What’s the scenario here? Is this a new server with a new domain? Some more background details would be helpful.
edit: I just realized we tag the wordpress role with letsencrypt One important thing is that you can’t just run the wordpress or letsencrypt tags when you toggle those values. I think just wordpress is fine if you turn SSL off, but you’d definitely want to run letsencrypt,wordpress when you toggle it back on.
It’s an older server. Ubuntu 18. I had, maybe partially updated the Trellis codebase. Renewal errored out because the letsencrypt emails hadn’t been set.
I also updated /roles/fail2ban/defaults/main.yml and
Had to change roles/wordpress-setup/tasks/nginx.yml to state: "{{ item.enabled | default(true) | ternary('link', 'hard') }}" (from absenttohard`)
And yes, get the error now when running the wordpress tasks with SSL set to true.
Also check whether there is an IPv6 AAAA record for your domain, Let’s Encrypt prefers those over the IPv4 A records for HTTP-01 validation. Verify that the server is correctly listening on IPv6 address.
Thanks. I’m not sure how to do that but will look into it. When I reprovision (wordpress tasks) without SSL, curl on the http address returns 301 permanent redirect.
Will probably provision a new server if this fails. For Ubuntu 20, should I use the master branch of Trellis? Maybe I should just stick with Ubuntu 18 for now.
I was able to restore the /etc/nginx/ssl/letsencrypt/example.com.key from a previous Snapshot.
Now getting a 200 on curl http://example.com/.well-known/acme-challenge/ping.txt -w "%{http_code}".
Going to try cycling ssl: false, ssl: true again.
Now getting:
non-zero return code
The required CSR file /var/lib/letsencrypt/csrs/phytrehab.com-3224635.csr
does not exist. This could happen if you changed site_hosts and have not yet
rerun the letsencrypt role. Create the CSR file by re-provisioning (running
the Trellis server.yml playbook) with `--tags letsencrypt`
Interesting. Removed the www redirect from wordpress-sites.yml and got a lot further. on the letsencrypt tasks.
Failed at `non-zero return code
nginx: [emerg] "resolver" directive is duplicate in
/etc/nginx/h5bp/directive-only/ssl-stapling.conf:37
nginx: configuration file /etc/nginx/nginx.conf test failed.