Generating Let's encrypt certificates on staging fails

Hi,

I have the following setup:
macOs Mojave 10.14.6
ansible 2.8.4
latest version of trellis.
vagrant Vagrant 2.2.5
virtualbox 6.0.10

I have a working setup with vagrant and provisioned everything right on staging except the SSL part.

My wordpress_sites for staging looks like this:

wordpress_sites:
  staging.mywebsite.com:
    site_hosts:
      - canonical: staging.mywebsite.com
    local_path: ../mywebsite.com # path targeting local Bedrock site directory (relative to Ansible root)
    repo: git@github.com:company/mywebsite.com.git # replace with your Git repo URL
    repo_subtree_path: mywebsite.com
    branch: master
    multisite:
      enabled: false
    ssl:
      enabled: true
      provider: letsencrypt
    cache:
      enabled: false
    site_title: Title
    admin_user: adminuser
    admin_email: me@mywebsite.com
    db_create: false
    env:
      db_name: databasename
      db_user: dbuser
      db_host: dbhosturl.com

When I run the provision command, I get this error:

TASK [wordpress-setup : Generate self-signed certificates] ************************************************************************************************************************************************
skipping: [staging.mywebsite.com] => (item=staging.mywebsite.com)

non-zero return code
/bin/bash: -c: line 0: unexpected EOF while looking for matching )' /bin/bash: -c: line 10: syntax error: unexpected end of file failed: [staging.mywebsite.com] (item=no_default) => {"ansible_loop_var": "item", "changed": true, "cmd": "openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -sha256 -extensions req_ext -config <( cat <<' EOF'\n[req]\nprompt = no\ndistinguished_name = req_dn\n[req_dn]\ncommonName = example.com\n[req_ext]\nsubjectAltName = DNS:example.com\nEOF\n) -keyout no_default.key -out no_default.cert", "delta": "0:00:00.002713", "end": "2019-09-25 18:14:17.965171", "item": {"key": "no_default", "value": {"multisite": {}, "site_hosts": [{"canonical": "example.com"}], "ssl": {"enabled": true, "provider": "self-signed"}}}, "rc": 1, "start": "2019-09-25 18:14:17.962458", "stderr_lines": ["/bin/bash: -c: line 0: unexpected EOF while looking for matching)’", “/bin/bash: -c: line 10: syntax error: unexpected end of file”], “stdout”: “”, “stdout_lines”: []}

If I disable ssl everything works fine.

I don’t understand why:

  1. in the error I see example.com domain.
  2. It says “Generate self-signed certificates” even if I have set letsencrypt.
  3. Why it appears as a sintax error.

Any help is appreciated.

Thank you!

Do you have another site defined in wordpress_sites.yml looks like this:

no_default:
    site_hosts:
      - canonical:  example.com
    ssl:
      enabled: true
      provider: self-signed

No, I do not have such a site defined in any of the wordpress_sites.yml files.

I think this line added the default site - https://github.com/roots/trellis/blob/b7ecfeb8590a46283f231e8606bf2e05ea20c3f6/roles/wordpress-setup/tasks/self-signed-certificate.yml#L21

Self-signed certificates not being generated in development sees the syntax error as well.

Probably coming from https://github.com/roots/trellis/blob/b7ecfeb8590a46283f231e8606bf2e05ea20c3f6/roles/wordpress-setup/tasks/self-signed-certificate.yml#L3-L16

It looks like an Ansible version compatibility problem.

I have downgraded to Ansbile 2.7.12 and now it works as expected.

Previously I have tried with Ansible 2.8.5 and got the same error.

Can you test https://github.com/roots/trellis/pull/1110 with ansible v2.8.5?

Yes, works as expected now with this change and ansible 2.8.5

I already had the certs so I first run a provision with these, then deactivated ssl, provisioned again, and after activated SSL and provision again.

Looks good.

Thanks.

1 Like

This topic was automatically closed after 42 days. New replies are no longer allowed.