Renew on discourse docker


I installed discourse with docker, and set up lets encrypt as part of the process. Now it’s time to renew, but I’m unsure how, as I thought it would be automatic. On another server I set up using certbot and renewed manually without a glitch. But with the discourse docker install I do not appear to have certbot available. Any help appreciated.


Can you describe how you set up Let’s Encrypt?

If you followed this guide, you already have a daily cronjob that’s responsible for renewing your certificate if needed. This setup does not use certbot, but a different client called


I used this guide (same as your link) so it is
But, I think that it is not running a cron job, as I checked the ./launcher logs <container name> and there is no mention of letsencrypt or anything similar, also crontab -l does not list any crontabs. I also check etc/cron... dirs, but did not find anything that appears to be relevant. My certificate is due to expire in less than a week, so I thought that it might have done so automatically by now, but I still get reminder emails.

The guide above says to manually renew:

./launcher enter app
sv stop nginx
/usr/sbin/nginx -c /etc/nginx/letsencrypt.conf
LE_WORKING_DIR=/shared/letsencrypt DEBUG=1 /shared/letsencrypt/ --issue -d -k 4096 -w /var/www/discourse/public
LE_WORKING_DIR=/shared/letsencrypt /shared/letsencrypt/ --installcert -d --fullchainpath /shared/ssl/ --keypath /shared/ssl/ --reloadcmd "sv reload nginx"
/usr/sbin/nginx -c /etc/nginx/letsencrypt.conf -s stop

Although I’d prefer it to be automated.


This post mentions that the cronjob is in /var/spool/crontab/root. Does that file exist for you, and what’s the result when you run that command manually?


I get -bash: /var/spool/crontab/root: No such file or directory


Seems like something went wrong with that setup. You’re probably better off asking for help on - this is a Discourse-specific issue and in all likelihood there are more people with knowledge about that process on there.



I’m not familiar with discourse too. but I have a few suggestions.

  1. you can list your current cronjob by:
crontab  -l 
  1. has a command --installcronjob :

/shared/letsencrypt/  --installcronjob

It will check if the cronjob for renewal is already installed, if not, it will install it.

  1. You can also manually run the cronjob by command line:

/shared/letsencrypt/  --cron

It will check all the certs and renew them if needed.



I started a new discussion at

But, I discovered that if I enter the docker container and run a shell, then I can get to the crontabs:

docker exec -it app sh

then crontab -l gives me:

0 0 * * * "/shared/letsencrypt"/ --cron --home "/shared/letsencrypt" > /dev/null

I also notice that I don’t have


but I do have


Which implies that I have the acme script running in web mode???

From inside the shell in the container:

# /shared/letsencrypt/ --cron
ls: cannot access '/root/': No such file or directory

So I tried from outside the container:

/var/discourse# ./launcher /shared/letsencrypt/ --cron
Config file was not found, ensure containers/--cron.yml exists

Available configs ( app )

I also tried:

# /shared/letsencrypt/ --installcronjob
[Sun Sep 18 04:04:43 UTC 2016] Installing cron job
0 0 * * * "/shared/letsencrypt"/ --cron --home "/shared/letsencrypt" > /dev/null
# crontab -l
0 0 * * * "/shared/letsencrypt"/ --cron --home "/shared/letsencrypt" > /dev/null
# /shared/letsencrypt/ --cron
ls: cannot access '/root/': No such file or directory

Anyway, I’m not sure what best way is now to renew cert.

Any suggestions?


Neil’s suggestion (thank you) on the other forum appears to have revealed that my auto renewal was working just fine:

(from within the docker container shell)

/shared/letsencrypt/ --cron --home "/shared/letsencrypt"

gave me:

# /shared/letsencrypt/ --cron  --home "/shared/letsencrypt"
[Sun Sep 18 04:09:37 UTC 2016] Renew:
[Sun Sep 18 04:09:37 UTC 2016] Skip, Next renewal time is: Tue Dec  6 00:00:21 UTC 2016


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.