New server - running the provision.
I get to the step: TASK [letsencrypt : Generate the initial certificate]
I then get the following errors:
Wrote file to /srv/www/letsencrypt/E0Yb8INcdx7dfxohNohuqNaPDCtwj7iL1Q9nlbD1Jbs, but couldn't download http://staging.domain.com/.well-known/acme-challenge/E0Yb8INcdx7dfxohNohuqNaPDCtwj7iL1Q9nlbD1Jbs"], "warnings": []}
You didn’t really give us much to go on here. Trellis version?
That error gives you some info to debug. Create a file in that path and see if you can access it via the URL.
Apologies.
Fresh install of trellis and bedrock and new server provision.
Mobile, but I’ll do that momentarily. Still confusing as to the manual step is needed.
Okay, so the problem seems obvious, but I don’t know what’s causing it.
I went to manually create the file, but in /srv/www - the domain isn’t there, only letsencrypt.
So obvioulsy the download fails to find the file, because the vhost doesn’t even exist.
Inside /etc/nginx/sites-available is also only letsencrypt-domain.com.conf
Again, this is a fresh install, fresh server.
Actually that’s expected at this point since Ansible failed before getting to the wordpress-setup role.
The tasks Create test Acme Challenge file and Test Acme Challenges passed without errors?
I deployed a brand new server about an hour ago with Let’s Encrypt and it all worked fine. Most common problem would be not having proper DNS records set up for the domain.
Further debugging - and a possible solution.
I’m using a paid SSL cert for domain.com.
I’m using LE for staging.domain.com.
I used domain.com as my key for dev, staging and production.
When I changed the key from domain.com to staging.domain.com for group_vars/staging the provision worked appropriately.
So, even though I was using domain.com as my key for all my domains, because it already had a non LE cert, it failed?
Was staging and production on the same server? Because then it would definitely make sense why this isn’t working. If you already have a paid SSL cert for a production it makes sense to have a wildcard cert as well and just use for the staging domain (if its a subdomain).
No sir, completely different servers.