Acme.sh, Let's Encrypt, and ZeroSSL.com

Support
4

Hi @dnutan,

I tried different scenarios.

My conclusions with acme.sh-3.0:

".pem"

  1. The first new certificate is set as default.
  2. Server-Manager does not see the certificate, but the browser uses it.
  3. After a systemctl restart nginx, Discourse uses the Let’s Encrypt certificate.

".crt"

  1. After defining the new certificate as default, Server-Manager sees the certificate and the browser uses it.
  2. After a systemctl restart nginx, Discourse does not see the new Let’s Encrypt certificate and still uses the first LE certificate, because it only sees keys with the “.pem” extension.

Discourse:

  1. For me, the best solution would be to find out where Discourse maps the /root/.acme.sh directory and from where it points the different keys in the subdirectory.
  2. It has to do like Jitsi Meet which mounts /root/.acme.sh in the Prosody/YAML container, then there is a parameter that point to each of the different keys in the subdirectory mounted in the container.
  3. Maybe those parameters are in some nginx configuration file or even somewhere else…

Michel-André