SSL zero length .cer file

Hi,

I’m trying to install Discourse from the official github page, on Ubuntu 22.04 Server LTS - from the latest AWS AMI. The networking is configured, with FQDNS attached the host and elastic IP.

Everything deploys correctly, and I can connect to the port 80 nginx instance. But, I can’t connect over port 443, and the repeating error in the nginx error.log is as follows:

> 2023/10/09 08:41:12 [emerg] 9342#9342: cannot load certificate "/shared/ssl/discourse.xxxx.com.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

Further investigation shows that the .cer file is zero bytes in length, located in

./shared/standalone/ssl/discourse.XXXX.com.cer

log file container: app:$/var/log/nginx

Has anyone run into this issue before? Doesn’t look to be permissions related, as everything is being executed under sudo credentials.

Genuinely baffled on this one.

EDIT: I tried deleting /shared/ssl and letsencrypt folders, and tried both a rebuild and a re-install, both with the same result.

Did you run discourse-setup? It attempts to connect to itself to check that DNS points to the server and the ports are open, but it’s a crude test.

If you run a rebuild more than a few times without DNS and ports properly configured, you’ll hit let’s encrypt rate limits. If that’s the case, and I suspect it is, you’ll need to wait a week or use a different subdomain (or follow some complicated instructions to request a cert for the subdomain you want and another).

I think if you run docker logs app you might see where acme is failing to get a cert.