I installed discourse with docker, and set up lets encrypt as part of the process. Now it’s time to renew, but I’m unsure how, as I thought it would be automatic. On another server I set up using certbot and renewed manually without a glitch. But with the discourse docker install I do not appear to have certbot available. Any help appreciated.
Can you describe how you set up Let’s Encrypt?
If you followed this guide, you already have a daily cronjob that’s responsible for renewing your certificate if needed. This setup does not use certbot, but a different client called acme.sh.
I used this guide https://meta.discourse.org/t/setting-up-lets-encrypt/40709/141 (same as your link) so it is https://github.com/Neilpang/acme.sh
But, I think that it is not running a cron job, as I checked the ./launcher logs <container name> and there is no mention of letsencrypt or anything similar, also crontab -l does not list any crontabs. I also check etc/cron... dirs, but did not find anything that appears to be relevant. My certificate is due to expire in less than a week, so I thought that it might have done so automatically by now, but I still get reminder emails.
The guide above says to manually renew:
./launcher enter app
sv stop nginx
/usr/sbin/nginx -c /etc/nginx/letsencrypt.conf
LE_WORKING_DIR=/shared/letsencrypt DEBUG=1 /shared/letsencrypt/acme.sh --issue -d example.com -k 4096 -w /var/www/discourse/public
LE_WORKING_DIR=/shared/letsencrypt /shared/letsencrypt/acme.sh --installcert -d example.com --fullchainpath /shared/ssl/example.com.cer --keypath /shared/ssl/example.com.key --reloadcmd "sv reload nginx"
/usr/sbin/nginx -c /etc/nginx/letsencrypt.conf -s stop
Although I’d prefer it to be automated.
This post mentions that the cronjob is in /var/spool/crontab/root. Does that file exist for you, and what’s the result when you run that command manually?
I get -bash: /var/spool/crontab/root: No such file or directory
Seems like something went wrong with that setup. You’re probably better off asking for help on meta.discourse.org - this is a Discourse-specific issue and in all likelihood there are more people with knowledge about that process on there.
I’m not familiar with discourse too. but I have a few suggestions.
- you can list your current cronjob by:
crontab -l
-
acme.sh has a command
--installcronjob:
/shared/letsencrypt/acme.sh --installcronjob
It will check if the cronjob for renewal is already installed, if not, it will install it.
- You can also manually run the cronjob by command line:
/shared/letsencrypt/acme.sh --cron
It will check all the certs and renew them if needed.
Thanks.
I started a new discussion at https://meta.discourse.org/t/setting-up-lets-encrypt/40709/231?u=nisbeti
But, I discovered that if I enter the docker container and run a shell, then I can get to the crontabs:
docker exec -it app sh
then crontab -l gives me:
0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null
I also notice that I don’t have
/shared/standalone/ssl
but I do have
/shared/ssl
Which implies that I have the acme script running in web mode???
From inside the shell in the container:
# /shared/letsencrypt/acme.sh --cron
ls: cannot access '/root/.acme.sh/': No such file or directory
So I tried from outside the container:
/var/discourse# ./launcher /shared/letsencrypt/acme.sh --cron
Config file was not found, ensure containers/--cron.yml exists
Available configs ( app )
I also tried:
# /shared/letsencrypt/acme.sh --installcronjob
[Sun Sep 18 04:04:43 UTC 2016] Installing cron job
0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null
# crontab -l
0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null
# /shared/letsencrypt/acme.sh --cron
ls: cannot access '/root/.acme.sh/': No such file or directory
Anyway, I’m not sure what best way is now to renew cert.
Any suggestions?
Neil’s suggestion (thank you) on the other forum appears to have revealed that my auto renewal was working just fine:
(from within the docker container shell)
/shared/letsencrypt/acme.sh --cron --home "/shared/letsencrypt"
gave me:
# /shared/letsencrypt/acme.sh --cron --home "/shared/letsencrypt"
[Sun Sep 18 04:09:37 UTC 2016] Renew: forum.mydomain.com
[Sun Sep 18 04:09:37 UTC 2016] Skip, Next renewal time is: Tue Dec 6 00:00:21 UTC 2016