Let's Encrypt and multisite (on 2 containers)


(Camille Roux) #1

Continuing the discussion from Setting up Let’s Encrypt with Multiple Domains:

Hi!
I tried this how to but nothing changed and /etc/runit/1.d/letsencrypt is not modified.
I’ve 2 containers (data.yml) and web.yml and want to use multisite config.

Here the after_ssl I used (from Setting up Let’s Encrypt with Multiple Domains):

after_ssl:
    - replace:
        filename: "/etc/runit/1.d/letsencrypt"
        from: /-k 4096 -w \/var\/www\/discourse\/public/
        to: |
          -d forum.test.com -d forum2.test.com -d forum-test.test.com -k 4096 -w /var/www/discourse/public

    - replace:
        filename: "/etc/runit/1.d/letsencrypt"
        from: /-k 4096 --force -w \/var\/www\/discourse\/public/
        to: |
          -d forum.test.com -d forum2.test.com -d forum-test.test.com -k 4096 --force -w /var/www/discourse/public

The only discourse the default one (DISCOURSE_HOSTNAME).
For the other one, I get the following error when I do a curl:

curl: (51) SSL: no alternative certificate subject name matches target host name 'forum-test.test.com'


(Brahn) #2

Which yml did you add the after_ssl to?
Also, one of those links about let’s encrypt describes how to inspect the logs of the script, perhaps some in there will help diagnose.


(Camille Roux) #3

I added it to web_only.yml


(Brahn) #4

web.yml or web_only.yml?
What is the launcher command you are using when doing the rebuild?


(Camille Roux) #5

I renamed it web_pe.yml. So I’m using ./launcher rebuild web_pe


(Brahn) #6

I can’t see any recent changes that would stop the regex in the from working but obviously something is not right. Is there anything unusual in the templates: of your web_pe.yml that could be altering the base ssl before the after_ssl happens?