Problem with my SSL certificate

craisp · August 2, 2017, 8:49am

Hi there

I have an issue with my SSL Setup.

I’m running a discourse app on a linode, DNS records are alright.

Back when I installed the app I followed this howto:

My ssl certificate expired yesterday, and I don’t know why it hadn’t got renewed.
I tried to rebuild the app, what works without errors, but in the logs I have

nginx: [emerg] PEM_read_bio_X509_AUX("/shared/ssl/MYDOMAIN.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

The certificate file is not written correctly:

ls -l /var/discourse/shared/standalone/ssl
total 4
-rw-r--r-- 1 root root    0 Aug  2 10:18 MYDOMAIN.cer
-rw-r--r-- 1 root root 3243 Aug  2 10:18 MYDOMAIN.key

In the acme.sh.log is this line:

MYDOMAIN:Verify error:Fetching http://MYDOMAIN/.well-known/acme-challenge/vo77X_i6E6fgkPJ1YwOQijTaE8Uys-5p-O_tn2XYIis: Timeout

Any ideas?

j.jaffeux · August 2, 2017, 8:58am

What do you get when you try to directly access http://MYDOMAIN/.well-known/acme-challenge/vo77X_i6E6fgkPJ1YwOQijTaE8Uys-5p-O_tn2XYIis ? watch your logs while doing it, might show something.

craisp · August 2, 2017, 3:40pm

Chrome gives me an ERR_CONNECTION_REFUSED

The nginx error.log gives me the missing .cer-file error every second:

2017/08/02 15:34:01 [emerg] 25058#25058: PEM_read_bio_X509_AUX("/shared/ssl/MYDOMAIN.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
2017/08/02 15:34:02 [emerg] 25061#25061: PEM_read_bio_X509_AUX("/shared/ssl/MYDOMAIN.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
2017/08/02 15:34:03 [emerg] 25063#25063: PEM_read_bio_X509_AUX("/shared/ssl/MYDOMAIN.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
2017/08/02 15:34:04 [emerg] 25065#25065: PEM_read_bio_X509_AUX("/shared/ssl/MYDOMAIN.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
2017/08/02 15:34:05 [emerg] 25067#25067: PEM_read_bio_X509_AUX("/shared/ssl/MYDOMAIN.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
2017/08/02 15:34:06 [emerg] 25069#25069: PEM_read_bio_X509_AUX("/shared/ssl/MYDOMAIN.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
2017/08/02 15:34:07 [emerg] 25071#25071: PEM_read_bio_X509_AUX("/shared/ssl/MYDOMAIN.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
2017/08/02 15:34:08 [emerg] 25073#25073: PEM_read_bio_X509_AUX("/shared/ssl/MYDOMAIN.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

What other log files should I check?

j.jaffeux · August 2, 2017, 3:48pm

Can you try both methods at the end of the first topic (try manual first and delete after if it still doesn’t work) :

craisp · August 2, 2017, 3:53pm

This is the section in my app.yml

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - "templates/web.ratelimited.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
  - "templates/web.ssl.template.yml"
  - "templates/web.letsencrypt.ssl.template.yml"

## which TCP/IP ports should this container expose?
## If you want Discourse to share a port with another webserver like Apache or nginx,
## see https://meta.discourse.org/t/17247 for details
expose:
  - "80:80"   # http
  - "443:443" # https

Are you talking about those two lines?

  - "templates/web.ssl.template.yml"
  - "templates/web.letsencrypt.ssl.template.yml"

What methods do you mean?

craisp · August 2, 2017, 9:06pm

Ah, sorry, now I get it.

