Turned on Lets Encrypt and requests are timing out


(David) #1

The only thing I can see in the access logs is:

217.138.11.237 - - [06/Mar/2018:15:09:04 +0000] "POST /message-bus/c2a0f3d9a16a490eb6be56bc668d6c81/poll?dlp=t HTTP/1.1" 301 185 "http://marketdiscuss.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"

this is a standard Digital Ocean setup droplet setup.

Config details match the instructions, I can see the .key and .cert files just fine in

shared/ssl/*{key, cert}

Ran discourse-setup and says everything ran successfully, rebuilds and the docker container is live.
I just can’t seem to hit the server by loading the page in my browser. Had this working perfectly, with people signing up and everything. But wanted the ssl for better seo I guess.

Any help would be awesome: Chrome seems to acknowledge the the cert is valid:

I am able to enter the container just fine and view logs live etc… everything seems like it’s OK, but it’s in reality :confused:


(Jay Pfaffman) #2

My only guess, which seems unlikely, because I don’t think that let’s encrypt would success if this were the case, is that something is blocking incoming traffic at port 443.


(David) #3
$ netstas -tulpn

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1540/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      1540/sshd
tcp6       0      0 :::443                  :::*                    LISTEN      4058/docker-proxy
tcp6       0      0 :::80                   :::*                    LISTEN      4080/docker-proxy

that’s all I have

when I run ./launcher logs app I also get the following but I am not sure the following matters:

[Tue Mar  6 13:38:30 UTC 2018] Your cert is in  
/shared/letsencrypt/marketdiscuss.com/marketdiscuss.com.cer
[Tue Mar  6 13:38:30 UTC 2018] Your cert key is in  
/shared/letsencrypt/marketdiscuss.com/marketdiscuss.com.key
[Tue Mar  6 13:38:31 UTC 2018] The intermediate CA cert is in  
/shared/letsencrypt/marketdiscuss.com/ca.cer
[Tue Mar  6 13:38:31 UTC 2018] And the full chain certs is there:                  
/shared/letsencrypt/marketdiscuss.com/fullchain.cer
[Tue Mar  6 13:38:31 UTC 2018] Installing key to:/shared/ssl/marketdiscuss.com.key
[Tue Mar  6 13:38:31 UTC 2018] Installing full chain to:/shared/ssl/marketdiscuss.com.cer
[Tue Mar  6 13:38:32 UTC 2018] Run reload cmd: sv reload nginx 
warning: nginx: unable to open supervise/ok: file does not exist
[Tue Mar  6 13:38:32 UTC 2018] Reload error for :
Started runsvdir, PID is 1041
ok: run: redis: (pid 1049) 0s
ok: run: postgres: (pid 1051) 0s
rsyslogd: command 'KLogPermitNonKernelFacility' is currently not permitted - did you already set it via a 
RainerScript command (v6+ config)? [v8.16.0 try http://www.rsyslog.com/e/2222 ]
rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.
rsyslogd: activation of module imklog failed [v8.16.0 try http://www.rsyslog.com/e/2145 ]
 rsyslogd: Could not open output pipe '/dev/xconsole':: No such file or directory [v8.16.0 try 
http://www.rsyslog.com/e/2039 ]
supervisor pid: 1053 unicorn pid: 1077

(Jay Pfaffman) #4

My guess, which may be wrong, is that there is a firewall, in your computer or external to it, that’s blocking incoming traffic to port 443.


(David) #5

What a champ! Thank you so much, exactly that! I didn’t have a firewall rule for https on port 443.

Many thanks