Roots Discourse

DIgital Ocean + Ubuntu 18.04 + Lets Encrypt Provision failing


#1

Hi Team,

I tried many times by destroying droplet and with fresh setup of trellis, But whenever I enabled SSL(letsencrypt), provision is falling with below error.
Without SSL both provisioning and deployment are success.

I also tried by switching below lines in server.yml, but no luck :tired_face:

  • { role: wordpress-setup, tags: [wordpress, wordpress-setup, letsencrypt] }
  • { role: letsencrypt, tags: [letsencrypt], when: sites_using_letsencrypt | count }

Provision Error - AnsibleUndefinedVariable:
NOTE: Replaced quicktorial.com to quicktorialcom, due to post rules.

TASK [wordpress-setup : Copy SSL cert] *******************************************************************************************************************************************
skipping: [157.230.128.248] => (item=quicktorialcom)

TASK [wordpress-setup : Copy SSL key] ********************************************************************************************************************************************
skipping: [157.230.128.248] => (item=quicktorialcom)

TASK [wordpress-setup : disable temporary challenge sites] ***********************************************************************************************************************
ok: [XXX.230.128.248] => (item=quicktorialcom)

TASK [wordpress-setup : Create Nginx available sites] ****************************************************************************************************************************
changed: [XXX.230.128.248] => (item={‘src’: ‘no-default.conf.j2’})
changed: [XXX.230.128.248] => (item={‘src’: ‘ssl.no-default.conf.j2’, ‘enabled’: True})

TASK [wordpress-setup : Enable or disable Nginx sites] ***************************************************************************************************************************
changed: [XXX.230.128.248] => (item={‘src’: ‘no-default.conf.j2’})
changed: [XXX.230.128.248] => (item={‘src’: ‘ssl.no-default.conf.j2’, ‘enabled’: True})

TASK [wordpress-setup : Create Nginx conf for challenges location] ***************************************************************************************************************
changed: [XXX.230.128.248]

TASK [wordpress-setup : Create WordPress configuration for Nginx] ****************************************************************************************************************
System info:
Ansible 2.7.5; Darwin
Trellis 1.0.0: December 27th, 2018

AnsibleUndefinedVariable: ‘dict object’ has no attribute ‘quicktorialcom’
failed: [157.230.128.248] (item=quicktorialcom) => {“changed”: false, “item”: {“key”: “quicktorialcom”, “value”: {“branch”: “master”, “cache”: {“enabled”: true}, “local_path”: “…/site”, “multisite”: {“enabled”: false}, “repo”: "git@github.com:NallaRK/quicktorial.git", “repo_subtree_path”: “site”, “site_hosts”: [{“canonical”: “quicktorialcom”, “redirects”: [“www.quicktorialcom”]}], “ssl”: {“enabled”: true, “provider”: “letsencrypt”}}}}

RUNNING HANDLER [common : restart memcached] *************************************************************************************************************************************
changed: [157.230.128.248]

I double checked all my configuration, it looks good for me, but must be missing something, please take a look and help me out - Thank you!

production - wordpress_sites.yml:

wordpress_sites:
  quicktorial.com:
    site_hosts:
      - canonical: quicktorial.com
        redirects:
          - www.quicktorial.com
    local_path: ../site # path targeting local Bedrock site directory (relative to Ansible root)
    repo: git@github.com:NallaRK/quicktorial.git # replace with your Git repo URL
    repo_subtree_path: site # relative path to your Bedrock/WP directory in your repo
    branch: master
    multisite:
      enabled: false
    ssl:
      enabled: true
      provider: letsencrypt
    cache:
      enabled: true

staging - wordpress_sites.yml:
No changes, left as is, as I don’t need of any staging server at this moment.

development - wordpress_sites.yml:
Modified as per document and working as expected.


#2

You missed a spot — check your vault.yml file and update example.com to your new site name

See https://roots.io/trellis/docs/wordpress-sites/


#3

Thanks for reply, I already updated example.com to mysite.com in all below locations.

  • development/wordpress_sites.yml
  • development/vault.yml
  • production/wordpress_sites.yml
  • production/vault.yml

Tried again by creating droplet again, but no luck, still same error:

TASK [wordpress-setup : Create WordPress configuration for Nginx] ****************************************************************************************************************
System info:
  Ansible 2.7.5; Darwin
  Trellis 1.0.0: December 27th, 2018
---------------------------------------------------
AnsibleUndefinedVariable: 'dict object' has no attribute 'quicktorial.com'
failed: [157.230.129.182] (item=quicktorial.com) => {"changed": false, "item": {"key": "quicktorial.com", "value": {"branch": "master", "cache": {"enabled": true}, "local_path": "../site", "multisite": {"enabled": false}, "repo": "git@github.com:NallaRK/quicktorial.git", "repo_subtree_path": "site", "site_hosts": [{"canonical": "quicktorial.com", "redirects": ["www.quicktorial.com"]}], "ssl": {"enabled": true, "provider": "letsencrypt"}}}}

This is my git repo, please take a look if needed.


