Roots Discourse

Enabling Letsencrypt fails

Hi everyone,

For some reason I had to disable SSL. Now, when I’m trying to get it up and running again, I get the error below. The message suggests that I should check the DNS records. They’re fine, since I had Let’s Encrypt working just days ago.

Can someone explain this to me?

failed: [dev.xxx.nl] => (item={u’stdout’: u’404’, u’cmd’: [u’curl’, u’-s’, u’-o’, u’/dev/null’, u’-w’, u’%{http_code}’, u’http://dev.xxx.nl/.well-known/acme-challenge/ping.txt’], u’end’: u’2016-04-12 14:19:24.389636’, ‘_ansible_no_log’: False, u’warnings’: [], u’changed’: False, u’start’: u’2016-04-12 14:19:24.229176’, u’delta’: u’0:00:00.160460’, ‘item’: [{u’multisite’: {u’enabled’: True, u’subdomains’: True}, u’env’: {u’domain_current_site’: u’dev.xxx.nl’, u’db_user’: u’medialog_user’, u’disable_wp_cron’: True, u’wp_siteurl’: u’https://dev.xxx.nl/wp’, u’db_name’: u’medialog_staging’, u’wp_env’: u’staging’, u’wp_home’: u’https://dev.xxx.nl’}, u’cache’: {u’duration’: u’30s’, u’enabled’: False}, u’repo’: u’git@bitbucket.org:xxx.git’, u’ssl’: {u’enabled’: True, u’provider’: u’letsencrypt’}, u’local_path’: u’…/medialog-multisite’, u’branch’: u’master’}, u’dev.xxx.nl’], u’rc’: 0, ‘invocation’: {‘module_name’: u’command’, u’module_args’: {u’creates’: None, u’executable’: None, u’chdir’: None, u’_raw_params’: u’curl -s -o /dev/null -w “%{http_code}” http://dev.xxx.nl/.well-known/acme-challenge/ping.txt’, u’removes’: None, u’warn’: False, u’_uses_shell’: False}}, ‘stdout_lines’: [u’404’], u’stderr’: u’’}) => {“failed”: true, “item”: {"_ansible_no_log": false, “changed”: false, “cmd”: [“curl”, “-s”, “-o”, “/dev/null”, “-w”, “%{http_code}”, “http://dev.xxx.nl/.well-known/acme-challenge/ping.txt”], “delta”: “0:00:00.160460”, “end”: “2016-04-12 14:19:24.389636”, “invocation”: {“module_args”: {"_raw_params": “curl -s -o /dev/null -w “%{http_code}” http://dev.xxx.nl/.well-known/acme-challenge/ping.txt”, “_uses_shell”: false, “chdir”: null, “creates”: null, “executable”: null, “removes”: null, “warn”: false}, “module_name”: “command”}, “item”: [{“branch”: “master”, “cache”: {“duration”: “30s”, “enabled”: false}, “env”: {“db_name”: “medialog_staging”, “db_user”: “medialog_user”, “disable_wp_cron”: true, “domain_current_site”: “dev.xxx.nl”, “wp_env”: “staging”, “wp_home”: “https://dev.xxx.nl”, “wp_siteurl”: “https://dev.xxx.nl/wp”}, “local_path”: “…/medialog-multisite”, “multisite”: {“enabled”: true, “subdomains”: true}, “repo”: "git@bitbucket.org:xxx.git", “ssl”: {“enabled”: true, “provider”: “letsencrypt”}}, “dev.xxx.nl”], “rc”: 0, “start”: “2016-04-12 14:19:24.229176”, “stderr”: “”, “stdout”: “404”, “stdout_lines”: [“404”], “warnings”: []}, “msg”: “Could not access the challenge file for the domain: dev.xxx.nl. Let’s Encrypt requires every domain/host be publicly accessible. Make sure that a valid DNS record exists for dev.xxx.nl and that it points to this server’s IP. If you don’t want this domain in your SSL certificate, then remove it from site_hosts. See https://roots.io/trellis/docs/ssl for more details.\n”}

Sounds like you’re running into the same issue as this thread: LetsEncrypt Acme Challenge error

See my solution there.

That doesn’t seem to work for me. Removing my site.conf only gave the same error, removing the no_default.conf as well gives me a new error. (Just so you know: I have only a very basic understanding of nginx etc.)

failed: [dev.xxx.nl] => (item=({u’multisite’: {u’enabled’: True, u’subdomains’: True}, u’env’: {u’domain_current_site’: u’dev.xxx.nl’, u’db_user’: u’medialog_user’, u’disable_wp_cron’: True, u’wp_siteurl’: u’https://dev.xxx.nl/wp’, u’db_name’: u’medialog_staging’, u’wp_env’: u’staging’, u’wp_home’: u’https://dev.xxx.nl’}, u’cache’: {u’duration’: u’30s’, u’enabled’: False}, u’repo’: u’git@bitbucket.org:reconcept/medialog-multisite.git’, u’ssl’: {u’enabled’: True, u’provider’: u’letsencrypt’}, u’local_path’: u’…/medialog-multisite’, u’branch’: u’master’}, u’dev.xxx.nl’)) => {“changed”: false, “cmd”: [“curl”, “-s”, “-o”, “/dev/null”, “-w”, “%{http_code}”, “http://dev.xxx.nl/.well-known/acme-challenge/ping.txt”], “delta”: “0:00:00.068572”, “end”: “2016-04-12 14:52:38.782318”, “failed”: true, “item”: [{“branch”: “master”, “cache”: {“duration”: “30s”, “enabled”: false}, “env”: {“db_name”: “medialog_staging”, “db_user”: “medialog_user”, “disable_wp_cron”: true, “domain_current_site”: “dev.xxx.nl”, “wp_env”: “staging”, “wp_home”: “https://dev.xxx.nl”, “wp_siteurl”: “https://dev.xxx.nl/wp”}, “local_path”: “…/medialog-multisite”, “multisite”: {“enabled”: true, “subdomains”: true}, “repo”: "git@bitbucket.org:reconcept/medialog-multisite.git", “ssl”: {“enabled”: true, “provider”: “letsencrypt”}}, “dev.xxx.nl”], “rc”: 52, “start”: “2016-04-12 14:52:38.713746”, “stderr”: “”, “stdout”: “000”, “stdout_lines”: [“000”], “warnings”: []}

Heck, the other solution suggested in that thread does work: reversing the order of the server.yml tasks!

1 Like

I also ran into this problem. The site is relatively young and unvisited so I just rebuilt my droplet and re-provisioned, but I imagine as LetsEncrypt catches on, more and more users will want to reprovision existing servers to add SSL --is this something Trellis could support in the future?

(20 characters for discourse)

1 Like