Error on Generate strong unique Diffie-Hellman group

anon21078981 · March 20, 2018, 4:42pm

Hello, I get this error when attempting to provision my development environment.

TASK [nginx : Generate strong unique Diffie-Hellman group.] ********************
System info:
  Ansible 2.4.3.0; Vagrant 2.0.2; Darwin
  Trellis at "Add support for includes.d on all sites"
---------------------------------------------------
The conditional check 'sites_use_ssl' failed. The error was: error while
evaluating conditional (sites_use_ssl): 'sites_use_ssl' is undefined

The error appears to have been in
'/path/trellis/roles/nginx/tasks/main.yml':
line 19, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: Generate strong unique Diffie-Hellman group.
  ^ here

fatal: [default]: FAILED! => {}

ben · March 20, 2018, 4:55pm

This was added with Add Nginx ssl.no-default.conf to drop requests for unknown hosts by fullyint · Pull Request #888 · roots/trellis · GitHub

Did you update Trellis and miss some things?

anon21078981 · March 20, 2018, 6:25pm

It’s a fresh Trellis install. I tried with self-signed, letsencrypt and with SSL off. The error appears either way.

fullyint · March 20, 2018, 7:13pm

As implied by @ben, could you double-check that your group_vars/all/helpers.yml has the sites_use_ssl variable definition?

Sometimes people clone or update Trellis, then copy in their existing group_vars files, not realizing the copying effectively removes vars that were new in group_vars.

Some related discussion…

anon21078981 · March 21, 2018, 11:16am

Indeed, that was the issue. Thanks!

axyzzz · June 15, 2018, 6:11pm

Hi!

I have a similar question but not identical.
Not sure if it’s best to post here or to start a new thread.

I have a problem with ‘dict object’

The conditional check ‘sites_use_ssl’ failed. The error was: error while
evaluating conditional (sites_use_ssl): ‘dict object’ has no attribute ‘ssl’
The error appears to have been in
‘/Users/axyz/sites/navfe2.com/trellis/roles/nginx/tasks/main.yml’: line 19,
column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:

name: Generate strong unique Diffie-Hellman group.
^ here
fatal: [209.97.135.68]: FAILED! => {}

Have you got a clue?

Regards,
Christofer

alwaysblank · June 15, 2018, 8:54pm

What have you tried so far? Have you tried @fullyint’s advice:

axyzzz · June 15, 2018, 9:05pm

Thanks
The problem was in
…/trellis/group_vars/production/wordpress_sites.yml
I just rewrote the lines and the Diffie_Hellman problem went away.

And directly ran into this:
Could not access the challenge file for the hosts/domains:

alwaysblank · June 15, 2018, 9:23pm

Your server needs to be publicly accessible on the domain you’re attempting to generate a certificate for in order for Let’s Encrypt to generate a certificate.

MWDelaney · June 16, 2018, 3:19pm

To add on to @alwaysblank’s answer, you can provision a server with SSL set to false and then repoint DNS, and reprovision with SSL set to true after propagation completes. This is completely safe and it’s how I tend to launch sites. The world sees a non-SSL version of the site for about 10 minutes while DNS and provisioning catch up.

axyzzz · June 16, 2018, 8:08pm

Thanks both
Sounds like the way to go.