Setting up HTTPS support with Let's Encrypt


Just wanted to make sure, I’ve already spent more than 8 hours trying to fix my issue: Why is the Apple Touch Icon loaded via HTTP instead of HTTPS?

Thanks for replying!

(Adam) #379

That was it. Thanks!

(Camilo Berneri) #380


I have done everything of this tutorial an it worked (i think)

but i have this lock in my https, what means? please help

1 Like
(Joshua Rosenfeld) #381

Hi Camilo,

I cannot load to take a look as it appears you’re redirecting to a SSO provider. However, I can load and am seeing the secure padlock.

If you click on the padlock with the warning icon, Firefox should give you more details.

1 Like
(Shannii) #382

I’m really new to this, but I’m stuck at this stage and I cannot, for the life of me, rebuild!

(Keith John Hutchison) #383

What have you tried?
Do you have shell access to the server?

(Shannii) #384

I’m using DigitalOcean and I do have access to the console. I got to this point and I just couldn’t do anything else!

Forgive me: I don’t have any experience. I’m trying to start a discourse for my writing blog, haha!

(Keith John Hutchison) #385

We used one of our email addresses for our domain. You could put your own email address in to start with then continue on with the build.


I’m using Discourse on a one-click droplet by DigitalOcean. Is there any way to have certificates automatically renewed instead of having to do it manually every three months?

I’m not very savvy. Thanks!

(Shannii) #387

Yeah haha I put my email address in, but I can’t seem to go on any further

(Jay Pfaffman) #388

They renew automatically.

What happens after discourse-setup takes your information and starts the rebuild? Does your domain name point to your server? Do you have something else in the way (e.g., cloudflare)?

(Shannii) #389

It was actually just a glitch with DigitalOcean! All sorted now! I contacted support and they walked me through how to fix it. There was actually no way to move on!


I have a vanilla discourse that I just setup using the digital ocean droplet running but my browsers indicate that parts of the page are insecure due to images:

These are literally you’re images that are causing the insecurity? I had uploaded logos prior and deleted all of them thinking that was somehow the problem but… nope… the discourse logos are now the problem… what’s going on?

(Stephen) #392

No, it’s because you haven’t enabled force_https. Once you do Discourse will refer to those assets using https.

You need to enable that setting once you have configured https and tested it. It’s not automatic.

(Camilo Berneri) #393

where do you enabled that?¿

1 Like
(Keith John Hutchison) #394

Assuming you have admin rights.



Okay, thank you Stephen! Gosh, I was really scratching my head because of this part of @tgxworld original post:

5. Adjust your dependencies for HTTPS

  • Check that all shared resources such as images, logos, third party JavaScript dependencies, etc, are all linked via https:// and not http://
  • Check all your social logins and make sure they are pointing to the https:// and not http:// versions of your site’s authentication URLs.
  • If you are using a CDN, you will need to switch your CDN to use https:// and not http:// to pull resources.
  • If your browser does not show any warnings in its f12 console in the security about insecure assets:… you are now ready to force HTTPS by going toAdmin :arrow_right: site settings :arrow_right: force https

You really might want to update that section to reflect the instructions for setting up HTTPS because apparently I did everything right but the current instructions make it seem like I did something wrong because the default images were causing an insecurity error. I just toggled Force HTTPS and everything works (the instructions had me thinking I was going to wreck my install because of “insecure” images).

Anyhow, thanks again! I’m the new happy owner of a HTTPS Discourse!

(Camilo Berneri) #397

thanks @csmu

20 characters to send message