AnsibleFileNotFound: for manual SSL provider cert files


I’m setting up Trellis with the manual SSL setting, and encountering a weird issue with the manual SSL provider setting.

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AnsibleFileNotFound: Could not find or access '~/.ssl/_wildcard.trellis.test_plus1.pem'
failed: [default] (item=www.trellis.test) => {"changed": false, "item": "www.trellis.test"}

The key and cert files are definitely paths local files that exist on my machine. I can run cat ~/.ssl/_wildcard.trellis.test_plus1.pem and it’ll show me the certificate. The file permissions for both files are set to 664, so that shouldn’t be an issue either. Though I don’t think it is a permission issue, I even tried it with SELinux disabled and that gave me the same error.

Here’s the contents of the wordpress_sites.yml file:

      - canonical: www.trellis.test
          - trellis.test
    local_path: ../site # path targeting local Bedrock site directory (relative to Ansible root)
    site_title: Trellis Test
    admin_user: cdayjr
    admin_email: #my email here
      enabled: false
      enabled: true
      provider: manual
      cert: ~/.ssl/_wildcard.trellis.test_plus1.pem
      key: ~/.ssl/_wildcard.trellis.test_plus1-key.pem
      hsts_max_age: 31536000                                       
      hsts_include_subdomains: true
      hsts_preload: false
      enabled: false

Some additional details that might help:

  • I removed the type: 'nfs' settings from the Vagrantfile since apparently NFS doesn’t work with an encrypted drive. I feel like this might have something to do with the issue? I don’t have too much Vagrant experience, so I’m not sure the drawbacks of using Vagrant’s synced folders over NFS but either way I’m not quite sure why it wouldn’t be able to find this file.
  • I’m using mkcert for the certificates- I don’t think this matters at all for this issue but figured it’d answer why I have manual certs for .test domains if anyone is wondering about that.

It works fine with a self-signed, I’m just worried I’d encounter this issue in production.

Thanks in advance for any help!

I’ve never tried a manual cert on a development environment - it’s possible that it might work on a remote server if you try staging or production

I doubt this is the solution, but have you tried an absolute path to the files?

I gave it a shot, but no luck: same error as before.