Let's Encrypt SSL no longer working, Discourse site down


(Ryan Nix) #1

Hello,

For some reason, our Discourse site is down and it appears to be related to SSL. https://discourse.apps.northwestern.edu The app rebuilds just fine, so it appears that Discourse itself is working. I took a log at the acme.sh.log file but I’m not seeing any errors:

root@DiscourseVM:/var/discourse# ./launcher logs app | grep ssl
[Thu Nov 16 12:17:06 UTC 2017] Installing key to:/shared/ssl/discourse.apps.northwestern.edu.key
[Thu Nov 16 12:17:06 UTC 2017] Installing full chain to:/shared/ssl/discourse.apps.northwestern.edu.cer

root@DiscourseVM-app:/shared/letsencrypt# vim acme.sh.log 
[Wed Aug 16 13:38:25 UTC 2017] Lets find script dir.
[Wed Aug 16 13:38:25 UTC 2017] _SCRIPT_='./acme.sh'
[Wed Aug 16 13:38:25 UTC 2017] _script='/root/acme.sh/acme.sh'
[Wed Aug 16 13:38:25 UTC 2017] _script_home='/root/acme.sh'
[Wed Aug 16 13:38:25 UTC 2017] Using config home:/shared/letsencrypt
[Wed Aug 16 13:38:25 UTC 2017] It is recommended to install nc first, try to install 'nc' or 'netcat'.
[Wed Aug 16 13:38:25 UTC 2017] We use nc for standalone server if you use standalone mode.
[Wed Aug 16 13:38:25 UTC 2017] If you don't use standalone mode, just ignore this warning.
[Wed Aug 16 13:38:25 UTC 2017] Installing to /shared/letsencrypt
[Wed Aug 16 13:38:25 UTC 2017] Installed to /shared/letsencrypt/acme.sh
[Wed Aug 16 13:38:25 UTC 2017] Using config home:/shared/letsencrypt
[Wed Aug 16 13:38:25 UTC 2017] Using sed  -i
[Wed Aug 16 13:38:25 UTC 2017] Found profile: /root/.profile
[Wed Aug 16 13:38:25 UTC 2017] Installing alias to '/root/.profile'
[Wed Aug 16 13:38:25 UTC 2017] OK, Close and reopen your terminal to start using acme.sh
[Wed Aug 16 13:38:25 UTC 2017] Using config home:/shared/letsencrypt
[Wed Aug 16 13:38:25 UTC 2017] Using config home:/shared/letsencrypt
[Wed Aug 16 13:38:25 UTC 2017] Installing cron job
[Wed Aug 16 13:38:25 UTC 2017] Good, bash is found, so change the shebang to use bash as preferred.
[Wed Aug 16 13:38:25 UTC 2017] OK

Where else could I look?

Thank you!

Ryan


(Ryan Nix) #2

It looks like the cert has expired but a container rebuild won’t renew it.


(Ryan Nix) #3

Fixed the issue. If anyone is curious, you need both 443 AND 80 open to the world. I only have 443 open.


(Régis Hanol) #4