SSL error when customizing nginx: The certificate is not trusted in all web browsers

Bcat · September 10, 2021, 2:14pm

I changed some settings to serve other work on the same discourse server.

Some browsers show SSL notification when accessing the website (white page)

FIle: /var/discourse/containers/app.yml

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - "templates/web.ratelimited.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
  # - "templates/web.ssl.template.yml"
  # - "templates/web.letsencrypt.ssl.template.yml"
  - "templates/web.socketed.template.yml"

The auto ssl generation function doesn’t run on change like above so I manually do it like this

cd /var/discourse
./launcher enter app
"/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" --force
exit

Then systemctl restart nginx

Is my nginx conf

server {
    listen 443 ssl http2;

    ssl on;

    ssl_certificate         /var/discourse/shared/standalone/letsencrypt/thuvienmuasam.com/thuvienmuasam.com.cer;
    ssl_certificate_key     /var/discourse/shared/standalone/letsencrypt/thuvienmuasam.com/thuvienmuasam.com.key;

Last time was fine but this time it’s error like above

Tell me did I do it right?

Bcat · September 12, 2021, 2:58am

I’m aware that this question was asked about 6 months ago. So, in case you’re still searching for the solution, you might wanna try the following:

Copy the ca-bundle content (cert) and paste it after your domain cert in the Certificate (CRT) field .

Yes, this means that there are 2 certs in your CRT field (domain and ca-bundle) as example below:

Certificate (CRT)

-----BEGIN CERTIFICATE-----

(domain cert)

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

(ca-bundle cert)

-----END CERTIFICATE-----

File here: /var/discourse/shared/standalone/letsencrypt/thuvienmuasam.com

If this works, it’s just how the cert is installed at your hosting provider.

system · October 12, 2021, 2:58am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I can't set nginx: [emerg] cannot load certificate "/var/discourse/shared/standalone/ssl/ssl.crt": BIO_new_file() failed Installation	12	5600	August 20, 2020
Discourse website not loading after installation without enabling Let's Encrypt Installation	17	2634	April 9, 2020
Problem in installing Let's Encrypt SSL for www and non-www Installation	12	4615	September 8, 2023
Site URLs showing as insecure/not using HTTPS? Installation	0	138	April 2, 2024
SSL working on root, but not on www Support	29	4100	December 30, 2021

SSL error when customizing nginx: The certificate is not trusted in all web browsers

Related topics