Is it possible to verify both www and non-www version of my site using LetsEncrypt (using ./discourse-setup file)?


#1

Hi,

I ran ./discourse-setup and enabled LetsEncrypt SSL for non-www version of my site.
When accessing the non-www version of my site using HTTPS, everything is good.

But when accessing the www version of my site using HTTPS, it throws as an error stating the connection is not secure.

(yes, redirection from www to non-www is already in place. But I get this error even before that happens. If I ignore the error, it redirects me to the non-www version and everything is good.)

So my question:
Is it possible to verify both www and non-www versions of my site using ./discourse-setup ?


(Tomasz Lotocki) #2

While requesting cert from letsencrypt do it like that (with comma):

yoursite.com, www.yoursite.com

Currently Letsencrypt does not support wildcards.


#3

Is it possible to do when using ./discourse-setup ? because I didn’t find an option there


(Tomasz Lotocki) #4

I’m pretty sure that is how I have done it. It just worked out of the box.


#5

I got an error when I put a comma there while running ./discourse-setup file


#6

Just have to say: GREAT question :slight_smile: This has been nagging me for a while!


#7

@merefield
Thanks. :slight_smile:

I found this DOC

Following the instructions given there.
I will update this thread after trying that. :slightly_smiling_face:


(Tomasz Lotocki) #8

nah this is not needed, let me check


(Tomasz Lotocki) #9

If you have a new install you should not be required to edit anything. Did you rebuild the app afterwords?


#10

I followed this DOC, But it didn’t work for me :frowning:

