Renew on discourse docker


#1

I installed discourse with docker, and set up lets encrypt as part of the process. Now it’s time to renew, but I’m unsure how, as I thought it would be automatic. On another server I set up using certbot and renewed manually without a glitch. But with the discourse docker install I do not appear to have certbot available. Any help appreciated.


#2

Can you describe how you set up Let’s Encrypt?

If you followed this guide, you already have a daily cronjob that’s responsible for renewing your certificate if needed. This setup does not use certbot, but a different client called acme.sh.


#3

I used this guide https://meta.discourse.org/t/setting-up-lets-encrypt/40709/141 (same as your link) so it is https://github.com/Neilpang/acme.sh
But, I think that it is not running a cron job, as I checked the ./launcher logs <container name> and there is no mention of letsencrypt or anything similar, also crontab -l does not list any crontabs. I also check etc/cron... dirs, but did not find anything that appears to be relevant. My certificate is due to expire in less than a week, so I thought that it might have done so automatically by now, but I still get reminder emails.

The guide above says to manually renew:

./launcher enter app
sv stop nginx
/usr/sbin/nginx -c /etc/nginx/letsencrypt.conf
LE_WORKING_DIR=/shared/letsencrypt DEBUG=1 /shared/letsencrypt/acme.sh --issue -d example.com -k 4096 -w /var/www/discourse/public
LE_WORKING_DIR=/shared/letsencrypt /shared/letsencrypt/acme.sh --installcert -d example.com --fullchainpath /shared/ssl/example.com.cer --keypath /shared/ssl/example.com.key --reloadcmd "sv reload nginx"
/usr/sbin/nginx -c /etc/nginx/letsencrypt.conf -s stop

Although I’d prefer it to be automated.


#4

This post mentions that the cronjob is in /var/spool/crontab/root. Does that file exist for you, and what’s the result when you run that command manually?


#5

I get -bash: /var/spool/crontab/root: No such file or directory


#6

Seems like something went wrong with that setup. You’re probably better off asking for help on meta.discourse.org - this is a Discourse-specific issue and in all likelihood there are more people with knowledge about that process on there.


#7

@nisbeti

I’m not familiar with discourse too. but I have a few suggestions.

  1. you can list your current cronjob by:
crontab  -l 
  1. acme.sh has a command --installcronjob :

/shared/letsencrypt/acme.sh  --installcronjob

It will check if the cronjob for renewal is already installed, if not, it will install it.

  1. You can also manually run the cronjob by command line:

/shared/letsencrypt/acme.sh  --cron

It will check all the certs and renew them if needed.

Thanks.


#8

I started a new discussion at https://meta.discourse.org/t/setting-up-lets-encrypt/40709/231?u=nisbeti

But, I discovered that if I enter the docker container and run a shell, then I can get to the crontabs:

docker exec -it app sh

then crontab -l gives me:

0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null

I also notice that I don’t have

/shared/standalone/ssl

but I do have

/shared/ssl

Which implies that I have the acme script running in web mode???

From inside the shell in the container:

# /shared/letsencrypt/acme.sh --cron
ls: cannot access '/root/.acme.sh/': No such file or directory

So I tried from outside the container:

/var/discourse# ./launcher /shared/letsencrypt/acme.sh --cron
Config file was not found, ensure containers/--cron.yml exists

Available configs ( app )

I also tried:

# /shared/letsencrypt/acme.sh --installcronjob
[Sun Sep 18 04:04:43 UTC 2016] Installing cron job
0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null
# crontab -l
0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null
# /shared/letsencrypt/acme.sh --cron
ls: cannot access '/root/.acme.sh/': No such file or directory

Anyway, I’m not sure what best way is now to renew cert.

Any suggestions?


#9

Neil’s suggestion (thank you) on the other forum appears to have revealed that my auto renewal was working just fine:

(from within the docker container shell)

/shared/letsencrypt/acme.sh --cron --home "/shared/letsencrypt"

gave me:

# /shared/letsencrypt/acme.sh --cron  --home "/shared/letsencrypt"
[Sun Sep 18 04:09:37 UTC 2016] Renew: forum.mydomain.com
[Sun Sep 18 04:09:37 UTC 2016] Skip, Next renewal time is: Tue Dec  6 00:00:21 UTC 2016

#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.