The cert for my discourse instance expired today, and it’s giving an error in the browser. I tried running the renewal manually as per:
It showed that the cert renewed, I can see it in the /shared/letsencrypt folder and it renewed correctly. I restarted nginx within docker. I did a rebuild of the instance, even after that it appears to be sending the old certificate.
I checked the domain with several sites, all say that the cert is expired, so it’s not just local.
Am I missing something ?
I just did the same instructions 15 days ago.
cd /var/discourse
./launcher enter app
"/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" --force
exit
The first thing I learned was that if you view the certificate with Chrome it may show invalid when in fact it is valid. See: Chrome / Chromium bug: SSL certificates show incorrect (expired) dates
I then tried
me@site:/var/discourse$ sudo ./launcher rebuild app
which did not work and finally
sudo reboot
The site was then working as expected.
While I note the step about rebuild I am not sure if it is needed, but it was a step I did along the way.
After trying for hours, and just after I posted this, I realized that because I’m using a multi-site deployment, with an nginx reverse-proxy, I had to also restart the outer nginx server, and it started working instantly.
I’m going to mark this as the answer, just in case someone lands up in this situation.
I think the final sudo reboot may have worked for you because it restarted nginx - which is what I posted in my solution above.
Couple notes about this:
Did you find the root cause of why the certificate was not automatically renewing?
On the site I noted it was because it is not in a production mode so all e-mails are suspended, including the e-mails that would renew the the certificate.
The reason the e-mail was suspended is that it is part of the process of restoring the database, in the specific case it was restored from a different instance of Discourse.
The e-mail is disabled so that two sites are not sending out the same e-mails.
the only way that email is involved in the process at all is that LE might send you a warning if your cert is expiring and you haven’t renewed
OK. Thanks. Now I have to find the root cause as to why the certificate did not automatically renew.
Any reason why a certificate would not renew?
Generally customisations the unexpectedly break the process. I would open a new topic showing your details and what you’ve done.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