I have decrypted production vault.yml, it looks good to me:

    # Documentation: https://roots.io/trellis/docs/vault/
    vault_mysql_root_password: "somepassword"

    # Documentation: https://roots.io/trellis/docs/security/
    vault_users:
      - name: "{{ admin_user }}"
        password: "somepassword"
        salt: "somepassword"

    # Variables to accompany `group_vars/production/wordpress_sites.yml`
    # Note: the site name (`example.com`) must match up with the site name in the above file.
    vault_wordpress_sites:
      quicktorial.com:
        env:
          db_password: "somepassword"
          # Generate your keys here: https://roots.io/salts.html
          auth_key: "somepassword"
          secure_auth_key: "somepassword"
          logged_in_key: "somepassword"
          nonce_key: "somepassword"
          auth_salt: "somepassword"
          secure_auth_salt: "somepassword"
          logged_in_salt: "somepassword"
          nonce_salt: "somepassword"

#4

I wouldn’t be suprised if it’s the special characters in your password: R@shrk_3-3-_QUI.
Maybe try removing the dashes and/or underscores?

Also I wouldn’t use the same password for all of your services (users, database etc) and I would change your password anyway since it’s public now!


#5

There’s definitely some mismatch in configuration going here, but I can’t immediately tell what’s wrong :pensive:


#6

Couple of things worth a shot:

  1. Remove the double quotes surrounding password values like so (not salts):
# Documentation: https://roots.io/trellis/docs/vault/
vault_mysql_root_password: R@shrk_3-3-_QUI

# Documentation: https://roots.io/trellis/docs/security/
vault_users:
  - name: "{{ admin_user }}"
    password: R@shrk_3-3-_QUI
    salt: "R@shrk_3-3-_QUI"

# Variables to accompany `group_vars/production/wordpress_sites.yml`
# Note: the site name (`example.com`) must match up with the site name in the above file.
vault_wordpress_sites:
  quicktorial.com:
    env:
      db_password: R@shrk_3-3-_QUI
      # Generate your keys here: https://roots.io/salts.html
      auth_key: "mT,^Y!*ttCZa;6b*=c`wBRv#3CG`ZT_|xNclt1REFn)w{a8}V_W!*uX%9/*-Xv[X"
      secure_auth_key: "}pSl+wbvMj(<?*%w0cysfJB_J4*9x%xQ^Wu@02bqR(MnTjiz3b#=|[+.M[8pS){&"
      logged_in_key: "f[DsUaQ<XMpSGk.hacgXnTI@A`TVNzGxk*p1T0%Hunk);E8?rF`.{wD)pG7j^zq^"
      nonce_key: "[x?$IPxsZe|Nxij]bT3*0jf[,Wf:beC?{FNhfFyf0D$eB&=]:3JktN&Zse&Ez0.x"
      auth_salt: "`y0<jCy$[tyOz+wl/S`4((nMSCI0_9o/&y,K`HZaSgP_]yoYZFe#Q(39hn(DxLSv"
      secure_auth_salt: "&;]R%yb/B5FK}V>BvF<QY;]q$3v:#d:XYGKGgyYj.OI)Gf?3!BoY)D_.JENIUHG|"
      logged_in_salt: "A/iV^EeR:0-D&fv6,OA3(}%A%?w&}r)u,jO2$D?u[+jscf#NbZdrp9%z,OqUhg|r"
      nonce_salt: "Mnr8$sV<*VzisMEyx58.(9,&c{{/hJt87axvFM}?c)5/V=T$p1Tbr)XaO::JjA+N"
  1. As Twansparant suggested, remove hyphens and underscores in passwords in favour of other characters

  2. Generate salts without special characters, on occasion some combinations of salts have caused similar issues when the vault is encrypted


#7

Thank you for taking time to check my issue.

I have changed all passwords to simple characters, now all my passwords including salts are simple, just includes ‘@’ special character. But no luck, :tired_face:

I also recreated the droplet, but provision failed again with same error again and again. Let me know if I can provide any information, so that it would be easy for your guys to debug.

TASK [wordpress-setup : Create WordPress configuration for Nginx] ****************************************************************************************************************
System info:
  Ansible 2.7.5; Darwin
  Trellis 1.0.0: December 27th, 2018
---------------------------------------------------
AnsibleUndefinedVariable: 'dict object' has no attribute 'quicktorial.com'
failed: [157.230.156.57] (item=quicktorial.com) => {"changed": false, "item": {"key": "quicktorial.com", "value": {"branch": "master", "cache": {"enabled": true}, "local_path": "../site", "multisite": {"enabled": false}, "repo": "git@github.com:NallaRK/quicktorial.git", "repo_subtree_path": "site", "site_hosts": [{"canonical": "quicktorial.com", "redirects": ["www.quicktorial.com"]}], "ssl": {"enabled": true, "provider": "letsencrypt"}}}}

#8

Let me know if I can provide you with any information, so that it would be easy for you to debug.
Please take a look of my repo with config changes,