I’ve got a working production server that is going live and I’m going through our normal launch process, which includes changing the domain name and enabling Let’s Encrypt. The build has been going on for a while, so we’re on a not-bleeding-edge version of trellis (latest commits are circa 8/2017). I’ve applied a few patches here and there, mostly the latest Let’s Encrypt agreement hash.
When reprovisioning, I’m getting the following error:
RUNNING HANDLER [common : reload nginx] ****************************************
System info:
Ansible 2.2.0.0; Darwin
Trellis at "Add ansible_local support for non-Windows"
---------------------------------------------------
nginx: [emerg] BIO_new_file("/etc/nginx/ssl/dhparams.pem") failed (SSL:
error:02001002:system library:fopen:No such file or
directory:fopen('/etc/nginx/ssl/dhparams.pem','r') error:2006D080:BIO
routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
fatal: [192.241.170.51]: FAILED! => {"changed": true, "cmd": ["nginx", "-t"], "delta": "0:00:00.025427", "end": "2018-01-06 22:23:43.466178", "failed": true, "rc": 1, "start": "2018-01-06 22:23:43.440751", "stderr": "nginx: [emerg] BIO_new_file(\"/etc/nginx/ssl/dhparams.pem\") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/ssl/dhparams.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed", "stdout": "", "stdout_lines": [], "warnings": []}
I’m not seeing any other issues around this missing dhparams.pem issue, and because we’re on a production server rebuilding the droplet is… not ideal. Again, the site works fine when let’s encrypt is not enabled, and my steps to create this error are:
- in group_vars, set ssl enabled: false for affected sites in wordpress_sites.yml
- ansible-playbook server.yml -e env= --tags wordpress
- Set ssl enabled: true for applicable sites in wordpress_sites.yml
- ansible-playbook server.yml -e env= --tags letsencrypt