Unable to renew Let's encrypt certificate

Hello,

Today the certificat of my discourse installation expired.

I have tried to renew it by following those commands :

ssh root@your.discourse.server
cd /var/discourse/shared/standalone
cp -r ssl ssl_backup
rm ssl/*
cd /var/discourse
./launcher rebuild app

After execution, i can see that new files are available in the directory /var/discourse/shared/standalone/ssl however this new certificate is not loaded by the web site.

Any idea how to solve this problem ?

These steps are usually unnecessary - the build script on its own will update your certificate as required.
I wonder if your deletion of the contents of the directory is affecting the build process?

1 Like

Are you trying to use a custom certificate rather than the one provided by let’s encrypt?

DId you follow Allow SSL / HTTPS for your Discourse Docker setup (which isn’t recommended anymore) or just a standard install?

Are you using cloudflare or something else that might be interfering with the certificate renewal?

1 Like

It’s a certificate provided by let’s encrypt, no cloudfare at all.

You’ll need to go into the container (./launcher enter app) and try to run the command by hand.

cd /root/acme.sh && LE_WORKING_DIR="${LETSENCRYPT_DIR}" ./acme.sh --upgrade --auto-upgrade

You could try that.

Is something wrong with your DNS? Common wisdom is that it’s always DNS. What’s your hostname?

I had that very same problem a few months ago. I‘ve tried everything I could find on meta but in the end a simple restart of the server solved it for me.

1 Like

I did this :slight_smile:

  • Reboot Server : No changes
  • root@VM-Discourse-01-app:/var/www/discourse# cd /root/acme.sh && LE_WORKING_DIR=“${LETSENCRYPT_DIR}” ./acme.sh --upgrade --auto-upgrade
    [Tue 06 Feb 2024 06:53:56 AM UTC] Already uptodate!
    [Tue 06 Feb 2024 06:53:56 AM UTC] Upgrade success!

But when i launch discourse i can see on the url that the certificate is not set.

It finally works. It was my port 80 from my Azure environment that was closed so the challenge response when generating the certificate was failing … thanks for you help.

1 Like