I just updated this as the old version no longer worked. I tested it on two sites, so I think it should be good.
3 Likes
EDIT: Found a fix, ignore all the below, but leaving here for future people. Leaving the fix at the very bottom.
Just stumbled upon this thread. So, my site is: forums.mysite.me. I have 3 domains in my NGINX config and my domain provider that I am using DNS CNAME’s for that are coming back as insecure:
mysite.me
www.mysite.me
forum.mysite.me (without the "s" if someone misspells or guesses the URL)
Do I use my base domain in the config that’s in the original post? Or how do I set it up for all 3?
after_ssl:
# tell letsencrypt what additional certs to get
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--keylength/
to: "-d forums.mysite.me --keylength"
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--fullchainpath/
to: "-d forums.mysite.me --fullchainpath"
I’m confused because the first “replace” section has a from: /--keylength/ and the one under it has from: /--fullchainpath/. So, do I make 2 entries like that for each of those 3 URLs I listed or?..Or would it be this?
after_ssl:
# tell letsencrypt what additional certs to get
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--keylength/
to: "-d mysite.me -d www.mysite.me -d forum.mysite.me --keylength"
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--fullchainpath/
to: "-d mysite.me -d www.mysite.me -d forum.mysite.me --fullchainpath"
^ Yes, the above box right here was the fix for multiple sites/LetsEncrypt. So excited.
1 Like
Yes. There are two different replacements in the file that need to be updated with the hostnames.
Isn’t that what the post at the top gave you when you entered the names as described?
How can we edit the OP so that it’s not confusing?
1 Like
Personally, I’d say to move that above the input box, so you see it as you’re typing.
The post gave that, yeah, but I didn’t understand it because
Why doesn’t the “of you need to add multiple domains” section that I quoted answer that?
1 Like
OK. How about this:
and then after the code to be copied, it continues:
Does that make sense?
1 Like
I think it’s just easiest to put the actual code with multiple sites as the example that I used above:
after_ssl:
# tell letsencrypt what additional certs to get
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--keylength/
to: "-d mysite.me -d www.mysite.me --keylength"
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--fullchainpath/
to: "-d mysite.me -d www.mysite.me --fullchainpath"
I think that most people will want to add only one extra domain, so my way is easier and provides a simple way to get the exact text that you need without having to make any edits to it.
Maybe it is still clear that if your site is discourse.y.com and you want certificates for discourse.y.com and y.com you need only enter y.com in the “domain2” field and click the copy icon?
In your example, if you have configured your Discourse to be mysite.com, you do not need the -d mysite.me part in your example (or if your site is www.mysite.me you need only the -d mysite.me part).
3 Likes
in what file is this code being added please?
1 Like
The code should be added to near the end of your app.yml file, in the hooks section:
3 Likes
18 posts were split to a new topic: Let’s Encrypte with multiple domains wasn’t working for ECC certs
Do I still need the two other code snippet replacements or is this new code snippet all I need?
I added it and recompiled but I still get SSL privacy error when going to one of the https domains I want redirected.
When looking at cert its common name is forum.domain.com, with O and OU not part of certificate.
I am trying to get https://domain.com and https://www.domain.com redirected to https://forum.domain.com.
When using http://domain.com and http://www.domain.com, it redirects correctly to https://forum.domain.com.
What did you insert? What does your after_ssl stanza look like?
Looks like this (Changed the actual domain name)
after_ssl:
- replace:
filename: /etc/runit/1.d/letsencrypt
from: /-d forum.mydomain.com /
to: -d forum.mydomain.com -d www.mydomain.com -d mydomain.com
global: true
I also added this
LETSENCRYPT_ALTERNATE_NAMES: mydomain.com,www.mydomain.com
Browser error is
net::ERR_CERT_COMMON_NAME_INVALID
Do the names all resolve? Do they not have cloudflare in front of them? Have you hit rate limits? You can look in the container and run /etc/runit/1.d/letsencrypt and see what happens
All names resolve, no cloudflare, hitrates should be fine.
Here is the result of running letsencrypt;
(Domain name replaced)
/var/www/discourse# /etc/runit/1.d/letsencrypt
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
[Tue Apr 29 04:02:13 PM UTC 2025] Unknown parameter : 4096
[Tue Apr 29 04:02:13 PM UTC 2025] Installing key to: /shared/ssl/forum.domain.com.key
[Tue Apr 29 04:02:13 PM UTC 2025] Installing full chain to: /shared/ssl/forum.domain.com.cer
[Tue Apr 29 04:02:13 PM UTC 2025] Run reload cmd: sv reload nginx
ok: run: nginx: (pid 429) 10662s
[Tue Apr 29 04:02:13 PM UTC 2025] Reload success
[Tue Apr 29 04:02:13 PM UTC 2025] Unknown parameter : ec-256
[Tue Apr 29 04:02:14 PM UTC 2025] Installing key to: /shared/ssl/forum.domain.com_ecc.key
[Tue Apr 29 04:02:14 PM UTC 2025] Installing full chain to: /shared/ssl/forum.domain.com_ecc.cer
[Tue Apr 29 04:02:14 PM UTC 2025] Run reload cmd: sv reload nginx
ok: run: nginx: (pid 429) 10663s
[Tue Apr 29 04:02:14 PM UTC 2025] Reload success
I looked inside the file, here is a fun one
issue_cert() {
LE_WORKING_DIR="${LETSENCRYPT_DIR}" /shared/letsencrypt/acme.sh --issue $2 -d forum.domain.com -d www.domain.com -d domain.com--keylength $1 -w /var/www/discourse/public
}
Looks like there is missing a space between the last domain and --keylength ?
domain.com--keylength
Fixing that solved the problem, thank you for the help
I assume the fix should be to add / to the to: field as well?
after_ssl:
- replace:
filename: /etc/runit/1.d/letsencrypt
from: /-d forum.domain.com /
to: "-d forum.domain.com -d www.domain.com "
global: true
It should be quotes, not slashes. I edited your post and the OP. What you have now should work.