Renew on discourse docker

nisbeti · September 16, 2016, 8:19pm

I installed discourse with docker, and set up lets encrypt as part of the process. Now it’s time to renew, but I’m unsure how, as I thought it would be automatic. On another server I set up using certbot and renewed manually without a glitch. But with the discourse docker install I do not appear to have certbot available. Any help appreciated.

pfg · September 16, 2016, 8:38pm

Can you describe how you set up Let’s Encrypt?

If you followed this guide, you already have a daily cronjob that’s responsible for renewing your certificate if needed. This setup does not use certbot, but a different client called acme.sh.

nisbeti · September 17, 2016, 8:18am

I used this guide https://meta.discourse.org/t/setting-up-lets-encrypt/40709/141 (same as your link) so it is https://github.com/Neilpang/acme.sh
But, I think that it is not running a cron job, as I checked the ./launcher logs <container name> and there is no mention of letsencrypt or anything similar, also crontab -l does not list any crontabs. I also check etc/cron... dirs, but did not find anything that appears to be relevant. My certificate is due to expire in less than a week, so I thought that it might have done so automatically by now, but I still get reminder emails.

The guide above says to manually renew:

./launcher enter app
sv stop nginx
/usr/sbin/nginx -c /etc/nginx/letsencrypt.conf
LE_WORKING_DIR=/shared/letsencrypt DEBUG=1 /shared/letsencrypt/acme.sh --issue -d example.com -k 4096 -w /var/www/discourse/public
LE_WORKING_DIR=/shared/letsencrypt /shared/letsencrypt/acme.sh --installcert -d example.com --fullchainpath /shared/ssl/example.com.cer --keypath /shared/ssl/example.com.key --reloadcmd "sv reload nginx"
/usr/sbin/nginx -c /etc/nginx/letsencrypt.conf -s stop

Although I’d prefer it to be automated.

pfg · September 17, 2016, 3:23pm

This post mentions that the cronjob is in /var/spool/crontab/root. Does that file exist for you, and what’s the result when you run that command manually?

nisbeti · September 17, 2016, 8:59pm

I get -bash: /var/spool/crontab/root: No such file or directory

pfg · September 17, 2016, 9:56pm

Seems like something went wrong with that setup. You’re probably better off asking for help on meta.discourse.org - this is a Discourse-specific issue and in all likelihood there are more people with knowledge about that process on there.

Neilpang · September 18, 2016, 12:08am

@nisbeti

I’m not familiar with discourse too. but I have a few suggestions.

you can list your current cronjob by:

crontab  -l

acme.sh has a command --installcronjob :


/shared/letsencrypt/acme.sh  --installcronjob

It will check if the cronjob for renewal is already installed, if not, it will install it.

You can also manually run the cronjob by command line:


/shared/letsencrypt/acme.sh  --cron

It will check all the certs and renew them if needed.

Thanks.

nisbeti · September 18, 2016, 3:55am

I started a new discussion at https://meta.discourse.org/t/setting-up-lets-encrypt/40709/231?u=nisbeti

But, I discovered that if I enter the docker container and run a shell, then I can get to the crontabs:

docker exec -it app sh

then crontab -l gives me:

0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null

I also notice that I don’t have

/shared/standalone/ssl

but I do have

/shared/ssl

Which implies that I have the acme script running in web mode???

From inside the shell in the container:

# /shared/letsencrypt/acme.sh --cron
ls: cannot access '/root/.acme.sh/': No such file or directory

So I tried from outside the container:

/var/discourse# ./launcher /shared/letsencrypt/acme.sh --cron
Config file was not found, ensure containers/--cron.yml exists

Available configs ( app )

I also tried:

# /shared/letsencrypt/acme.sh --installcronjob
[Sun Sep 18 04:04:43 UTC 2016] Installing cron job
0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null
# crontab -l
0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null
# /shared/letsencrypt/acme.sh --cron
ls: cannot access '/root/.acme.sh/': No such file or directory

Anyway, I’m not sure what best way is now to renew cert.

Any suggestions?

nisbeti · September 18, 2016, 4:13am

Neil’s suggestion (thank you) on the other forum appears to have revealed that my auto renewal was working just fine:

(from within the docker container shell)

/shared/letsencrypt/acme.sh --cron --home "/shared/letsencrypt"

gave me:

# /shared/letsencrypt/acme.sh --cron  --home "/shared/letsencrypt"
[Sun Sep 18 04:09:37 UTC 2016] Renew: forum.mydomain.com
[Sun Sep 18 04:09:37 UTC 2016] Skip, Next renewal time is: Tue Dec  6 00:00:21 UTC 2016

system · October 18, 2016, 4:13am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Automating LE cert renewal for Discourse docker app container running on Ubuntu	4	3142	December 8, 2015
Unable to Renew via Cron Help	6	1991	April 26, 2018
Renewal help for standalone with cron job Help	4	8017	March 11, 2017
Auto-renew all certificates on server Help	3	1954	January 1, 2021
How to automatically renew certificates? Help	82	416611	June 14, 2020

Renew on discourse docker

Related topics