Yes, read this post.
I just enabled Let’s Encrypt and SSL appears to be working, but there is an error in the console I don’t understand, and don’t know whether it’s related to SSL. Link below.
Note, the error takes a minute or two before it appears in my console.
This is the error I get in chrome console:
9/t/morning-i-ll-check/19:1 Failed to load
Request header field X-CSRF-Token is not allowed by
Access-Control-Allow-Headers in preflight response.
Something’s triggering a CORS preflight, which shouldn’t be happening because it’s all on the same domain, right?
Yes, all on the same domain. There aren’t any external links, only images that were uploaded, and later edited out. Social media is not set up.
I played around with this test thread quite a bit. There were two image uploads, which I later removed from the post. I also turned a post into a wiki, and then switched the wiki off again. Just wondering whether something got messed up with all the editing. The thread is only for learning how to edit posts. It can be deleted.
Any ideas how to trace the error?
@tgxworld, Is it sufficient to force https from Discourse web admin, or do I still need to do that from the command line, as shown in the original post above?
> admin → site settings → force https
Doing it from the web interface is the same thing.
hello dear community,
I did run the .discourse-setup on my http discourse instance(QA one). But now the forum is not available.
when I check the logs I find this message:
nginx: [emerg] PEM_read_bio_X509_AUX("/shared/ssl/ec2-18-219-191-17.us-east-2.compute.amazonaws.com.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
I understand the certificates generated by let’s encrypt is not good.
I try to remove them and rebuild the container but I get the same error.
Do you have an idea how to proceed to troubleshoot the certificate quality?
Does your domain name point to your web site and only your web site?
Hello Jay, not sure what is the right answer. The domain name we use to connect to Discourse website is the DNS name given by Amazon AWS to the virtual server.
LetsEncrypt won’t work with the default AWS domain, because it’ll hit their rate limits. You’re going to need a domain name that isn’t shared with thousands of other people.
OK, thanks a lot for the feedback, I have ordered a domain name. Hopefully it’s not too difficult to make my current Discourse instance to use it…
I have now a domain. I relaunched the setup, I had also to fine tune the A Name and C Name and now it’s fine, thanks a lot for the help!
Do you confirm the renewal of the certificate every 90 days will be automatic ?
That’s right. It’ll renew automatically. You won’t even know.
Funcionou como uma beleza! Muito obrigado!!
I migrated successfully my forum this weekend, Now I see that the attachment in topics are broken. Just making an edit save solve the issue but I cannot edit all the topics.
Is there a more “industrial” way to update all the links ?
rake posts:rebake. If you have a huge forum, it’s worth trying to rebake only selected posts. If you have only a few tens of thousands of posts, you might not bother.
Will ./launcher rebuild app automatically set up let’s encrypt if I include a let’s encrypt e-mail in the app.yml file the same as if I included the let’s encrypt e-mail during discourse-setup? Or, do I run discourse-setup again even though I have a fully functioning discourse running. Will discourse-setup update my existing discourse to use let’s encrypt? I was hoping ./launcher rebuild app would do the job. Is it even possible to use the fully automated approach once discourse is already set up?
I don’t think so… not sure entirely though, as I’d have to look at ./discourse-setup, but I think there are additional tweaks to the app.yml that are necessary.
You should be able to just run ./discourse-setup again, fill it out appropriately (including LetsEncrypt email) and it should update your existing install to use LetsEncrypt
Great, thanks. That’s what I was hoping; that just running discourse-setup again would work but the documentation says just running that again would ignore any changes to the app.yml file. But maybe discourse-setup will ask me about let’s encrypt so that’s why it might work. I’ll try it out, thanks.
Yes. In addition to setting the Let’s Encrypt email address, it also uncomments the two templates needed by let’s encrypt. If you found the email address place in
app.yml, then look up near the top and it should be “obvious”.
If you added the email address by hand I don’t promise that
discourse-setup will figure out that it needs to uncomment those lines. You’re on your own.
Hmm. Where does it say that?