SSL error when customizing nginx: The certificate is not trusted in all web browsers

I changed some settings to serve other work on the same discourse server.

Some browsers show SSL notification when accessing the website (white page)

FIle: /var/discourse/containers/app.yml

  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - "templates/web.ratelimited.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
  # - "templates/web.ssl.template.yml"
  # - "templates/web.letsencrypt.ssl.template.yml"
  - "templates/web.socketed.template.yml"

The auto ssl generation function doesn’t run on change like above so I manually do it like this

cd /var/discourse
./launcher enter app
"/shared/letsencrypt"/ --cron --home "/shared/letsencrypt" --force

Then systemctl restart nginx

Is my nginx conf

server {
    listen 443 ssl http2;

    ssl on;

    ssl_certificate         /var/discourse/shared/standalone/letsencrypt/;
    ssl_certificate_key     /var/discourse/shared/standalone/letsencrypt/;

Last time was fine but this time it’s error like above

Tell me did I do it right?

I’m aware that this question was asked about 6 months ago. So, in case you’re still searching for the solution, you might wanna try the following:

  • Copy the ca-bundle content (cert) and paste it after your domain cert in the Certificate (CRT) field .

Yes, this means that there are 2 certs in your CRT field (domain and ca-bundle) as example below:

Certificate (CRT)


(domain cert)



(ca-bundle cert)


File here: /var/discourse/shared/standalone/letsencrypt/

If this works, it’s just how the cert is installed at your hosting provider.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.