Setting up Let’s Encrypt with Multiple Domains

Unfortunately disabling ssl did not work and I dont know why :frowning: (more info in post above)

Do you still have port 80 exposed?

Yes, 80 is exposed. Even if discourse should work only on 80 it keep redirecting me to https and I dont know why.

If your browser once found https it will want it forever. You might try another browser or perhaps clear your cache.

Ok, now for sure discourse in multisite without SSL works.

After rebuild and changes made to ssl (config above) secondsite get redirection to first site :frowning:
I clear all data in browser and problem still exist.

Here’s my tests discourse installation: -

Inside the container, have a look at /etc/nginx/conf.d/discourse.conf and see what the rewrite shows. Maybe the replace is not working correctly anymore?

Also, what if this failed before and you now have cached certs?

See this comment about using FORCE=1

1 Like

In the /etc/runit/1.d/letsencrypt I only found my 1st domain and also in discourse.conf there is no changes made in app.yml ;(

Is there any other solution to replace this by app.yml?

Perhaps there is a problem with your app.yml then? I believe it can be sensitive to formatting. Double check for space/tabs in the wrong place, indenting, etc.

Maybe the blank line between the after_ssl and the - replace: matters?


    - replace:
        filename: "/etc/runit/1.d/letsencrypt"
        from: /-k 4096 -w \/var\/www\/discourse\/public/
        to: |
           -d -d -d -d -k 4096 -w /var/www/discourse/public

(from your earlier pastebin)

This is the most appropriate way I have found.


hi, I was follow your guide step by step but I can’t find nginx folder and discourse.conf file. My current installation works fine without www (and I want keep that url as main hostname), but if I visit my domain with “www” it doesn’t work and I get an error (you can see it here)

I installed discourse from docker in ubuntu 18 VPS (Digital Ocean). As I said, I want to use as main hostname but I also want ‘www’ working, redirecting to .

ps. I already added an A record “www” pointing to my server IP.

One question, we just moved domains from domain1 to domain2
Because domain1 was using SSL I’m having HSTS problems with the redirect so assumed this (the above) would help.

I followed the instructions and everything appears to be setup correctly. If I cat /etc/runit/1.d/letsencrypt in the container i see the additional domains etc.

But when I visit my i’m still getting a bad SSL HSTS issue. Any ideas? Am I barking up the wrong tree?

I was trying to avoid having to host a separate apache or nginx instance for just 301 redirects.

Can I safely do it on an existing forum ? Do I have to do the same steps or not?

I’ve just done it on two (existing) sites and the updated app.yml additions seem to work fine!

@brahn thanks for documenting this, it was really useful!

The first post should really be converted to a wiki so these additions can be kept up-to-date.


Good idea! It is now a wiki!


Thanks Jeff, I’ve updated the first post with @brahn’s updates from Jul '17


Got a suspicion something’s changed here, this script no longer works fully. One of my subdomains isn’t working anymore. I’ll investigate when I have more time. But FYI and perhaps someone will know something …


Yeah, looks like the web.letsencrypt.ssl.template.yml has changed recently and the after_ssl replace hook will no longer work. Unless someone else fixes it first I will eventually get to it but I am swamped at the moment so it might take a few weeks.


Since this commit from @gerhard the subject alternate names are no longer added due to the implementation of ECC. This effectively breaks any multisite installations which use the above method. cc:@sam


:crying_cat_face: A site that I just attempted to upgrade is no longer getting certs at all.

EDIT: Just saw @gerhard’s edit. I’ll give it a shot in a minute and report back.

1 Like

Yeah, the edit in the OP is untested, but I think it should work. I’d like to make this less fragile… maybe I can add some kind of env variable for all the hostnames, so that the hacky replace isn’t needed anymore.

And sorry for the problems this new elliptic curve certificate caused. I didn’t know that this Howto topic existed, otherwise I would have been more careful. :blush:


Thanks, @gerhard! I can confirm that it works!

The site that I just upgraded works for both and (which redirects to apex domain).