tl;dr: If you need to change the address LETSENCRYPT_ACCOUNT_EMAIL you need to delete the lets encrypt directory before running it again.
I enabled Let’s Encrypt on a site today. I used a script that copied DISCOURSE_DEVELOPER_EMAILS to LETSENCRYPT_ACCOUNT_EMAIL. I knew it was a bad idea when I wrote the script, but, you know, I was sure that I would never run it when there was more than one email address in DISCOURSE_DEVELOPER_EMAILS. But that’s what I did.
No biggie, I thought, but when I fixed app.yml and rebuilt nginx still wouldn’t come up.
From the logs, @tgxworld, it looks like it’s still trying to register with the original three addresses that were in DISCOURSE_DEVELOPER_EMAILS.
[Tue Mar 14 22:50:34 UTC 2017] Registering account
[Tue Mar 14 22:50:35 UTC 2017] ESC[1;31;40mRegister account Error: {"type":"urn:acme:error:invali
dEmail","detail":"more than one e-mail address","status": 400}ESC[0m
[Tue Mar 14 22:50:35 UTC 2017] ESC[1;31;40mPlease add '--debug' or '--log' to check more details.
ESC[0m
[Tue Mar 14 22:50:35 UTC 2017] ESC[1;31;40mSee: https://github.com/Neilpang/acme.sh/wiki/How-to-d
ebug-acme.shESC[0m
[Tue Mar 14 22:50:35 UTC 2017] Installing key to:/shared/ssl/forum.SITE.org.key
cat: /shared/letsencrypt/forum.SITE.org/forum.SITE.org.key: No such file or directory
[Tue Mar 14 22:50:35 UTC 2017] Installing full chain to:/shared/ssl/forum.SITE.org.cer
cat: /shared/letsencrypt/forum.SITE.org/fullchain.cer: No such file or directory
[Tue Mar 14 22:50:35 UTC 2017] Run Le_ReloadCmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Tue Mar 14 22:50:35 UTC 2017] ESC[1;31;40mReload error for :forum.SITE.orgESC[0m
and this from the end:
nginx: [emerg] PEM_read_bio_X509_AUX("/shared/ssl/forum.casrai.org.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
Finally, I did a rm /var/discourse/shared/standalone/letsencrypt and rebuilt again.
and it worked.