1 Manually reissue:

/usr/sbin/nginx -c /etc/nginx/letsencrypt.conf
[...]
[Wed Aug  2 17:13:52 UTC 2017] GET
[Wed Aug  2 17:13:52 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/[...]'
[Wed Aug  2 17:13:52 UTC 2017] timeout
[Wed Aug  2 17:13:52 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Wed Aug  2 17:13:52 UTC 2017] ret='0'
[Wed Aug  2 17:13:52 UTC 2017] Pending
[Wed Aug  2 17:13:52 UTC 2017] sleep 2 secs to verify
[Wed Aug  2 17:13:54 UTC 2017] checking
[Wed Aug  2 17:13:54 UTC 2017] GET
[Wed Aug  2 17:13:54 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/[...]'
[Wed Aug  2 17:13:54 UTC 2017] timeout
[Wed Aug  2 17:13:55 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Wed Aug  2 17:13:55 UTC 2017] ret='0'
[Wed Aug  2 17:13:55 UTC 2017] Pending
[Wed Aug  2 17:13:55 UTC 2017] sleep 2 secs to verify
[Wed Aug  2 17:13:57 UTC 2017] checking
[Wed Aug  2 17:13:57 UTC 2017] GET
[Wed Aug  2 17:13:57 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/[...]'
[Wed Aug  2 17:13:57 UTC 2017] timeout
[Wed Aug  2 17:13:57 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Wed Aug  2 17:13:58 UTC 2017] ret='0'
[Wed Aug  2 17:13:58 UTC 2017] MYDOMAIN:Verify error:Fetching http://MYDOMAIN/.well-known/acme-challenge/[...]: Timeout
[Wed Aug  2 17:13:58 UTC 2017] Debug: get token url.
[Wed Aug  2 17:13:58 UTC 2017] GET
[Wed Aug  2 17:13:58 UTC 2017] url='http://MYDOMAIN/.well-known/acme-challenge/[...]'
[Wed Aug  2 17:13:58 UTC 2017] timeout='1'
[Wed Aug  2 17:13:58 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header  --connect-timeout 1'
[Wed Aug  2 17:13:59 UTC 2017] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
[Wed Aug  2 17:13:59 UTC 2017] ret='28'
[Wed Aug  2 17:13:59 UTC 2017] Debugging, skip removing: /var/www/discourse/public/.well-known
[Wed Aug  2 17:13:59 UTC 2017] pid
[Wed Aug  2 17:13:59 UTC 2017] No need to restore nginx, skip.
[Wed Aug  2 17:13:59 UTC 2017] _clearupdns
[Wed Aug  2 17:13:59 UTC 2017] skip dns.
[Wed Aug  2 17:13:59 UTC 2017] _on_issue_err
[Wed Aug  2 17:13:59 UTC 2017] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Wed Aug  2 17:13:59 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/[...]'
[Wed Aug  2 17:13:59 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "[...]"}'
[Wed Aug  2 17:13:59 UTC 2017] POST
[Wed Aug  2 17:13:59 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/[...]'
[Wed Aug  2 17:13:59 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Wed Aug  2 17:14:00 UTC 2017] _ret='0'
[Wed Aug  2 17:14:00 UTC 2017] code='400'
[Wed Aug  2 17:14:00 UTC 2017] nc doesn't exists.
[Wed Aug  2 17:14:00 UTC 2017] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2g  1 Mar 2016
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.12.1
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4)
built with OpenSSL 1.0.2g  1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_v2_module --with-http_sub_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads --add-module=/tmp/ngx_brotli
nc:

2 Removing cert files and rebuilding succeeds without errors, but doesn’t solve my ssl problem. Result is the same like before. Only the .key-file has content and the nginx emergency error comes every second.

craisp · August 8, 2017, 1:44pm

Does anyone have an idea, please?

