AnsibleFileNotFound: for manual SSL provider cert files

cdayjr · July 13, 2018, 10:58pm

Hi,

I’m setting up Trellis with the manual SSL setting, and encountering a weird issue with the manual SSL provider setting.

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AnsibleFileNotFound: Could not find or access '~/.ssl/_wildcard.trellis.test_plus1.pem'
failed: [default] (item=www.trellis.test) => {"changed": false, "item": "www.trellis.test"}

The key and cert files are definitely paths local files that exist on my machine. I can run cat ~/.ssl/_wildcard.trellis.test_plus1.pem and it’ll show me the certificate. The file permissions for both files are set to 664, so that shouldn’t be an issue either. Though I don’t think it is a permission issue, I even tried it with SELinux disabled and that gave me the same error.

Here’s the contents of the wordpress_sites.yml file:

wordpress_sites:
  www.trellis.test:
    site_hosts:
      - canonical: www.trellis.test
        redirects:
          - trellis.test
    local_path: ../site # path targeting local Bedrock site directory (relative to Ansible root)
    site_title: Trellis Test
    admin_user: cdayjr
    admin_email: #my email here
    multisite:
      enabled: false
    ssl:
      enabled: true
      provider: manual
      cert: ~/.ssl/_wildcard.trellis.test_plus1.pem
      key: ~/.ssl/_wildcard.trellis.test_plus1-key.pem
      hsts_max_age: 31536000                                       
      hsts_include_subdomains: true
      hsts_preload: false
    cache:
      enabled: false

Some additional details that might help:

I removed the type: 'nfs' settings from the Vagrantfile since apparently NFS doesn’t work with an encrypted drive. I feel like this might have something to do with the issue? I don’t have too much Vagrant experience, so I’m not sure the drawbacks of using Vagrant’s synced folders over NFS but either way I’m not quite sure why it wouldn’t be able to find this file.
I’m using mkcert for the certificates- I don’t think this matters at all for this issue but figured it’d answer why I have manual certs for .test domains if anyone is wondering about that.

It works fine with a self-signed, I’m just worried I’d encounter this issue in production.

Thanks in advance for any help!

ben · July 14, 2018, 2:48am

I’ve never tried a manual cert on a development environment - it’s possible that it might work on a remote server if you try staging or production

swalkinshaw · July 15, 2018, 8:09pm

I doubt this is the solution, but have you tried an absolute path to the files?

cdayjr · July 16, 2018, 2:27am

I gave it a shot, but no luck: same error as before.