Could not access the challenge file for the hosts/domains: www.example.com

mZoo · November 10, 2020, 1:01am

Thanks. I had found that template file, (and also see it geerated at shared/source/trellis/roles/letsencrypt/templates/renew-certs.py) but was thinking it is supposed to turn into a hard-coded script with the literal emails in it. No?

strarsis · November 10, 2020, 1:17am

You have to apply the Trellis ansible playbook on the server for provisioning.
During provisioning this python script file is indeed generated and put onto the server so it can be regularly invoked (cron) for renewing the certificates via Let’s Encrypt.

mZoo · November 10, 2020, 1:27am

Thank you. That’s what I thought. But where on the server is it put?

strarsis · November 10, 2020, 2:26am

Trellis should place it under /var/lib/letsencrypt/renew-certs.py.
Note: You need root (sudo as the Trellis admin user) in order to list the directories and the file itself.

swalkinshaw · November 10, 2020, 3:55am

@mZoo were you just curious where it ended up? Just wondering… because it shouldn’t really matter. Or did you think it was causing an issue?

mZoo · November 10, 2020, 4:06am

Curious, but more importantly wanting to confirm that the file is where and what it is supposed to be:

--contact mailto:still_employed@mzoo.org mailto:my_buddy@colleague.com mailto:worried.manager@owner.com

Does that look right? No separator (aside from the whitespace) necessary in the python file?

Update

(Fairly confident this is correct)

mZoo · November 10, 2020, 1:31pm

Seeing now that

In roles/letsencrypt/defaults/main.yml locations/paths are configured

acme_tiny_software_directory: /usr/local/letsencrypt
acme_tiny_data_directory: /var/lib/letsencrypt
acme_tiny_challenges_directory: "{{ www_root }}/letsencrypt"

In roles/letsencrypt/tasks/certificates.yml the script is generated

- name: Generate certificate renewal script
  template:
    src: renew-certs.py
    dest: "{{ acme_tiny_data_directory }}/renew-certs.py"
    mode: 0700
  tags: [wordpress, wordpress-setup, wordpress-setup-nginx, nginx-includes]

In roles/letsencrypt/tasks/main.yml cron job/file is generated

- name: Install cronjob for key generation
  cron:
    cron_file: letsencrypt-certificate-renewal
    name: letsencrypt certificate renewal
    user: root
    job: cd {{ acme_tiny_data_directory }} && ./renew-certs.py ; /usr/sbin/service nginx reload
    day: "{{ letsencrypt_cronjob_daysofmonth }}"
    hour: "4"
    minute: "30"
    state: present

swalkinshaw · November 10, 2020, 4:58pm

@mZoo sorry I’m a bit lost at this point. What’s the status at this point? If it’s not working, what the behaviour that you’re seeing?

mZoo · November 10, 2020, 10:08pm

No need to be sorry, @swalkinshaw. All is great. I had wanted to clarify where the LetsEncrypt emails ended up (and have).

Is there a recommended way to test that the renewal script is successfully provisioned and configured?

system · December 21, 2020, 4:30pm

This topic was automatically closed after 42 days. New replies are no longer allowed.