I just tried again:

rm -rf /var/discourse/shared/standalone/ssl
rm -rf /var/discourse/shared/standalone/letsencrypt
./launcher rebuild app

This is the output of the acme.sh.log

$ cat shared/standalone/letsencrypt/acme.sh.log
[Tue Aug  8 13:30:43 UTC 2017] Lets find script dir.
[Tue Aug  8 13:30:43 UTC 2017] _SCRIPT_='./acme.sh'
[Tue Aug  8 13:30:43 UTC 2017] _script='/root/acme.sh/acme.sh'
[Tue Aug  8 13:30:43 UTC 2017] _script_home='/root/acme.sh'
[Tue Aug  8 13:30:43 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug  8 13:30:43 UTC 2017] It is recommended to install nc first, try to install 'nc' or 'netcat'.
[Tue Aug  8 13:30:43 UTC 2017] We use nc for standalone server if you use standalone mode.
[Tue Aug  8 13:30:43 UTC 2017] If you don't use standalone mode, just ignore this warning.
[Tue Aug  8 13:30:43 UTC 2017] Installing to /shared/letsencrypt
[Tue Aug  8 13:30:43 UTC 2017] Installed to /shared/letsencrypt/acme.sh
[Tue Aug  8 13:30:43 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug  8 13:30:43 UTC 2017] Using sed  -i
[Tue Aug  8 13:30:43 UTC 2017] Found profile: /root/.profile
[Tue Aug  8 13:30:43 UTC 2017] Installing alias to '/root/.profile'
[Tue Aug  8 13:30:43 UTC 2017] OK, Close and reopen your terminal to start using acme.sh
[Tue Aug  8 13:30:43 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug  8 13:30:43 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug  8 13:30:43 UTC 2017] Installing cron job
[Tue Aug  8 13:30:43 UTC 2017] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Aug  8 13:30:44 UTC 2017] OK
[Tue Aug  8 13:30:44 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug  8 13:30:44 UTC 2017] Installing from online archive.
[Tue Aug  8 13:30:44 UTC 2017] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Tue Aug  8 13:30:44 UTC 2017] GET
[Tue Aug  8 13:30:44 UTC 2017] url='https://github.com/Neilpang/acme.sh/archive/master.tar.gz'
[Tue Aug  8 13:30:44 UTC 2017] timeout
[Tue Aug  8 13:30:44 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:30:46 UTC 2017] ret='0'
[Tue Aug  8 13:30:46 UTC 2017] Extracting master.tar.gz
[Tue Aug  8 13:30:46 UTC 2017] Skip install cron job
[Tue Aug  8 13:30:46 UTC 2017] It is recommended to install nc first, try to install 'nc' or 'netcat'.
[Tue Aug  8 13:30:46 UTC 2017] We use nc for standalone server if you use standalone mode.
[Tue Aug  8 13:30:46 UTC 2017] If you don't use standalone mode, just ignore this warning.
[Tue Aug  8 13:30:46 UTC 2017] Installing to /shared/letsencrypt
[Tue Aug  8 13:30:46 UTC 2017] Installed to /shared/letsencrypt/acme.sh
[Tue Aug  8 13:30:46 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug  8 13:30:46 UTC 2017] Using sed  -i
[Tue Aug  8 13:30:46 UTC 2017] Found profile: /root/.profile
[Tue Aug  8 13:30:46 UTC 2017] Installing alias to '/root/.profile'
[Tue Aug  8 13:30:46 UTC 2017] OK, Close and reopen your terminal to start using acme.sh
[Tue Aug  8 13:30:46 UTC 2017] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Aug  8 13:30:46 UTC 2017] OK
[Tue Aug  8 13:30:46 UTC 2017] Install success!
[Tue Aug  8 13:30:46 UTC 2017] Upgrade success!
[Tue Aug  8 13:31:33 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug  8 13:31:33 UTC 2017] DOMAIN_PATH='/shared/letsencrypt/forum.solawi-dortmund.org'
[Tue Aug  8 13:31:33 UTC 2017] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug  8 13:31:33 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug  8 13:31:33 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Aug  8 13:31:33 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug  8 13:31:33 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Aug  8 13:31:33 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug  8 13:31:33 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Aug  8 13:31:33 UTC 2017] _on_before_issue
[Tue Aug  8 13:31:33 UTC 2017] Le_LocalAddress
[Tue Aug  8 13:31:33 UTC 2017] Check for domain='forum.solawi-dortmund.org'
[Tue Aug  8 13:31:33 UTC 2017] _currentRoot='/var/www/discourse/public'
[Tue Aug  8 13:31:33 UTC 2017] config file is empty, can not read CA_KEY_HASH
