I’m running a discourse app on a linode, DNS records are alright.
Back when I installed the app I followed this howto:
My ssl certificate expired yesterday, and I don’t know why it hadn’t got renewed.
I tried to rebuild the app, what works without errors, but in the logs I have
templates:
- "templates/postgres.template.yml"
- "templates/redis.template.yml"
- "templates/web.template.yml"
- "templates/web.ratelimited.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
- "templates/web.ssl.template.yml"
- "templates/web.letsencrypt.ssl.template.yml"
## which TCP/IP ports should this container expose?
## If you want Discourse to share a port with another webserver like Apache or nginx,
## see https://meta.discourse.org/t/17247 for details
expose:
- "80:80" # http
- "443:443" # https
/usr/sbin/nginx -c /etc/nginx/letsencrypt.conf
[...]
[Wed Aug 2 17:13:52 UTC 2017] GET
[Wed Aug 2 17:13:52 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/[...]'
[Wed Aug 2 17:13:52 UTC 2017] timeout
[Wed Aug 2 17:13:52 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Wed Aug 2 17:13:52 UTC 2017] ret='0'
[Wed Aug 2 17:13:52 UTC 2017] Pending
[Wed Aug 2 17:13:52 UTC 2017] sleep 2 secs to verify
[Wed Aug 2 17:13:54 UTC 2017] checking
[Wed Aug 2 17:13:54 UTC 2017] GET
[Wed Aug 2 17:13:54 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/[...]'
[Wed Aug 2 17:13:54 UTC 2017] timeout
[Wed Aug 2 17:13:55 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Wed Aug 2 17:13:55 UTC 2017] ret='0'
[Wed Aug 2 17:13:55 UTC 2017] Pending
[Wed Aug 2 17:13:55 UTC 2017] sleep 2 secs to verify
[Wed Aug 2 17:13:57 UTC 2017] checking
[Wed Aug 2 17:13:57 UTC 2017] GET
[Wed Aug 2 17:13:57 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/[...]'
[Wed Aug 2 17:13:57 UTC 2017] timeout
[Wed Aug 2 17:13:57 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Wed Aug 2 17:13:58 UTC 2017] ret='0'
[Wed Aug 2 17:13:58 UTC 2017] MYDOMAIN:Verify error:Fetching http://MYDOMAIN/.well-known/acme-challenge/[...]: Timeout
[Wed Aug 2 17:13:58 UTC 2017] Debug: get token url.
[Wed Aug 2 17:13:58 UTC 2017] GET
[Wed Aug 2 17:13:58 UTC 2017] url='http://MYDOMAIN/.well-known/acme-challenge/[...]'
[Wed Aug 2 17:13:58 UTC 2017] timeout='1'
[Wed Aug 2 17:13:58 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header --connect-timeout 1'
[Wed Aug 2 17:13:59 UTC 2017] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
[Wed Aug 2 17:13:59 UTC 2017] ret='28'
[Wed Aug 2 17:13:59 UTC 2017] Debugging, skip removing: /var/www/discourse/public/.well-known
[Wed Aug 2 17:13:59 UTC 2017] pid
[Wed Aug 2 17:13:59 UTC 2017] No need to restore nginx, skip.
[Wed Aug 2 17:13:59 UTC 2017] _clearupdns
[Wed Aug 2 17:13:59 UTC 2017] skip dns.
[Wed Aug 2 17:13:59 UTC 2017] _on_issue_err
[Wed Aug 2 17:13:59 UTC 2017] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Wed Aug 2 17:13:59 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/[...]'
[Wed Aug 2 17:13:59 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "[...]"}'
[Wed Aug 2 17:13:59 UTC 2017] POST
[Wed Aug 2 17:13:59 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/[...]'
[Wed Aug 2 17:13:59 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Wed Aug 2 17:14:00 UTC 2017] _ret='0'
[Wed Aug 2 17:14:00 UTC 2017] code='400'
[Wed Aug 2 17:14:00 UTC 2017] nc doesn't exists.
[Wed Aug 2 17:14:00 UTC 2017] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2g 1 Mar 2016
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.12.1
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4)
built with OpenSSL 1.0.2g 1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_v2_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads --add-module=/tmp/ngx_brotli
nc:
2 Removing cert files and rebuilding succeeds without errors, but doesn’t solve my ssl problem. Result is the same like before. Only the .key-file has content and the nginx emergency error comes every second.
