I installed discourse with docker, and set up lets encrypt as part of the process. Now it’s time to renew, but I’m unsure how, as I thought it would be automatic. On another server I set up using certbot and renewed manually without a glitch. But with the discourse docker install I do not appear to have certbot available. Any help appreciated.
Can you describe how you set up Let’s Encrypt?
I used this guide https://meta.discourse.org/t/setting-up-lets-encrypt/40709/141 (same as your link) so it is https://github.com/Neilpang/acme.sh
But, I think that it is not running a cron job, as I checked the
./launcher logs <container name> and there is no mention of letsencrypt or anything similar, also
crontab -l does not list any crontabs. I also check
etc/cron... dirs, but did not find anything that appears to be relevant. My certificate is due to expire in less than a week, so I thought that it might have done so automatically by now, but I still get reminder emails.
The guide above says to manually renew:
./launcher enter app sv stop nginx /usr/sbin/nginx -c /etc/nginx/letsencrypt.conf LE_WORKING_DIR=/shared/letsencrypt DEBUG=1 /shared/letsencrypt/acme.sh --issue -d example.com -k 4096 -w /var/www/discourse/public LE_WORKING_DIR=/shared/letsencrypt /shared/letsencrypt/acme.sh --installcert -d example.com --fullchainpath /shared/ssl/example.com.cer --keypath /shared/ssl/example.com.key --reloadcmd "sv reload nginx" /usr/sbin/nginx -c /etc/nginx/letsencrypt.conf -s stop
Although I’d prefer it to be automated.
This post mentions that the cronjob is in
/var/spool/crontab/root. Does that file exist for you, and what’s the result when you run that command manually?
-bash: /var/spool/crontab/root: No such file or directory
Seems like something went wrong with that setup. You’re probably better off asking for help on meta.discourse.org - this is a Discourse-specific issue and in all likelihood there are more people with knowledge about that process on there.
I’m not familiar with discourse too. but I have a few suggestions.
- you can list your current cronjob by:
acme.sh has a command
It will check if the cronjob for renewal is already installed, if not, it will install it.
- You can also manually run the cronjob by command line:
It will check all the certs and renew them if needed.
I started a new discussion at https://meta.discourse.org/t/setting-up-lets-encrypt/40709/231?u=nisbeti
But, I discovered that if I enter the docker container and run a shell, then I can get to the crontabs:
docker exec -it app sh
crontab -l gives me:
0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null
I also notice that I don’t have
but I do have
Which implies that I have the acme script running in web mode???
From inside the shell in the container:
# /shared/letsencrypt/acme.sh --cron ls: cannot access '/root/.acme.sh/': No such file or directory
So I tried from outside the container:
/var/discourse# ./launcher /shared/letsencrypt/acme.sh --cron Config file was not found, ensure containers/--cron.yml exists Available configs ( app )
I also tried:
# /shared/letsencrypt/acme.sh --installcronjob [Sun Sep 18 04:04:43 UTC 2016] Installing cron job 0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null # crontab -l 0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null # /shared/letsencrypt/acme.sh --cron ls: cannot access '/root/.acme.sh/': No such file or directory
Anyway, I’m not sure what best way is now to renew cert.
Neil’s suggestion (thank you) on the other forum appears to have revealed that my auto renewal was working just fine:
(from within the docker container shell)
/shared/letsencrypt/acme.sh --cron --home "/shared/letsencrypt"
# /shared/letsencrypt/acme.sh --cron --home "/shared/letsencrypt" [Sun Sep 18 04:09:37 UTC 2016] Renew: forum.mydomain.com [Sun Sep 18 04:09:37 UTC 2016] Skip, Next renewal time is: Tue Dec 6 00:00:21 UTC 2016
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.