[Tue Aug  8 13:31:33 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug  8 13:31:33 UTC 2017] Use default length 2048
[Tue Aug  8 13:31:33 UTC 2017] length='2048'
[Tue Aug  8 13:31:33 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug  8 13:31:33 UTC 2017] Use length 2048
[Tue Aug  8 13:31:33 UTC 2017] Using RSA: 2048
[Tue Aug  8 13:31:33 UTC 2017] RSA key
[Tue Aug  8 13:31:33 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug  8 13:31:33 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Aug  8 13:31:33 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug  8 13:31:33 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Aug  8 13:31:33 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug  8 13:31:33 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Aug  8 13:31:33 UTC 2017] AGREEMENT
[Tue Aug  8 13:31:33 UTC 2017] Registering account
[Tue Aug  8 13:31:33 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug  8 13:31:33 UTC 2017] payload='{"resource": "new-reg", "agreement": ""}'
[Tue Aug  8 13:31:33 UTC 2017] GET
[Tue Aug  8 13:31:33 UTC 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Tue Aug  8 13:31:33 UTC 2017] timeout
[Tue Aug  8 13:31:33 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:33 UTC 2017] ret='0'
[Tue Aug  8 13:31:33 UTC 2017] POST
[Tue Aug  8 13:31:33 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug  8 13:31:33 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:34 UTC 2017] _ret='0'
[Tue Aug  8 13:31:34 UTC 2017] code='201'
[Tue Aug  8 13:31:34 UTC 2017] Registered
[Tue Aug  8 13:31:34 UTC 2017] _accUri='https://acme-v01.api.letsencrypt.org/acme/reg/19708985'
[Tue Aug  8 13:31:34 UTC 2017] _tos='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
[Tue Aug  8 13:31:34 UTC 2017] AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
[Tue Aug  8 13:31:34 UTC 2017] Update tos: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
[Tue Aug  8 13:31:34 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/reg/19708985'
[Tue Aug  8 13:31:34 UTC 2017] payload='{"resource": "reg", "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"}'
[Tue Aug  8 13:31:34 UTC 2017] POST
[Tue Aug  8 13:31:34 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/reg/19708985'
[Tue Aug  8 13:31:34 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:35 UTC 2017] _ret='0'
[Tue Aug  8 13:31:35 UTC 2017] code='202'
[Tue Aug  8 13:31:35 UTC 2017] Update account tos info success.
[Tue Aug  8 13:31:35 UTC 2017] Calc CA_KEY_HASH='TPAKOQuzF4DEwvO08enXxxtGMaZd+pMzlBJKdSPWjtI='
[Tue Aug  8 13:31:35 UTC 2017] ACCOUNT_THUMBPRINT='JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4'
[Tue Aug  8 13:31:35 UTC 2017] Read key length:
[Tue Aug  8 13:31:35 UTC 2017] Creating domain key
[Tue Aug  8 13:31:35 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug  8 13:31:35 UTC 2017] Use length 4096
[Tue Aug  8 13:31:35 UTC 2017] Using RSA: 4096
[Tue Aug  8 13:31:35 UTC 2017] The domain key is here: /shared/letsencrypt/forum.solawi-dortmund.org/forum.solawi-dortmund.org.key
[Tue Aug  8 13:31:35 UTC 2017] _createcsr
[Tue Aug  8 13:31:35 UTC 2017] Single domain='forum.solawi-dortmund.org'
[Tue Aug  8 13:31:35 UTC 2017] Getting domain auth token for each domain
[Tue Aug  8 13:31:35 UTC 2017] Getting webroot for domain='forum.solawi-dortmund.org'
[Tue Aug  8 13:31:35 UTC 2017] _w='/var/www/discourse/public'
[Tue Aug  8 13:31:35 UTC 2017] _currentRoot='/var/www/discourse/public'
[Tue Aug  8 13:31:35 UTC 2017] Getting new-authz for domain='forum.solawi-dortmund.org'
[Tue Aug  8 13:31:35 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug  8 13:31:35 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Aug  8 13:31:35 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug  8 13:31:35 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Aug  8 13:31:35 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug  8 13:31:35 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Aug  8 13:31:35 UTC 2017] Try new-authz for the 0 time.
