Non-LetsEncrypt SSL certificate


(Susan Spencer) #1

FYI, if you use non-Let’s Encrypt certificates, here are steps to install your SSL certificate files. My certs come from DigiCert, so I’ll use it in the example:

After you’ve received your-domain_com.crt (primary certificate), DigiCert.crt (intermediate certificate) and your-domain_com.key:

  1. Check them for errors: (more about this here)

openssl x509 -in your-domain_com.crt -text -noout
openssl x509 -in DigiCert.crt -text -noout
openssl rsa -in ssl.key -text -noout

  1. Upload them to this directory (create the directory if needed)

/var/discourse/shared/standalone/ssl

  1. Concatenate the .crt files, with your domain crt file as the first file, to ssl.crt

cat your-domain_com.crt DigiCert.crt > ssl.crt

  1. Copy your key file to ssl.key

cp your-domain_com.key ssl.key

  1. Update the /var/discourse/containers/app.yml file:
    web.template.yml and web.ssl.template.yml – uncomment in templates section
    “85:80”, “2222:22”, and “443:443” – list these on separate lines in exposed section

  2. Set permissions on the ssl directory & files to the same user & group as your
    /var/discourse/shared/standalone/uploads directory
    (this allows nginx to find the ssl files) - the directory should not belong to root.

chown -R youruser:yourgroup /var/discourse/shared/standalone/ssl

  1. Rebuild app from /var/discourse directory:

./laucher rebuild app

  1. Check logs for errors:

./launcher logs app