$ cat shared/standalone/letsencrypt/acme.sh.log
[Tue Aug 8 13:30:43 UTC 2017] Lets find script dir.
[Tue Aug 8 13:30:43 UTC 2017] _SCRIPT_='./acme.sh'
[Tue Aug 8 13:30:43 UTC 2017] _script='/root/acme.sh/acme.sh'
[Tue Aug 8 13:30:43 UTC 2017] _script_home='/root/acme.sh'
[Tue Aug 8 13:30:43 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug 8 13:30:43 UTC 2017] It is recommended to install nc first, try to install 'nc' or 'netcat'.
[Tue Aug 8 13:30:43 UTC 2017] We use nc for standalone server if you use standalone mode.
[Tue Aug 8 13:30:43 UTC 2017] If you don't use standalone mode, just ignore this warning.
[Tue Aug 8 13:30:43 UTC 2017] Installing to /shared/letsencrypt
[Tue Aug 8 13:30:43 UTC 2017] Installed to /shared/letsencrypt/acme.sh
[Tue Aug 8 13:30:43 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug 8 13:30:43 UTC 2017] Using sed -i
[Tue Aug 8 13:30:43 UTC 2017] Found profile: /root/.profile
[Tue Aug 8 13:30:43 UTC 2017] Installing alias to '/root/.profile'
[Tue Aug 8 13:30:43 UTC 2017] OK, Close and reopen your terminal to start using acme.sh
[Tue Aug 8 13:30:43 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug 8 13:30:43 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug 8 13:30:43 UTC 2017] Installing cron job
[Tue Aug 8 13:30:43 UTC 2017] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Aug 8 13:30:44 UTC 2017] OK
[Tue Aug 8 13:30:44 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug 8 13:30:44 UTC 2017] Installing from online archive.
[Tue Aug 8 13:30:44 UTC 2017] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Tue Aug 8 13:30:44 UTC 2017] GET
[Tue Aug 8 13:30:44 UTC 2017] url='https://github.com/Neilpang/acme.sh/archive/master.tar.gz'
[Tue Aug 8 13:30:44 UTC 2017] timeout
[Tue Aug 8 13:30:44 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:30:46 UTC 2017] ret='0'
[Tue Aug 8 13:30:46 UTC 2017] Extracting master.tar.gz
[Tue Aug 8 13:30:46 UTC 2017] Skip install cron job
[Tue Aug 8 13:30:46 UTC 2017] It is recommended to install nc first, try to install 'nc' or 'netcat'.
[Tue Aug 8 13:30:46 UTC 2017] We use nc for standalone server if you use standalone mode.
[Tue Aug 8 13:30:46 UTC 2017] If you don't use standalone mode, just ignore this warning.
[Tue Aug 8 13:30:46 UTC 2017] Installing to /shared/letsencrypt
[Tue Aug 8 13:30:46 UTC 2017] Installed to /shared/letsencrypt/acme.sh
[Tue Aug 8 13:30:46 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug 8 13:30:46 UTC 2017] Using sed -i
[Tue Aug 8 13:30:46 UTC 2017] Found profile: /root/.profile
[Tue Aug 8 13:30:46 UTC 2017] Installing alias to '/root/.profile'
[Tue Aug 8 13:30:46 UTC 2017] OK, Close and reopen your terminal to start using acme.sh
[Tue Aug 8 13:30:46 UTC 2017] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Aug 8 13:30:46 UTC 2017] OK
[Tue Aug 8 13:30:46 UTC 2017] Install success!
[Tue Aug 8 13:30:46 UTC 2017] Upgrade success!