[Tue Aug  8 13:31:35 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug  8 13:31:35 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "forum.solawi-dortmund.org"}}'
[Tue Aug  8 13:31:36 UTC 2017] POST
[Tue Aug  8 13:31:36 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug  8 13:31:36 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:36 UTC 2017] _ret='0'
[Tue Aug  8 13:31:36 UTC 2017] code='201'
[Tue Aug  8 13:31:36 UTC 2017] The new-authz request is ok.
[Tue Aug  8 13:31:36 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741","token":"pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M"'
[Tue Aug  8 13:31:36 UTC 2017] token='pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M'
[Tue Aug  8 13:31:36 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug  8 13:31:36 UTC 2017] keyauthorization='pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4'
[Tue Aug  8 13:31:36 UTC 2017] dvlist='forum.solawi-dortmund.org#pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4#https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741#http-01#/var/www/discourse/public'
[Tue Aug  8 13:31:36 UTC 2017] vlist='forum.solawi-dortmund.org#pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4#https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741#http-01#/var/www/discourse/public,'
[Tue Aug  8 13:31:36 UTC 2017] ok, let's start to verify
[Tue Aug  8 13:31:36 UTC 2017] Verifying:forum.solawi-dortmund.org
[Tue Aug  8 13:31:36 UTC 2017] d='forum.solawi-dortmund.org'
[Tue Aug  8 13:31:36 UTC 2017] keyauthorization='pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4'
[Tue Aug  8 13:31:36 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug  8 13:31:36 UTC 2017] _currentRoot='/var/www/discourse/public'
[Tue Aug  8 13:31:36 UTC 2017] wellknown_path='/var/www/discourse/public/.well-known/acme-challenge'
[Tue Aug  8 13:31:36 UTC 2017] writing token:pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M to /var/www/discourse/public/.well-known/acme-challenge/pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M
[Tue Aug  8 13:31:36 UTC 2017] Changing owner/group of .well-known to discourse:discourse
[Tue Aug  8 13:31:37 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug  8 13:31:37 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4"}'
[Tue Aug  8 13:31:37 UTC 2017] POST
[Tue Aug  8 13:31:37 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug  8 13:31:37 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:37 UTC 2017] _ret='0'
[Tue Aug  8 13:31:37 UTC 2017] code='202'
[Tue Aug  8 13:31:37 UTC 2017] sleep 2 secs to verify
[Tue Aug  8 13:31:39 UTC 2017] checking
[Tue Aug  8 13:31:39 UTC 2017] GET
[Tue Aug  8 13:31:39 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug  8 13:31:39 UTC 2017] timeout
[Tue Aug  8 13:31:39 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:40 UTC 2017] ret='0'
[Tue Aug  8 13:31:40 UTC 2017] Pending
[Tue Aug  8 13:31:40 UTC 2017] sleep 2 secs to verify
[Tue Aug  8 13:31:42 UTC 2017] checking
[Tue Aug  8 13:31:42 UTC 2017] GET
[Tue Aug  8 13:31:42 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug  8 13:31:42 UTC 2017] timeout
[Tue Aug  8 13:31:42 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:42 UTC 2017] ret='0'
[Tue Aug  8 13:31:42 UTC 2017] Pending
[Tue Aug  8 13:31:42 UTC 2017] sleep 2 secs to verify
[Tue Aug  8 13:31:44 UTC 2017] checking
[Tue Aug  8 13:31:44 UTC 2017] GET
[Tue Aug  8 13:31:44 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug  8 13:31:44 UTC 2017] timeout
[Tue Aug  8 13:31:44 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:45 UTC 2017] ret='0'
[Tue Aug  8 13:31:45 UTC 2017] forum.solawi-dortmund.org:Verify error:Fetching http://forum.solawi-dortmund.org/.well-known/acme-challenge/pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M: Timeout
[Tue Aug  8 13:31:45 UTC 2017] pid
[Tue Aug  8 13:31:45 UTC 2017] No need to restore nginx, skip.
[Tue Aug  8 13:31:45 UTC 2017] _clearupdns
[Tue Aug  8 13:31:45 UTC 2017] skip dns.
[Tue Aug  8 13:31:45 UTC 2017] _on_issue_err
