I’m trying to install Discourse from the official github page, on Ubuntu 22.04 Server LTS - from the latest AWS AMI. The networking is configured, with FQDNS attached the host and elastic IP.
Everything deploys correctly, and I can connect to the port 80 nginx instance. But, I can’t connect over port 443, and the repeating error in the nginx error.log is as follows:
Did you run discourse-setup? It attempts to connect to itself to check that DNS points to the server and the ports are open, but it’s a crude test.
If you run a rebuild more than a few times without DNS and ports properly configured, you’ll hit let’s encrypt rate limits. If that’s the case, and I suspect it is, you’ll need to wait a week or use a different subdomain (or follow some complicated instructions to request a cert for the subdomain you want and another).
I think if you run docker logs app you might see where acme is failing to get a cert.
Hi Jason,
I ran into that same issue and it took me days and many hours to figure out what was broken and how to fix it. So, I hope this information helps you and others encountering the same problem.
I was getting this error during execution of ./discourse-setup:
** FAILED TO BOOTSTRAP ** please scroll up and look for earlier error
In many attempts to fix this error, I tried these:
I ran ./discourse-doctor without any success.
I ran ./launcher rebuild app without any success.
I tried troubleshooting from within the container using: docker exec -it app /bin/bash
the container image has limited tools to troubleshoot, so I just read the logs using this cmd: less /var/log/nginx/error.log
It was here where I saw lots of messages containing: [emerg] 2832#2832: cannot load certificate
For some reason I was not able to find the smoking gun, but when I exited the container and typed: ./launcher logs app from the host -
I was able to see more data and suddenly I found this error: “Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours , retry after 2024-08-10T12:58:12Z:”
I googled workarounds for this issue, but then decided to just wait for the specified length of time.
After wait time elapsed, I tried this again: ./launcher rebuild app
This time it worked and the SSL certs ( *.cer ) were successfully created and my site was up.
The moral of the story here is that if you get an empty *.cer certificate, you need to check the container logs using this command from the host: root@host:/var/discourse# ./launcher logs app
Scroll through the logs and search for “too many certificates”
If I had known this, it could have saved me days of research
Assumptions made in my response:
You have confirmed your host is properly configured with your DNS provider.
You have confirmed your registration email and SMTP settings.
You have confirmed /var/discourse/containers/app.yml was properly populated.
