I installed discourse with docker, and set up lets encrypt as part of the process. Now it’s time to renew, but I’m unsure how, as I thought it would be automatic. On another server I set up using certbot and renewed manually without a glitch. But with the discourse docker install I do not appear to have certbot available. Any help appreciated.
Can you describe how you set up Let’s Encrypt?
If you followed this guide, you already have a daily cronjob that’s responsible for renewing your certificate if needed. This setup does not use certbot, but a different client called acme.sh.
I used this guide https://meta.discourse.org/t/setting-up-lets-encrypt/40709/141 (same as your link) so it is https://github.com/Neilpang/acme.sh
But, I think that it is not running a cron job, as I checked the ./launcher logs <container name> and there is no mention of letsencrypt or anything similar, also crontab -l does not list any crontabs. I also check etc/cron... dirs, but did not find anything that appears to be relevant. My certificate is due to expire in less than a week, so I thought that it might have done so automatically by now, but I still get reminder emails.
The guide above says to manually renew:
./launcher enter app
sv stop nginx
/usr/sbin/nginx -c /etc/nginx/letsencrypt.conf
LE_WORKING_DIR=/shared/letsencrypt DEBUG=1 /shared/letsencrypt/acme.sh --issue -d example.com -k 4096 -w /var/www/discourse/public
LE_WORKING_DIR=/shared/letsencrypt /shared/letsencrypt/acme.sh --installcert -d example.com --fullchainpath /shared/ssl/example.com.cer --keypath /shared/ssl/example.com.key --reloadcmd "sv reload nginx"
/usr/sbin/nginx -c /etc/nginx/letsencrypt.conf -s stop
Although I’d prefer it to be automated.
This post mentions that the cronjob is in /var/spool/crontab/root. Does that file exist for you, and what’s the result when you run that command manually?
I get -bash: /var/spool/crontab/root: No such file or directory
Seems like something went wrong with that setup. You’re probably better off asking for help on meta.discourse.org - this is a Discourse-specific issue and in all likelihood there are more people with knowledge about that process on there.
I’m not familiar with discourse too. but I have a few suggestions.
- you can list your current cronjob by:
crontab -l
-
acme.sh has a command
--installcronjob:
/shared/letsencrypt/acme.sh --installcronjob
It will check if the cronjob for renewal is already installed, if not, it will install it.
- You can also manually run the cronjob by command line:
/shared/letsencrypt/acme.sh --cron
It will check all the certs and renew them if needed.
Thanks.
I started a new discussion at https://meta.discourse.org/t/setting-up-lets-encrypt/40709/231?u=nisbeti
But, I discovered that if I enter the docker container and run a shell, then I can get to the crontabs:
docker exec -it app sh
then crontab -l gives me:
0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null
I also notice that I don’t have
/shared/standalone/ssl
but I do have
/shared/ssl
Which implies that I have the acme script running in web mode???
From inside the shell in the container:
# /shared/letsencrypt/acme.sh --cron
ls: cannot access '/root/.acme.sh/': No such file or directory
So I tried from outside the container:
/var/discourse# ./launcher /shared/letsencrypt/acme.sh --cron
Config file was not found, ensure containers/--cron.yml exists
Available configs ( app )
I also tried:
# /shared/letsencrypt/acme.sh --installcronjob
[Sun Sep 18 04:04:43 UTC 2016] Installing cron job
0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null
# crontab -l
0 0 * * * "/shared/letsencrypt"/acme.sh --cron --home "/shared/letsencrypt" > /dev/null
# /shared/letsencrypt/acme.sh --cron
ls: cannot access '/root/.acme.sh/': No such file or directory
Anyway, I’m not sure what best way is now to renew cert.
Any suggestions?
1 Like
Neil’s suggestion (thank you) on the other forum appears to have revealed that my auto renewal was working just fine:
(from within the docker container shell)
/shared/letsencrypt/acme.sh --cron --home "/shared/letsencrypt"
gave me:
# /shared/letsencrypt/acme.sh --cron --home "/shared/letsencrypt"
[Sun Sep 18 04:09:37 UTC 2016] Renew: forum.mydomain.com
[Sun Sep 18 04:09:37 UTC 2016] Skip, Next renewal time is: Tue Dec 6 00:00:21 UTC 2016
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.