[Tue Aug  8 13:31:45 UTC 2017] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Tue Aug  8 13:31:45 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug  8 13:31:45 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "pHO2V_3h4vxW0j0ijXIR1b5sMQHJW1eFgJqWq6bQt8M.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4"}'
[Tue Aug  8 13:31:45 UTC 2017] POST
[Tue Aug  8 13:31:45 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/h_7JAg1Dk8DjsLWJBIE03kx6cfqJgoyLzcqtxyyNlFU/1709182741'
[Tue Aug  8 13:31:45 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:46 UTC 2017] _ret='0'
[Tue Aug  8 13:31:46 UTC 2017] code='400'
[Tue Aug  8 13:31:46 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug  8 13:31:46 UTC 2017] DOMAIN_PATH='/shared/letsencrypt/forum.solawi-dortmund.org'
[Tue Aug  8 13:31:46 UTC 2017] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug  8 13:31:46 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug  8 13:31:46 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Aug  8 13:31:46 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug  8 13:31:46 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Aug  8 13:31:46 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug  8 13:31:46 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Aug  8 13:31:46 UTC 2017] Le_NextRenewTime
[Tue Aug  8 13:31:46 UTC 2017] _on_before_issue
[Tue Aug  8 13:31:46 UTC 2017] Le_LocalAddress
[Tue Aug  8 13:31:46 UTC 2017] Check for domain='forum.solawi-dortmund.org'
[Tue Aug  8 13:31:46 UTC 2017] _currentRoot='/var/www/discourse/public'
[Tue Aug  8 13:31:46 UTC 2017] _saved_account_key_hash is not changed, skip register account.
[Tue Aug  8 13:31:46 UTC 2017] Read key length:4096
[Tue Aug  8 13:31:46 UTC 2017] _createcsr
[Tue Aug  8 13:31:46 UTC 2017] Single domain='forum.solawi-dortmund.org'
[Tue Aug  8 13:31:46 UTC 2017] Getting domain auth token for each domain
[Tue Aug  8 13:31:46 UTC 2017] Getting webroot for domain='forum.solawi-dortmund.org'
[Tue Aug  8 13:31:46 UTC 2017] _w='/var/www/discourse/public'
[Tue Aug  8 13:31:46 UTC 2017] _currentRoot='/var/www/discourse/public'
[Tue Aug  8 13:31:46 UTC 2017] Getting new-authz for domain='forum.solawi-dortmund.org'
[Tue Aug  8 13:31:46 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Tue Aug  8 13:31:46 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Tue Aug  8 13:31:46 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug  8 13:31:46 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Tue Aug  8 13:31:46 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Tue Aug  8 13:31:46 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Tue Aug  8 13:31:46 UTC 2017] Try new-authz for the 0 time.
[Tue Aug  8 13:31:46 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug  8 13:31:46 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "forum.solawi-dortmund.org"}}'
[Tue Aug  8 13:31:46 UTC 2017] RSA key
[Tue Aug  8 13:31:46 UTC 2017] GET
[Tue Aug  8 13:31:46 UTC 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Tue Aug  8 13:31:46 UTC 2017] timeout
[Tue Aug  8 13:31:46 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:46 UTC 2017] ret='0'
[Tue Aug  8 13:31:46 UTC 2017] POST
[Tue Aug  8 13:31:46 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Aug  8 13:31:46 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:47 UTC 2017] _ret='0'
[Tue Aug  8 13:31:47 UTC 2017] code='201'
[Tue Aug  8 13:31:47 UTC 2017] The new-authz request is ok.
[Tue Aug  8 13:31:47 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486","token":"Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A"'
[Tue Aug  8 13:31:47 UTC 2017] token='Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A'
[Tue Aug  8 13:31:47 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug  8 13:31:47 UTC 2017] keyauthorization='Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4'
[Tue Aug  8 13:31:47 UTC 2017] dvlist='forum.solawi-dortmund.org#Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4#https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486#http-01#/var/www/discourse/public'
