Problem in installing Let's Encrypt SSL for www and non-www


(Gulshan Kumar) #1

TLDR: Only one version is working with SSL, either www or non-www, as same as hostname provided while installation.

It’s related to Let’s Encrypt SSL installation as written at Docs.

So, after launching setup it was asked to enter

Hostname for your Discourse? [discourse.example.com]: 

So, I typed example.app

Next, after installing Discourse, I am facing one problem that SSL is not working for the www version.
For non-www, it’s works fine.

Ideally, I would like to have SSL for www and non-www version also.


I repeated entire process this time with www.example.com hostname, then SSL for non-www is not working.

What’s I am missing?


(Bhanu Sharma) #2

An easy solution without much messing with the core will be to run discourse behind an nginx reverse proxy and configuring ssl from there.

Other way (I’m not very sure of it) may be to add a letsencrypt command to the ‘after commands’ in app.yml.


(Gulshan Kumar) #3

My problem is similar to SSL working on root, but not on www
I am not getting whole point. In my case, DNS record is also fine. I followed the step by step instruction, I believe it should work, but it’s not working.


(Bhanu Sharma) #4

Your topic & the topic you mentioned seem unrelated as discourse generates a valid certificate for the hostname you specify during install, in the other topic, when they install on www, their cert reports as invalid. I don’t think discourse supports multiple domains for standalone install natively.


(Pooja Patel) #5

Is there any solution for above problem?

Currently i have installed discourse on “example.com”. I have installed lets encrypt on example.com but did not work with www version.

I want to run discourse site as https://www.example.com

How can i do that?


(Gulshan Kumar) #6

@PoojaPatel
Assuming, www is your canonical version for Discourse. But you installed Let’s Encrypt only for apex domain.

Here’s fix…

  • Re-install Discourse
  • Install SSL for your www because that is your canonical
  • Restore Discourse backup
  • Setup Cloudflare
  • Go to DNS
  • Enable its DNS only for www CNAME or A record.
  • However must enable its DNS as well proxy for apex domain
  • Choose Flexible SSL
  • Force HTTPS

EXPECTED: HTTPS version should work fine for redirecting users from non-www to www version. Once I fixed SSL error this problem using this method.

Short version without re-installing SSL at www as per your canonical URL, That I cannot recommend.
(Setup Cloudflare proxy completely over www and non-www)


(Bhanu Sharma) #7

An easier solution is to run discourse behind a reverse proxy like nginx and setting up the SSL and appropriate redirects from there as enabling cloudflare for discourse brings in a whole lot of problems on it’s own.


(Pooja Patel) #8

When I re-install discourse, is my website hostname as www.example.com?

I have installed discourse One-Click Application from DO. Which method are you recommend, One click or Linux command?

Install SSL for your www because that is your canonical

When i installing SSL from below method, I have not entered my domain details, so where i have to add www version of my website address?

However must enable its DNS as well proxy for apex domain

Pls, can you let me more, how to do above step?

Force HTTPS - which option i have to select because there are three option related to https?

  1. Always use HTTPS
  2. HTTP Strict Transport Security (HSTS)
  3. Automatic HTTPS Rewrites

(Brahn) #9

This is how the Let’s encrypt template requests the certificate:

Specifically --issue -d $$ENV_DISCOURSE_HOSTNAME meaning that it only issues a request for the hostname given to discourse. In order to get both www and non-www you need to adjust the template to issue more than one -d argument.

Something like as shown here:
(read the replies, some adjustments to the original topic are necessary but I am unable to edit it)