I’ve got a live site that is working fine without SSL. I now would like to enable SSL on the site as the domain is pointed to the site. I’ve done this before without issue but I’m hitting errors with this site. I can switch between SSL and non-SSL on the staging site fine but if I reprovision the live site with SSL enabled, I get either:
TASK [nginx : Generate strong unique Diffie-Hellman group.] ********************
System info:
Ansible 2.2.1.0; Darwin
Trellis at "Require Ansible 2.2.0.0 or greater"
---------------------------------------------------
openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0: version
`OPENSSL_1.0.2g' not found (required by openssl)
fatal: [46.101.29.85]: FAILED! => {"changed": true, "cmd": ["openssl", "dhparam", "-out", "dhparams.pem", "2048"], "delta": "0:00:00.002478", "end": "2017-02
-20 23:02:16.145815", "failed": true, "rc": 1, "start": "2017-02-20 23:02:16.143337", "stderr": "openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0: versi
on `OPENSSL_1.0.2g' not found (required by openssl)", "stdout": "", "stdout_lines": [], "warnings": []}
or
TASK [letsencrypt : Generate the certificates] *********************************
System info:
Ansible 2.2.1.0; Darwin
Trellis at "Require Ansible 2.2.0.0 or greater"
---------------------------------------------------
fatal: [46.101.29.85]: FAILED! => {"changed": false, "cmd": ["./renew-certs.py"], "delta": "0:00:00.082188", "end": "2017-02-21 00:01:58.518737", "failed": t
rue, "rc": 1, "start": "2017-02-21 00:01:58.436549", "stderr": "", "stdout": "Generating certificate for constantenergy.net\nError while generating certifica
te for constantenergy.net\nTraceback (most recent call last):\n File \"/usr/local/letsencrypt/acme_tiny.py\", line 198, in <module>\n main(sys.argv[1:])\
n File \"/usr/local/letsencrypt/acme_tiny.py\", line 194, in main\n signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.c
a)\n File \"/usr/local/letsencrypt/acme_tiny.py\", line 26, in get_crt\n raise IOError(\"OpenSSL Error: {0}\".format(err))\nIOError: OpenSSL Error: opens
sl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0: version `OPENSSL_1.0.2g' not found (required by openssl)", "stdout_lines": ["Generating certificate for con
stantenergy.net", "Error while generating certificate for constantenergy.net", "Traceback (most recent call last):", " File \"/usr/local/letsencrypt/acme_ti
ny.py\", line 198, in <module>", " main(sys.argv[1:])", " File \"/usr/local/letsencrypt/acme_tiny.py\", line 194, in main", " signed_crt = get_crt(arg
s.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)", " File \"/usr/local/letsencrypt/acme_tiny.py\", line 26, in get_crt", " raise IOError(\
"OpenSSL Error: {0}\".format(err))", "IOError: OpenSSL Error: openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0: version `OPENSSL_1.0.2g' not found (requ
ired by openssl)"], "warnings": []}
Any ideas? It’s a very recent (Trellis 0.9.9) and pretty vanilla Trellis setup.