[Tue Aug  8 13:31:47 UTC 2017] vlist='forum.solawi-dortmund.org#Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4#https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486#http-01#/var/www/discourse/public,'
[Tue Aug  8 13:31:47 UTC 2017] ok, let's start to verify
[Tue Aug  8 13:31:47 UTC 2017] Verifying:forum.solawi-dortmund.org
[Tue Aug  8 13:31:47 UTC 2017] d='forum.solawi-dortmund.org'
[Tue Aug  8 13:31:47 UTC 2017] keyauthorization='Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4'
[Tue Aug  8 13:31:47 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug  8 13:31:47 UTC 2017] _currentRoot='/var/www/discourse/public'
[Tue Aug  8 13:31:47 UTC 2017] wellknown_path='/var/www/discourse/public/.well-known/acme-challenge'
[Tue Aug  8 13:31:47 UTC 2017] writing token:Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A to /var/www/discourse/public/.well-known/acme-challenge/Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A
[Tue Aug  8 13:31:47 UTC 2017] Changing owner/group of .well-known to discourse:discourse
[Tue Aug  8 13:31:47 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug  8 13:31:47 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4"}'
[Tue Aug  8 13:31:47 UTC 2017] POST
[Tue Aug  8 13:31:47 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug  8 13:31:47 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:48 UTC 2017] _ret='0'
[Tue Aug  8 13:31:48 UTC 2017] code='202'
[Tue Aug  8 13:31:48 UTC 2017] sleep 2 secs to verify
[Tue Aug  8 13:31:50 UTC 2017] checking
[Tue Aug  8 13:31:50 UTC 2017] GET
[Tue Aug  8 13:31:50 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug  8 13:31:50 UTC 2017] timeout
[Tue Aug  8 13:31:50 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:50 UTC 2017] ret='0'
[Tue Aug  8 13:31:50 UTC 2017] Pending
[Tue Aug  8 13:31:51 UTC 2017] sleep 2 secs to verify
[Tue Aug  8 13:31:53 UTC 2017] checking
[Tue Aug  8 13:31:53 UTC 2017] GET
[Tue Aug  8 13:31:53 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug  8 13:31:53 UTC 2017] timeout
[Tue Aug  8 13:31:53 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:53 UTC 2017] ret='0'
[Tue Aug  8 13:31:53 UTC 2017] Pending
[Tue Aug  8 13:31:53 UTC 2017] sleep 2 secs to verify
[Tue Aug  8 13:31:55 UTC 2017] checking
[Tue Aug  8 13:31:55 UTC 2017] GET
[Tue Aug  8 13:31:55 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug  8 13:31:55 UTC 2017] timeout
[Tue Aug  8 13:31:55 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:55 UTC 2017] ret='0'
[Tue Aug  8 13:31:55 UTC 2017] forum.solawi-dortmund.org:Verify error:Fetching http://forum.solawi-dortmund.org/.well-known/acme-challenge/Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A: Timeout
[Tue Aug  8 13:31:55 UTC 2017] pid
[Tue Aug  8 13:31:55 UTC 2017] No need to restore nginx, skip.
[Tue Aug  8 13:31:55 UTC 2017] _clearupdns
[Tue Aug  8 13:31:55 UTC 2017] skip dns.
[Tue Aug  8 13:31:55 UTC 2017] _on_issue_err
[Tue Aug  8 13:31:55 UTC 2017] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Tue Aug  8 13:31:55 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug  8 13:31:55 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "Q2bhAzm_Xse9hq25jeEMpApI8iRwERAXpJuFZTzIV0A.JVB0unwxG8pbbxFWKgB0A6czKZAc51kTBTE-hi3YGt4"}'
[Tue Aug  8 13:31:55 UTC 2017] POST
[Tue Aug  8 13:31:55 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/hIfdrk5kRW6FlrDkNyDQhvaTIH7nadenCItJtI-SUCM/1709183486'
[Tue Aug  8 13:31:55 UTC 2017] _CURL='curl -L --silent --dump-header /shared/letsencrypt/http.header '
[Tue Aug  8 13:31:56 UTC 2017] _ret='0'
[Tue Aug  8 13:31:56 UTC 2017] code='400'
[Tue Aug  8 13:31:56 UTC 2017] Using config home:/shared/letsencrypt
[Tue Aug  8 13:31:56 UTC 2017] DOMAIN_PATH='/shared/letsencrypt/forum.solawi-dortmund.org'
[Tue Aug  8 13:31:56 UTC 2017] Installing key to:/shared/ssl/forum.solawi-dortmund.org.key
[Tue Aug  8 13:31:56 UTC 2017] Installing full chain to:/shared/ssl/forum.solawi-dortmund.org.cer
[Tue Aug  8 13:31:56 UTC 2017] Run reload cmd: sv reload nginx
[Tue Aug  8 13:31:56 UTC 2017] Reload error for :