app.yml file

> ## this is the all-in-one, standalone Discourse Docker container template
> ##
> ## After making changes to this file, you MUST rebuild
> ## /var/discourse/launcher rebuild app
> ##
> ## BE *VERY* CAREFUL WHEN EDITING!
> ## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
> ## visit http://www.yamllint.com/ to validate this file as needed
> 
> templates:
>   - "templates/postgres.template.yml"
>   - "templates/redis.template.yml"
>   - "templates/web.template.yml"
>   - "templates/web.ratelimited.template.yml"
> ## Uncomment these two lines if you wish to add Lets Encrypt (https)
>   - "templates/web.ssl.template.yml"
>   - "templates/web.letsencrypt.ssl.template.yml"
> 
> ## which TCP/IP ports should this container expose?
> ## If you want Discourse to share a port with another webserver like Apache or nginx,
> ## see https://meta.discourse.org/t/17247 for details
> expose:
>   - "80:80"   # http
>   - "443:443" # https
> 
> params:
>   db_default_text_search_config: "pg_catalog.english"
> 
>   ## Set db_shared_buffers to a max of 25% of the total memory.
>   ## will be set automatically by bootstrap based on detected RAM, or you can override
>   db_shared_buffers: "1024MB"
> 
>   ## can improve sorting performance, but adds memory usage per-connection
>   #db_work_mem: "40MB"
> 
>   ## Which Git revision should this container use? (default: tests-passed)
>   version: 6dad7dfcec5407d5ed1c526b6191b5c2e4153a39
> 
> env:
>   LANG: en_US.UTF-8
>   # DISCOURSE_DEFAULT_LOCALE: en
> 
>   ## How many concurrent web requests are supported? Depends on memory and CPU cores.
>   ## will be set automatically by bootstrap based on detected CPUs, or you can override
>   UNICORN_WORKERS: 4
> 
>   ## TODO: The domain name this Discourse instance will respond to
>   DISCOURSE_HOSTNAME: mysite.com
> 
>   ## Uncomment if you want the container to be started with the same
>   ## hostname (-h option) as specified above (default "$hostname-$config")
>   #DOCKER_USE_HOSTNAME: true
> 
>   ## TODO: List of comma delimited emails that will be made admin and developer
>   ## on initial signup example 'user1@example.com,user2@example.com'
>   DISCOURSE_DEVELOPER_EMAILS: 'support@mysite.com'
> 
>   ## TODO: The SMTP mail server used to validate new accounts and send notifications
>   DISCOURSE_SMTP_ADDRESS: abc
>   DISCOURSE_SMTP_PORT: 587
>   DISCOURSE_SMTP_USER_NAME: abc
>   DISCOURSE_SMTP_PASSWORD: "asdfasdfasdfasfsafaf"
>   #DISCOURSE_SMTP_ENABLE_START_TLS: true           # (optional, default true)
> 
>   ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
>   LETSENCRYPT_ACCOUNT_EMAIL: support@mysite.com
> 
>   ## The CDN address for this Discourse instance (configured to pull)
>   ## see https://meta.discourse.org/t/14857 for details
>   #DISCOURSE_CDN_URL: //discourse-cdn.example.com
> 
> ## The Docker container is stateless; all data is stored in /shared
> volumes:
>   - volume:
>       host: /var/discourse/shared/standalone
>       guest: /shared
>   - volume:
>       host: /var/discourse/shared/standalone/log/var-log
>       guest: /var/log
> 
> ## Plugins go here
> ## see https://meta.discourse.org/t/19157 for details
> hooks:
>   after_code:
>     - exec:
>         cd: $home/plugins
>         cmd:
>           - git clone https://github.com/discourse/docker_manager.git
>           
>   
>   after_ssl:
>     - replace:
>         filename: "/etc/runit/1.d/letsencrypt"
>         from: /-k 4096 -w \/var\/www\/discourse\/public/
>         to: |
>           -d mysite.com -d www.mysite.com -k 4096 -w /var/www/discourse/public
>   
>     - replace:
>         filename: "/etc/runit/1.d/letsencrypt"
>         from: /-k 4096 --force -w \/var\/www\/discourse\/public/
>         to: |
>           -d mysite.com -d www.mysite.com -k 4096 --force -w /var/www/discourse/public
>   
>   after_web_config:
>     - replace:
>         filename: "/etc/nginx/conf.d/discourse.conf"
>         from: /rewrite \^ https.+/
>         to: |
>           return 301 https://$host$request_uri;
>     - replace:
>         filename: "/etc/nginx/conf.d/discourse.conf"
>         from: /gzip on;[^\}]+\}/m
>         to: |
>           gzip on;
> 
>     - replace:
>         filename: /etc/nginx/nginx.conf
>         from: /sendfile.+on;/
>         to: |
>           server_names_hash_bucket_size 64;
>           sendfile on;
>     - file:
>         path: /etc/nginx/conf.d/discourse_redirect_1.conf
>         contents: |
>           server {
>             listen 80;
>             server_name www.mysite.com;
>             return 301 $scheme://mysite.com$request_uri;
>           }
> 
> 
> ## Any custom commands to run after building
> run:
>   - exec: echo "Beginning of custom commands"
>   - replace:
>       filename: "/etc/nginx/conf.d/discourse.conf"
>       from: /client_max_body_size.+$/
>       to: client_max_body_size 99m;
>   ## If you want to set the 'From' email address for your first registration, uncomment and change:
>   ## After getting the first signup email, re-comment the line. It only needs to run once.
>   #- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
>   - exec: echo "End of custom commands"

#11

Does this work on rebuild? Can I do this by just editing app.yml, e.g.:

 TODO: The domain name this Discourse instance will respond to
 DISCOURSE_HOSTNAME: www.mydomain.org, discourse.mydomain.org, mydomain.org

and then simply run:

./launcher rebuild app

EDIT: am I crazy? of course that didn’t work! Breaks the site completely. My other site has this behaviour and only has a single entry here, the www.mydomain.org variety.

Will look at DNS entries to see if I can make it work there …


(cpradio) #12

Did you try reading Setting up Let’s Encrypt with Multiple Domains


#13

@cpradio will delve into that … the weird thing is I have two sites, both on https, and only differ in the DNS config (as DNS is set up on different services, but both share same VPS hosting service), yet the discourse. version fails on only one of the sites …


(Tomasz Lotocki) #14

It is strange. I have recently set up 2 sites and I had no issues with Letsencrypt. It was just working.

Are you sure this is not your setup? Try maybe a digital ocean new droplet and see what happens then?