How to install ssl certicate on Discourse one-click install droplet

Posted December 13, 2015 9.7k views

How to install ssl certicate on Discourse one-click install droplet?

How can I access Nginx server block configuration directory in Discourse one-click install?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
7 answers

in 2017 I found that if you just run ./discourse-setup in the /var/discourse/ folder again, it’ll set up let’s encrypt automatically. You’ve got to stop nginx (which is dead anyway) though with systemctl stop nginx and the app itself with ./launcher stop app.

You install via docker or from source code

So, I found the answer here:

And successfully added SSL to my one-click Discourse droplet install digital ocean.

Below is copy of the written directions from the

By Sam Saffron co-founder

So you’d like to enable SSL for your Docker-based Discourse setup? Let’s do it!

This guide assumes you used all the standard install defaults – a container configuration file at/var/discourse/containers/app.>yml and Discourse docker is installed at: /var/discourse

Buy a SSL Certificate

Go to namecheap468 or some other SSL cert provider and purchase a SSL cert for your domain. Follow all the step documented by >them to generate private key and CSR and finally get your cert. I used the apache defaults, they will work fine.

Keep your private key and cert somewhere safe.

Place the Certificate and Key

Get a signed cert and key and place them in the /var/discourse/shared/standalone/ssl/ folder

Private key is:


Cert is


File names are critical do not stray from them or your nginx template will not know where to find the cert.

Have a look at your app.yml configuration file to see where the shared folder is mounted.


  • volume: host: /var/discourse/shared/standalone guest: /shared In essence the files must be located at /shared/ssl/ssl.key /shared/ssl/ssl.crt inside the container.

For all clients to find a path from your cert to a trusted root cert (i.e., not give your users any warnings), you may need to >concatenate the cert files from your provider like so:

cat “Your PositiveSSL Certificate” “Intermediate CA Certificate” “Intermediate CA Certificate” >> ssl.crt
Configure NGINX

Add a reference to the nginx ssl template from your app.yml configuration file:


  • “templates/postgres.template.yml”
  • “templates/redis.template.yml”
  • “templates/sshd.template.yml”
  • “templates/web.template.yml”
  • “templates/web.ssl.template.yml” Configure your Docker Container

Tell your container to listen on SSL


  • “80:80”
  • “2222:22”
  • “443:443” Bootstrap your Docker Container

Rebuild your app

./launcher rebuild app
Profit, you are done!


Be sure to read through the logs using

./launcher logs app
If anything goes wrong.

edited by asb