tgxworld · August 16, 2017, 7:31am

Is your domain’s IPv6 address configured correctly? We had a similar issue previously

craisp · August 16, 2017, 9:23pm

Thanks for your answer !

That was indeed also my problem.

End of last week I deactivated the IPv6 entry for my site and then it worked again.

yooxinz · February 20, 2019, 4:20pm

I have same trouble. But I don’t know how to deactivated the IPv6 entry.

craisp · February 20, 2019, 4:22pm

Delete or disable the AAAA record for your discourse domain.

yooxinz · February 20, 2019, 4:28pm

I didn’t find any AAAA records on the DNS resolution panel

pfaffman · February 20, 2019, 4:43pm

Without your hostname there is little anyone can do but guess at your problem.

yooxinz · February 20, 2019, 4:49pm

forum.choerodon.io is my discourse domain

pfaffman · February 20, 2019, 5:02pm

You don’t have Discourse installed there (EDIT: if you access it by the IP). There is an nginx running there, which is preventing Discourse from accessing port 80. I’m guessing that you didn’t follow discourse/docs/INSTALL-cloud.md at main · discourse/discourse · GitHub or you’d have gotten a warning when you ran discourse-setup. (It could be that you subsequently installed nginx and have since rebooted so that nginx is now taking over port 80.

Or maybe you have an nginx in front as a reverse proxy. If that’s the case, the SSL problems are wtih nginx, not with Discourse.

yooxinz · February 21, 2019, 1:31am

I install a nginx to forward the request to discourse. After I replaced the generated SSL certificate, discourse was running normally.

I want to know how to resume the automatic renewal of discourse certificate

JammyDodger · June 8, 2024, 12:37pm

This topic was automatically closed after 2502 days. New replies are no longer allowed.

Topic		Replies	Views
Not able to access site after letsencrypt cert expiry and rebuild due to IPV6 Support	10	2930	June 8, 2024
Discourse setup completed successfully but not working due to SSL error Support	6	199	December 18, 2024
Let's encrypt auto renewal and ipv6 Support	6	926	July 1, 2020
Let's Encrypt renewal errors Installation	11	1798	February 22, 2020
Installation produced broken, zero byte certificate Installation letsencrypt	10	2125	September 14, 2022

Problem with my SSL certificate

Related topics