Worth a shot, thanks!
Iāve added -d WWW.community.example.com
but https://www.community.example.com
still doesnāt redirect in FF.
This is what I get in FF:
SSL_ERROR_BAD_CERT_DOMAIN
www.community.example.com uses an invalid security certificate.
The certificate is only valid for community.example.com.
Unable to communicate securely with peer: requested domain name does not match the serverās certificate.
HTTP Strict Transport Security: false HTTP Public Key Pinning: false
The certificate should list all the domains you have included, can you see them? Perhaps the certificate is not being recreated with the list of domains when you rebuild? Follow the debugging instructions in Setting up HTTPS support with Letās Encrypt
1. For ./launcher logs app
I can see:
www.example.com:Verify error:DNS problem: NXDOMAIN looking up A for www.example.com
(thatās for the root, not for the discourse install, which is under www.community.example.com
)
And also:
Reload error for : Started runsvdir, PID is 326
ssyslogd: command 'KLogPermitNonKernelFacility' is currently not permitted
Domains not changed.
Add '--force' to force to renew.
Installing key to:/shared/ssl/comunity.example.com.key
Run reload cmd: sv reload nginx
2. For ls -l /var/discourse/shared/standalone/ssl
I get:
total 8
-rw-r--r-- 1 ubuntu root 3924 Dec 18 03:56 community.example.com.cer
-rw------- 1 ubuntu root 3247 Dec 18 04:24 community.example.com.key
Should I try and manually reissue the cert following instructions here Set up HTTPS support with Let's Encrypt?
Hours laterā¦ tried pretty much everything and I still canāt get it to work.
In case I do have a breakthrough, I will update thread for future reference.
Yes, you should be expecting to get one certificate containing multiple entries in the Subject Alternative Name field.
From Setting up HTTPS support with Letās Encrypt:
If you delete those two directories before rebuilding the container you can be sure that it will get fresh certificates when you rebuild.
Thanks! Yes, I always removed the old cert files before rebuilding with no success.
Just woke up now so Iām ready for another 12 hours of research, until I get to the bottom of this. I am starting everything from scratch on a new Lightsail instance.
Will update on the first bump.
UPDATE: I managed to make the www version on FF secure as well. All I did was remove the root domain (the one without the forum install) from the list: -d example.com -d www.example.com
and all I have left is the actual forum -d community.example.com -d www.community.example.com
. Not sure why that helped to be honest.
NEW ISSUE: Now Iāve got two different websites: the www doesnāt redirect to the non-www version like it did before for whatever reason.
Fixed by adding this 301 redirect to my app.yml
hooks section:
- file:
path: /etc/nginx/conf.d/discourse_redirect_1.conf
contents: |
server {
listen 443;
server_name www.community.example.com;
return 301 $scheme://community.example.com$request_uri;
}
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.