[Tue Aug 8 13:31:33 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug 8 13:31:33 UTC 2017] DOMAIN_PATH='/shared/letsencrypt/forum.solawi-dortmund.org'
[Tue Aug 8 13:31:33 UTC 2017] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug 8 13:31:33 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug 8 13:31:33 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Aug 8 13:31:33 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug 8 13:31:33 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Aug 8 13:31:33 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug 8 13:31:33 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Aug 8 13:31:33 UTC 2017] _on_before_issue
[Tue Aug 8 13:31:33 UTC 2017] Le_LocalAddress
[Tue Aug 8 13:31:33 UTC 2017] Check for domain='forum.solawi-dortmund.org'
[Tue Aug 8 13:31:33 UTC 2017] _currentRoot='/var/www/discourse/public'
[Tue Aug 8 13:31:33 UTC 2017] config file is empty, can not read CA_KEY_HASH
[Tue Aug 8 13:31:33 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug 8 13:31:33 UTC 2017] Use default length 2048
[Tue Aug 8 13:31:33 UTC 2017] length='2048'
[Tue Aug 8 13:31:33 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug 8 13:31:33 UTC 2017] Use length 2048
[Tue Aug 8 13:31:33 UTC 2017] Using RSA: 2048
[Tue Aug 8 13:31:33 UTC 2017] RSA key
[Tue Aug 8 13:31:33 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug 8 13:31:33 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Aug 8 13:31:33 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug 8 13:31:33 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Aug 8 13:31:33 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug 8 13:31:33 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Aug 8 13:31:33 UTC 2017] AGREEMENT
[Tue Aug 8 13:31:33 UTC 2017] Registering account
[Tue Aug 8 13:31:33 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug 8 13:31:33 UTC 2017] payload='{"resource": "new-reg", "agreement": ""}'
[Tue Aug 8 13:31:33 UTC 2017] GET
[Tue Aug 8 13:31:33 UTC 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Tue Aug 8 13:31:33 UTC 2017] timeout
[Tue Aug 8 13:31:33 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:33 UTC 2017] ret='0'
[Tue Aug 8 13:31:33 UTC 2017] POST
[Tue Aug 8 13:31:33 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug 8 13:31:33 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:34 UTC 2017] _ret='0'
[Tue Aug 8 13:31:34 UTC 2017] code='201'
[Tue Aug 8 13:31:34 UTC 2017] Registered
[Tue Aug 8 13:31:34 UTC 2017] _accUri='https://acme-v01.api.letsencrypt.org/acme/reg/19708985'
[Tue Aug 8 13:31:34 UTC 2017] _tos='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
[Tue Aug 8 13:31:34 UTC 2017] AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
[Tue Aug 8 13:31:34 UTC 2017] Update tos: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
[Tue Aug 8 13:31:34 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/reg/19708985'
[Tue Aug 8 13:31:34 UTC 2017] payload='{"resource": "reg", "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"}'
[Tue Aug 8 13:31:34 UTC 2017] POST
[Tue Aug 8 13:31:34 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/reg/19708985'
[Tue Aug 8 13:31:34 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:35 UTC 2017] _ret='0'
[Tue Aug 8 13:31:35 UTC 2017] code='202'
[Tue Aug 8 13:31:35 UTC 2017] Update account tos info success.
[Tue Aug 8 13:31:35 UTC 2017] Calc CA_KEY_HASH='TPAKOQuzF4DEwvO08enXxxtGMaZd+pMzlBJKdSPWjtI='
[Tue Aug 8 13:31:35 UTC 2017] ACCOUNT_THUMBPRINT='JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4'
[Tue Aug 8 13:31:35 UTC 2017] Read key length:
[Tue Aug 8 13:31:35 UTC 2017] Creating domain key
[Tue Aug 8 13:31:35 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug 8 13:31:35 UTC 2017] Use length 4096
[Tue Aug 8 13:31:35 UTC 2017] Using RSA: 4096
[Tue Aug 8 13:31:35 UTC 2017] The domain key is here: /shared/letsencrypt/forum.solawi-dortmund.org/forum.solawi-dortmund.org.key
[Tue Aug 8 13:31:35 UTC 2017] _createcsr
[Tue Aug 8 13:31:35 UTC 2017] Single domain='forum.solawi-dortmund.org'
[Tue Aug 8 13:31:35 UTC 2017] Getting domain auth token for each domain
[Tue Aug 8 13:31:35 UTC 2017] Getting webroot for domain='forum.solawi-dortmund.org'
[Tue Aug 8 13:31:35 UTC 2017] _w='/var/www/discourse/public'
[Tue Aug 8 13:31:35 UTC 2017] _currentRoot='/var/www/discourse/public'
[Tue Aug 8 13:31:35 UTC 2017] Getting new-authz for domain='forum.solawi-dortmund.org'
[Tue Aug 8 13:31:35 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug 8 13:31:35 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Aug 8 13:31:35 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug 8 13:31:35 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Aug 8 13:31:35 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug 8 13:31:35 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Aug 8 13:31:35 UTC 2017] Try new-authz for the 0 time.
