Standard installation causes errors and warnings

Hi there,

I just installed Discourse fresh on a Ubuntu 20 server. I followed the standard installation procedure and noticed a few strange things in the logs inclusive a couple of errors and warnings. I ran the launcher rebuild app a few times on the same day - every time however the log shows after pointing out where the Let’s Encrypt certificates located are the error - i masked the fqdn with “abc”:


-----END CERTIFICATE-----
Your cert is in /shared/letsencrypt/abc/abc.cer
Your cert key is in /shared/letsencrypt/abc/abc.key
The intermediate CA cert is in /shared/letsencrypt/abc/ca.cer
And the full chain certs is there: /shared/letsencrypt/abc/fullchain.cer
O = Digital Signature Trust Co., CN = DST Root CA X3
error 10 at 3 depth lookup: certificate has expired
Using CA: https://acme-v02.api.letsencrypt.org/directory

The script seems than to try to finalize the signing of the certificate and after successfull attempt, i get again the list of certificate locations. The certificates get installed, but when the script restarts nginx, the following error re-appears:


Run reload cmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
Reload error for :
O = Digital Signature Trust Co., CN = DST Root CA X3
error 10 at 3 depth lookup: certificate has expired
O = Digital Signature Trust Co., CN = DST Root CA X3
error 10 at 3 depth lookup: certificate has expired
Started runsvdir, PID is 4266

Both those tasks are being executed a second round with the same effect.

I can browse to the forum using https albeit the browser informs me that the site is not secure - it says some content such as images are not secure. I also shows in the Security details in Firefox that the website doesn’t supply ownership information and that it’s not specified who verified I guess the certificate. When i click on View certificate everything seems however to be in order - even the expire of the certs is next year.

Any idea what the logs errors/warning could be related to and how to fix them?

Thanks,
Goppi

Go to Admin > Settings and turn on force https. If HTTPS doesn’t fully work on your site, this can break things. Make sure you can access your site over HTTPS before turning this on.

Without this setting, Discourse will load images and other site content as HTTP, causing mixed content warnings on a secure instance.

1 Like

This is related to an issue with let’s encrypt’s root certificate. I hope that it will be fixed this week. Until then, turning on force_https should solve the worst of the problem.