Minimum needed to get LetsEncrypt working on a GCE instance

(Daniel Mahler) #1

I have a working Discourse instance on a GCE instance.
I have email working through Mailjet by setting smtp_port=2525
I am now trying to enable HTTPS.

My reading of Setting up Let's Encrypt
is that I just need to uncomment

  #- "templates/web.ssl.template.yml"
  #- "templates/web.letsencrypt.ssl.template.yml"

in app.yml and set LETSENCRYPT_ACCOUNT_EMAIL to the email address I have registered with Mailjet,
which is the same as DISCOURSE_DEVELOPER_EMAILS and the From: address used by Discourse,
and then rebuild and restart Discourse with

sudo ./launcher rebuild app

After that LetsEncrypt/HTTPS should just work automagically if I understand the instructions correctly.
However I am finding that Discourse just becomes inaccessible after that.
It becomes accessible again if I undo the above changes and rebuild again.

Am I missing something?
Is there anything special needed on GCE?

I currently use the GCE external IP as DISCOURSE_HOSTNAME,
which is working fine with regular HTTP.
Do I need to set up a DNS domain and hotname to wok with LetsEncrypt?

(Alan Tan) #2

Yup you’ll need to have a valid hostname in order to get a cert.

(Daniel Mahler) #3

Thanks! Why does my Discourse become completely inaccessible though rather than keep working through HTTP?

(Alan Tan) #4

Because when you uncomment the web.ssl.template.yml it redirects all HTTP traffic to use HTTPS. Known issue but not trivial to fix.