[Tue Aug 8 13:31:35 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug 8 13:31:35 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "forum.solawi-dortmund.org"}}'
[Tue Aug 8 13:31:36 UTC 2017] POST
[Tue Aug 8 13:31:36 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug 8 13:31:36 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:36 UTC 2017] _ret='0'
[Tue Aug 8 13:31:36 UTC 2017] code='201'
[Tue Aug 8 13:31:36 UTC 2017] The new-authz request is ok.
[Tue Aug 8 13:31:36 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741","token":"pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M"'
[Tue Aug 8 13:31:36 UTC 2017] token='pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M'
[Tue Aug 8 13:31:36 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug 8 13:31:36 UTC 2017] keyauthorization='pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4'
[Tue Aug 8 13:31:36 UTC 2017] dvlist='forum.solawi-dortmund.org#pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4#https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741#http-01#/var/www/discourse/public'
[Tue Aug 8 13:31:36 UTC 2017] vlist='forum.solawi-dortmund.org#pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4#https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741#http-01#/var/www/discourse/public,'
[Tue Aug 8 13:31:36 UTC 2017] ok, let's start to verify
[Tue Aug 8 13:31:36 UTC 2017] Verifying:forum.solawi-dortmund.org
[Tue Aug 8 13:31:36 UTC 2017] d='forum.solawi-dortmund.org'
[Tue Aug 8 13:31:36 UTC 2017] keyauthorization='pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4'
[Tue Aug 8 13:31:36 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug 8 13:31:36 UTC 2017] _currentRoot='/var/www/discourse/public'
[Tue Aug 8 13:31:36 UTC 2017] wellknown_path='/var/www/discourse/public/.well-known/acme-challenge'
[Tue Aug 8 13:31:36 UTC 2017] writing token:pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M to /var/www/discourse/public/.well-known/acme-challenge/pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M
[Tue Aug 8 13:31:36 UTC 2017] Changing owner/group of .well-known to discourse:discourse
[Tue Aug 8 13:31:37 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug 8 13:31:37 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4"}'
[Tue Aug 8 13:31:37 UTC 2017] POST
[Tue Aug 8 13:31:37 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug 8 13:31:37 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:37 UTC 2017] _ret='0'
[Tue Aug 8 13:31:37 UTC 2017] code='202'
[Tue Aug 8 13:31:37 UTC 2017] sleep 2 secs to verify
[Tue Aug 8 13:31:39 UTC 2017] checking
[Tue Aug 8 13:31:39 UTC 2017] GET
[Tue Aug 8 13:31:39 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug 8 13:31:39 UTC 2017] timeout
[Tue Aug 8 13:31:39 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:40 UTC 2017] ret='0'
[Tue Aug 8 13:31:40 UTC 2017] Pending
[Tue Aug 8 13:31:40 UTC 2017] sleep 2 secs to verify
[Tue Aug 8 13:31:42 UTC 2017] checking
[Tue Aug 8 13:31:42 UTC 2017] GET
[Tue Aug 8 13:31:42 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug 8 13:31:42 UTC 2017] timeout
[Tue Aug 8 13:31:42 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:42 UTC 2017] ret='0'
[Tue Aug 8 13:31:42 UTC 2017] Pending
[Tue Aug 8 13:31:42 UTC 2017] sleep 2 secs to verify
[Tue Aug 8 13:31:44 UTC 2017] checking
[Tue Aug 8 13:31:44 UTC 2017] GET
[Tue Aug 8 13:31:44 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug 8 13:31:44 UTC 2017] timeout
[Tue Aug 8 13:31:44 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:45 UTC 2017] ret='0'
[Tue Aug 8 13:31:45 UTC 2017] forum.solawi-dortmund.org:Verify error:Fetching http://forum.solawi-dortmund.org/.well-known/acme-challenge/pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M: Timeout
[Tue Aug 8 13:31:45 UTC 2017] pid
[Tue Aug 8 13:31:45 UTC 2017] No need to restore nginx, skip.
[Tue Aug 8 13:31:45 UTC 2017] _clearupdns
[Tue Aug 8 13:31:45 UTC 2017] skip dns.
