Self hosted bug: Auto cert renewal Lua problem (Certbot is fine)
For self hosted Talkyard installations installed after 2021-03-20, HTTPS certs don't currently get renewed — they just get automatically generated once. There's some problem with a Lua Nginx LetsEncrypt module Talkyard uses.
So, when there's less than a month left until the cert expires, probably you will need to do this:
sudo -i cd /opt/talkyard docker-compose exec cache redis-cli 127.0.0.1:6379> FLUSHDB OK 127.0.0.1:6379>
That removes your HTTPS cert from the Redis cache. (It's currently ok to remove everything from the cache — it's just a cache.) Then, the Lua module won't try to renew a cert, instead it'll create a new one (it thinks), and that works fine.
After you've done that, reload the Talkyard site in a browser, so Nginx gets a HTTPS request. You'll get a cert warning, and 30? seconds later, Nginx and the Lua code should have gotten a new cert from LetsEncrypt.
This does not affect sites created before the above date, because as per their installation instructions, they instead use Certbot from LetsEncrypt directly, instead of the Nginx Lua module Talkyard uses.
- 0 replies