Issue with SSL challenges while provisioning production

Jack_Kudla · March 14, 2022, 2:05am

Cant get past the letsencrypt challenge. This is a new google domain so this may just be a propagation issue but I have an a DNS record with www pointing to my server on digitalocean.

I provisioned without the www redirect in my wordpress_sites.yml file without a problem.


TASK [letsencrypt : Test Acme Challenges] **************************************
System info:
  Ansible 2.10.16; Darwin
  Trellis 1.14.0: February 16th, 2022
---------------------------------------------------
failed: [159.203.12.179] (item=walkswithgrace.com) => {"ansible_loop_var": "item", "changed": false, "failed_hosts": ["www.walkswithgrace.com"], "item": {"key": "walkswithgrace.com", "value": {"branch": "master", "cache": {"enabled": true}, "local_path": "../site", "multisite": {"enabled": false}, "repo": "git@github.com:mindstomedia/walkswithgrace.git", "repo_subtree_path": "site", "site_hosts": [{"canonical": "walkswithgrace.com", "redirects": ["www.walkswithgrace.com"]}], "ssl": {"enabled": true, "provider": "letsencrypt"}}}, "rc": 1}
...ignoring

TASK [letsencrypt : Notify of challenge failures] ******************************
System info:
  Ansible 2.10.16; Darwin
  Trellis 1.14.0: February 16th, 2022
---------------------------------------------------
Could not access the challenge file for the hosts/domains:
www.walkswithgrace.com. Let's Encrypt requires every domain/host be publicly
accessible. Make sure that a valid DNS record exists for
www.walkswithgrace.com and that they point to this server's IP. If you don't
want these domains in your SSL certificate, then remove them from
`site_hosts`. See https://roots.io/trellis/docs/ssl for more details.
failed: [159.203.12.179] (item=walkswithgrace.com) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": false, "failed": true, "failed_hosts": ["www.walkswithgrace.com"], "invocation": {"module_args": {"file": "ping.txt", "hosts": ["walkswithgrace.com", "www.walkswithgrace.com"], "path": ".well-known/acme-challenge"}}, "item": {"key": "walkswithgrace.com", "value": {"branch": "master", "cache": {"enabled": true}, "local_path": "../site", "multisite": {"enabled": false}, "repo": "git@github.com:mindstomedia/walkswithgrace.git", "repo_subtree_path": "site", "site_hosts": [{"canonical": "walkswithgrace.com", "redirects": ["www.walkswithgrace.com"]}], "ssl": {"enabled": true, "provider": "letsencrypt"}}}, "rc": 1}}

strarsis · March 14, 2022, 1:17pm

How long was the DNS record addition/modification?
DNS information needs some time to propagate (I know, some don’t want to call it “propagation”).
You can test it with a tool like this one: https://www.whatsmydns.net/