Using letsencrypt inside discourse

hello,

I’m hosting discourse in digital ocean and added all the DNS records. The site is in https://forum.jlozadad.io. After adding the required changes to use letsencrypt and rebuild I get this error after the site completes rebuilding

2019/03/22 01:08:00 [emerg] 10927#10927: PEM_read_bio_X509_AUX("/shared/ssl/forum.jlozadad.io.cer") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

This should be handled for you… you shouldn’t need to handle anything – the let’s encrypt cert is generated for you.

Uncomment this line and you should be good to go.

so I have to change it in standalone.yml and not containers/app.yml ?

No, ignore that.

If you’re using the standard install the letsencrypt and web.ssl templates need to be uncommented in your app.yml and you need to put your email address into the let’s encrypt email field.

Make sure the https port is exposed too:

1 Like

yes that’s what I have in the configuration and it seems that it creates the certificates and everything but, when looking at the nginx error.log the error pasted above comes up.

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - "templates/web.ratelimited.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
  - "templates/web.ssl.template.yml"
  - "templates/web.letsencrypt.ssl.template.yml"
expose:
  - "80:80"   # http
  - "443:443" # https
LETSENCRYPT_ACCOUNT_EMAIL: 'myemail@gmail.com'

Do you have something like cloudflare in front of your server or does the domain resolve directly to the IP of your droplet?

Did you run discourse-setup to enable let’s encrypt or did you do it by hand (it looks OK at brief inspection)?

1 Like

nothing in front of like cloudflare

I uncommented the options in containers/app.yml as described before and then rebuild the cotainer. I have not used discourse-setup.

What does DNS look like, does your server IP match the a record?

There’s no harm in running discourse setup, it will verify the basics. You can take a backup of your app.yml beforehand if you’re concerned.

yes I have a A record that points to the drop/IP in digital ocean. so just run
./discourse-setup ?

I doubt it’ll help. It likely won’t hurt, but it can get confused if you make edits that it doesn’t expect.

Rebuilding again is my best guess.

You could try removing the let’s encrypt and ssl directories so that they get recreated.

ok, I’ll try discourse-setup but, yes I removed the lets encrypt and ssl directories a couple of times, rebuild and still ran into the error listed in the first post.

ok so using discourse-setup fixed it complete. I think the mistake was that I’m using Digital Ocean’s option to one click deploy discourse and used their scrips located in /var/lib/digitalocean to rebuild it. Also used the ./launcher rebuild app after making the changes and need to use discourse-setup. Thank you for all the help
!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.