Bad certificate warning

My site certificate only supports non-www addresses. So, when we try to access an image uploaded to the site we are getting a bad certificate warning because there is a ‘www’ in the address. Is there a solution for this?

@nutomic
mod
admin
link
fedilink
3٩ أشهر

How did you install Lemmy? And are you using pictrs for images? Because that is normally available through Lemmy (same domain).

@suspended
creator
link
fedilink
1٩ أشهر

I installed using these instructions: https://join-lemmy.org/docs/en/administration/install_docker.html

# address where pictrs is available
  pictrs_url: "http://pictrs:8080"
@nutomic
mod
admin
link
fedilink
1٩ أشهر

Can you link your instance, and the url where the error happens?

@suspended
creator
link
fedilink
1٩ أشهر

Can you link your instance…

If you mean federate, then we aren’t comfortable doing that.

@nutomic
mod
admin
link
fedilink
3٩ أشهر

No, thats not necessary.

@suspended
creator
link
fedilink
2٩ أشهر

OK. Thanks for taking the time to try and resolve this. I appreciate it.

@suspended
creator
link
fedilink
1٩ أشهر
@nutomic
mod
admin
link
fedilink
1٩ أشهر

What value did you put in the line below? It should be beehaw.org, without www.

https://github.com/LemmyNet/lemmy-ansible/blob/main/templates/docker-compose.yml#L24

@suspended
creator
link
fedilink
1٩ أشهر

It is beehaw.org.

@nutomic
mod
admin
link
fedilink
1٩ أشهر

Hmm, then did you configure www.beehaw.org in some other place? Because Lemmy certainly doesnt add that.

@suspended
creator
link
fedilink
1٩ أشهر

Here are the server blocks of my nginx conf file:

server {
	if ($host = beehaw.org) {
		return 301 https://beehaw.org$request_uri;
	} # managed by Certbot
	
	listen 80;
	listen [::]:80;
	server_name beehaw.org www.beehaw.org;
	location /.well-known/acme-challenge/ {
		root /var/www/certbot;
	}
	location / {
		return 301 https://$host$request_uri;
	}

}

server  {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name beehaw.org www.beehaw.org;
	ssl_certificate /etc/letsencrypt/live/beehaw.org-0001/fullchain.pem; #managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/beehaw.org-0001/privkey.pem; #managed by Certbot
@nutomic
mod
admin
link
fedilink
1٩ أشهر

Its possible that certbot messed up something in your nginx config, but i dont see how that would affect the html sent by the server. Did you previously have www.beehaw.org set in docker-compose.yml? Maybe its still using the old setting.

Otherwise i cant think of anything.

@suspended
creator
link
fedilink
2٩ أشهر

Did you previously have www.beehaw.org set in docker-compose.yml? Maybe its still using the old setting.

I may have. I don’t know how it could retain the old setting. Strange. Thanks for helping.

@nutomic
mod
admin
link
fedilink
2٩ أشهر

You need to run docker-compose up to reload the settings. With docker-compose restart, it keeps using the old settings.

@suspended
creator
link
fedilink
2٩ أشهر

I think I may have found something. Instead of using ‘restart’ with nginx shouldn’t I be using ‘reload’? See: https://linuxize.com/post/start-stop-restart-nginx/

reload: Gracefully restarts the Nginx service. On reload, the main Nginx process shuts down the child processes, loads the new configuration, and starts new child processes.

@nutomic
mod
admin
link
fedilink
1
edit-2
٩ أشهر

Either one should work. Anyway, this post shows that images are working correctly in new posts now. But you will have to edit old posts manually to remove the www from the url.

@suspended
creator
link
fedilink
2٩ أشهر

Thanks!

@suspended
creator
link
fedilink
1٩ أشهر

I’ve never used docker-compose restart. I always use docker-compose up.

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

  • 0 users online
  • 1 user / day
  • 28 users / week
  • 55 users / month
  • 198 users / 6 months
  • 1.41K subscribers
  • 408 Posts
  • 2.92K Comments
  • Modlog