Minimum needed to get LetsEncrypt working on a GCE instance

I have a working Discourse instance on a GCE instance.
I have email working through Mailjet by setting smtp_port=2525
I am now trying to enable HTTPS.

My reading of Setting up HTTPS support with Let's Encrypt
is that I just need to uncomment

  #- "templates/web.ssl.template.yml"
  #- "templates/web.letsencrypt.ssl.template.yml"

in app.yml and set LETSENCRYPT_ACCOUNT_EMAIL to the email address I have registered with Mailjet,
which is the same as DISCOURSE_DEVELOPER_EMAILS and the From: address used by Discourse,
and then rebuild and restart Discourse with

sudo ./launcher rebuild app

After that LetsEncrypt/HTTPS should just work automagically if I understand the instructions correctly.
However I am finding that Discourse just becomes inaccessible after that.
It becomes accessible again if I undo the above changes and rebuild again.

Am I missing something?
Is there anything special needed on GCE?

I currently use the GCE external IP as DISCOURSE_HOSTNAME,
which is working fine with regular HTTP.
Do I need to set up a DNS domain and hotname to wok with LetsEncrypt?

Yup you’ll need to have a valid hostname in order to get a cert.

2 Likes

Thanks! Why does my Discourse become completely inaccessible though rather than keep working through HTTP?

Because when you uncomment the web.ssl.template.yml it redirects all HTTP traffic to use HTTPS. Known issue but not trivial to fix.

4 Likes

This topic was automatically closed after 2544 days. New replies are no longer allowed.