[Tue Aug 8 13:31:45 UTC 2017] _on_issue_err
[Tue Aug 8 13:31:45 UTC 2017] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Tue Aug 8 13:31:45 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug 8 13:31:45 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4"}'
[Tue Aug 8 13:31:45 UTC 2017] POST
[Tue Aug 8 13:31:45 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug 8 13:31:45 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:46 UTC 2017] _ret='0'
[Tue Aug 8 13:31:46 UTC 2017] code='400'
[Tue Aug 8 13:31:46 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug 8 13:31:46 UTC 2017] DOMAIN_PATH='/shared/letsencrypt/forum.solawi-dortmund.org'
[Tue Aug 8 13:31:46 UTC 2017] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug 8 13:31:46 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug 8 13:31:46 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Aug 8 13:31:46 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug 8 13:31:46 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Aug 8 13:31:46 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug 8 13:31:46 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Aug 8 13:31:46 UTC 2017] Le_NextRenewTime
[Tue Aug 8 13:31:46 UTC 2017] _on_before_issue
[Tue Aug 8 13:31:46 UTC 2017] Le_LocalAddress
[Tue Aug 8 13:31:46 UTC 2017] Check for domain='forum.solawi-dortmund.org'
[Tue Aug 8 13:31:46 UTC 2017] _currentRoot='/var/www/discourse/public'
[Tue Aug 8 13:31:46 UTC 2017] _saved_account_key_hash is not changed, skip register account.
[Tue Aug 8 13:31:46 UTC 2017] Read key length:4096
[Tue Aug 8 13:31:46 UTC 2017] _createcsr
[Tue Aug 8 13:31:46 UTC 2017] Single domain='forum.solawi-dortmund.org'
[Tue Aug 8 13:31:46 UTC 2017] Getting domain auth token for each domain
[Tue Aug 8 13:31:46 UTC 2017] Getting webroot for domain='forum.solawi-dortmund.org'
[Tue Aug 8 13:31:46 UTC 2017] _w='/var/www/discourse/public'
[Tue Aug 8 13:31:46 UTC 2017] _currentRoot='/var/www/discourse/public'
[Tue Aug 8 13:31:46 UTC 2017] Getting new-authz for domain='forum.solawi-dortmund.org'
[Tue Aug 8 13:31:46 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug 8 13:31:46 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Aug 8 13:31:46 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug 8 13:31:46 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Aug 8 13:31:46 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug 8 13:31:46 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Aug 8 13:31:46 UTC 2017] Try new-authz for the 0 time.
[Tue Aug 8 13:31:46 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug 8 13:31:46 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "forum.solawi-dortmund.org"}}'
[Tue Aug 8 13:31:46 UTC 2017] RSA key
[Tue Aug 8 13:31:46 UTC 2017] GET
[Tue Aug 8 13:31:46 UTC 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Tue Aug 8 13:31:46 UTC 2017] timeout
[Tue Aug 8 13:31:46 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:46 UTC 2017] ret='0'
[Tue Aug 8 13:31:46 UTC 2017] POST
[Tue Aug 8 13:31:46 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug 8 13:31:46 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:47 UTC 2017] _ret='0'
[Tue Aug 8 13:31:47 UTC 2017] code='201'
[Tue Aug 8 13:31:47 UTC 2017] The new-authz request is ok.
