Not able to access site after letsencrypt cert expiry and rebuild due to IPV6


(Umashankar) #1

Hi,

Please help with below issue.

Letsencrypt cert expired, thought that rebuilding the app would renew the cert ,rebuild done.

Now I get this error nginx: [emerg] PEM_read_bio_X509_AUX("/shared/ssl/javaqna.com.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)


(Markus) #2

Have you tried to remove the old one (ssl folder) and than rebuild it?


(Umashankar) #3

Hi Markus,

Thanks for the reply.

i have executed below from the thread

rm -rf /var/discourse/shared/standalone/ssl
rm -rf /var/discourse/shared/standalone/letsencrypt
./launcher rebuild app

not sure what i’m missing :frowning:


(Matt Palmer) #4

What do the rebuild logs say?


(Umashankar) #5

I get the message
[emerg] PEM_read_bio_X509_AUX("/shared/ssl/javaqna.com.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

also mentioned in the first thread itself.

Thank you.


(Umashankar) #6

Hi,

Any one help with this issue. not able to understand what is the error with letsencrypt. tried rebuilding by removing ssl folder cert files serveral times as mentioned above, but no luck.

Thanks.


(Alan Tan) #8

I worked with @Umashankar_Ankuri and this looks like a case where the domain’s IPv6 address was configured incorrectly causing the validation check to fail.

@Umashankar_Ankuri can confirm the problem once he fixes his DNS settings.


Problem with my SSL certificate
(Matt Palmer) #9

Aaah, yes, that been causing some heartburn over on the LE forums.


(Umashankar) #10

HI Guo Xiang Tan,

I have fixed problem with IPV6, just removed those records from DNS. and discourse is now up!! we can mark this as fixed.

Just wondering how it worked for the first time!!

Thank you.


(Matt Palmer) #11

As per the LE forum topic I linked to earlier, LE recently changed their behaviour from preferring IPv4 to preferring IPv6 records first.