Automating LE cert renewal for Discourse docker app container running on Ubuntu

Automating LE cert renewal for Discourse docker app container running on Ubuntu; how can this be accomplished? has anyone done it yet? the point here is to have it automated via a cron job. I can do it manually. Thanks.

  • Fabian S.
1 Like

How to do it manually? Can you please list out the steps? I have been looking on how to setup Letsencrypt for a discourse site.

Nevermind. Found it:

1 Like

I combined script info from your link above and another topic / user from this forum concerning renewing LE certs via cronjob and came up with this for discourse docker app containers (

ERRORLOG=tail /var/log/letsencrypt/letsencrypt.log

/var/discourse/launcher stop app

cd /letsencrypt/

git pull

./letsencrypt-auto certonly -c /etc/letsencrypt/cli.ini --standalone -d

if [ $? -ne 0 ]
sleep 5
echo -e “The Lets Encrypt Cert has not been renewed! \n \n” $ERRORLOG | mail -s “Lets Encrypt Cert Alert” postmaster@

    /var/discourse/launcher start app


    rm /var/discourse/shared/standalone/ssl/ssl.{crt,key} -f
    rm /var/discourse/shared/standalone/ssl/chain.pem -f

    cp /etc/letsencrypt/live/<domain>/fullchain.pem /var/discourse/shared/standalone/ssl/ssl.crt
    cp /etc/letsencrypt/live/<domain>/privkey.pem /var/discourse/shared/standalone/ssl/ssl.key
    cp /etc/letsencrypt/live/<domain>/chain.pem /var/discourse/shared/standalone/ssl/

    /var/discourse/launcher start app


exit 0

and in my cli.ini file i simply specify the acme server, my email address and the option renew-by-default:

server =
email = postmaster@

i then set the script’s executable bit (chmod +x

and added it to my crontab with crontab -e (as root):

0 2 1 2,4,6,8,10,12 * /etc/letsencrypt/

which will run it every 2 months on day 1 at 2 am. since today’s date is 12/8, this job will first run in FEB.

i also manually tested the script first by simply running it. that’s it. some would argue against the use of root but it’s ok for me and my purposes + i believe the official LE client requires it in some fashion. That’s it.

  • Fabian S.

One more note; the reason i copy chain.pem into the docker app container ssl folder is because for my discourse docker app, I modified the web.ssl template to add support for ocsp and rely on the chain.pem file for that.

also, in my crontab entry, i made no provision for emailing me the end result of the cron job because the sh script contains that mechanism only in case of LE cert renewal failure.

that is all.

  • Fabian S.
1 Like