowledge here on meta though - maybe next time you want to make those kinds of changes you can run them by us first and we can help you understand any implications and the safest way to make th…

[image] gigperformer: Thanks, Robby. The problem was due to the fact that I was blocking port 80 (seemed like a good idea from a security perspective) and didn’t realize that LetsEncrypt used port 80 You should keep port 80 open and do a redirect to HTTPS. This is how most of the web handles …

Thank you - but in general I don’t want to keep port 80 open — as I mentioned above, I don’t even expose port 443 publicly. I guess I’ll just have to temporarily open it every few months, manually update LetsEncrypt and then close it again or else use the DNS challenge.

How to renew Let's Encrypt?

Soutien

robbyoconnor (Robby O'Connor) Septembre 1, 2017, 2:02 3

There should be a cronjob that does it automatically for you.

Also:

Sujet		Réponses	Vues
SSL didn't renew automatically and I can't manually renew it Self-hosting letsencrypt	0	574	Janvier 9, 2023
Let's Encrypt SSL certificate not renewing automatically 2nd time consecutively Support letsencrypt	3	275	Janvier 26, 2026
SSL LetsEncrypt renewal not working (due to an extra reverse proxy on the outside) Self-hosting	8	1149	Septembre 16, 2020
Discourse failure to renew certificate Bug letsencrypt	24	921	Décembre 23, 2025
Let's Encrypt SSL Certificate Not Renewing Self-hosting letsencrypt	1	213	Octobre 23, 2024

How to renew Let's Encrypt?

Sujets connexes