[Tue Aug 8 13:31:47 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486","token":"Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A"'
[Tue Aug 8 13:31:47 UTC 2017] token='Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A'
[Tue Aug 8 13:31:47 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug 8 13:31:47 UTC 2017] keyauthorization='Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4'
[Tue Aug 8 13:31:47 UTC 2017] dvlist='forum.solawi-dortmund.org#Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4#https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486#http-01#/var/www/discourse/public'
[Tue Aug 8 13:31:47 UTC 2017] vlist='forum.solawi-dortmund.org#Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4#https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486#http-01#/var/www/discourse/public,'
[Tue Aug 8 13:31:47 UTC 2017] ok, let's start to verify
[Tue Aug 8 13:31:47 UTC 2017] Verifying:forum.solawi-dortmund.org
[Tue Aug 8 13:31:47 UTC 2017] d='forum.solawi-dortmund.org'
[Tue Aug 8 13:31:47 UTC 2017] keyauthorization='Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4'
[Tue Aug 8 13:31:47 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug 8 13:31:47 UTC 2017] _currentRoot='/var/www/discourse/public'
[Tue Aug 8 13:31:47 UTC 2017] wellknown_path='/var/www/discourse/public/.well-known/acme-challenge'
[Tue Aug 8 13:31:47 UTC 2017] writing token:Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A to /var/www/discourse/public/.well-known/acme-challenge/Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A
[Tue Aug 8 13:31:47 UTC 2017] Changing owner/group of .well-known to discourse:discourse
[Tue Aug 8 13:31:47 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug 8 13:31:47 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4"}'
[Tue Aug 8 13:31:47 UTC 2017] POST
[Tue Aug 8 13:31:47 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug 8 13:31:47 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:48 UTC 2017] _ret='0'
[Tue Aug 8 13:31:48 UTC 2017] code='202'
[Tue Aug 8 13:31:48 UTC 2017] sleep 2 secs to verify
[Tue Aug 8 13:31:50 UTC 2017] checking
[Tue Aug 8 13:31:50 UTC 2017] GET
[Tue Aug 8 13:31:50 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug 8 13:31:50 UTC 2017] timeout
[Tue Aug 8 13:31:50 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:50 UTC 2017] ret='0'
[Tue Aug 8 13:31:50 UTC 2017] Pending
[Tue Aug 8 13:31:51 UTC 2017] sleep 2 secs to verify
[Tue Aug 8 13:31:53 UTC 2017] checking
[Tue Aug 8 13:31:53 UTC 2017] GET
[Tue Aug 8 13:31:53 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug 8 13:31:53 UTC 2017] timeout
[Tue Aug 8 13:31:53 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:53 UTC 2017] ret='0'
[Tue Aug 8 13:31:53 UTC 2017] Pending
[Tue Aug 8 13:31:53 UTC 2017] sleep 2 secs to verify
[Tue Aug 8 13:31:55 UTC 2017] checking
[Tue Aug 8 13:31:55 UTC 2017] GET
[Tue Aug 8 13:31:55 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug 8 13:31:55 UTC 2017] timeout
[Tue Aug 8 13:31:55 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:55 UTC 2017] ret='0'
[Tue Aug 8 13:31:55 UTC 2017] forum.solawi-dortmund.org:Verify error:Fetching http://forum.solawi-dortmund.org/.well-known/acme-challenge/Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A: Timeout
[Tue Aug 8 13:31:55 UTC 2017] pid
[Tue Aug 8 13:31:55 UTC 2017] No need to restore nginx, skip.
[Tue Aug 8 13:31:55 UTC 2017] _clearupdns
[Tue Aug 8 13:31:55 UTC 2017] skip dns.
[Tue Aug 8 13:31:55 UTC 2017] _on_issue_err
[Tue Aug 8 13:31:55 UTC 2017] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Tue Aug 8 13:31:55 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug 8 13:31:55 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4"}'
[Tue Aug 8 13:31:55 UTC 2017] POST
[Tue Aug 8 13:31:55 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug 8 13:31:55 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug 8 13:31:56 UTC 2017] _ret='0'
[Tue Aug 8 13:31:56 UTC 2017] code='400'
[Tue Aug 8 13:31:56 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug 8 13:31:56 UTC 2017] DOMAIN_PATH='/shared/letsencrypt/forum.solawi-dortmund.org'
[Tue Aug 8 13:31:56 UTC 2017] Installing key to:/shared/ssl/forum.solawi-dortmund.org.key
[Tue Aug 8 13:31:56 UTC 2017] Installing full chain to:/shared/ssl/forum.solawi-dortmund.org.cer
[Tue Aug 8 13:31:56 UTC 2017] Run reload cmd: sv reload nginx
[Tue Aug 8 13:31:56 UTC 2017] Reload error for :
You don’t have Discourse installed there (EDIT: if you access it by the IP). There is an nginx running there, which is preventing Discourse from accessing port 80. I’m guessing that you didn’t follow discourse/docs/INSTALL-cloud.md at main · discourse/discourse · GitHub or you’d have gotten a warning when you ran discourse-setup. (It could be that you subsequently installed nginx and have since rebooted so that nginx is now taking over port 80.
Or maybe you have an nginx in front as a reverse proxy. If that’s the case, the SSL problems are wtih nginx, not with Discourse.