Latest release — cannot provision remote server: letsencrypt error — File "./renew-certs.py", line 13

artshostak · April 7, 2020, 11:29pm

Updated Trellis and Bedrock this morning.
Running latest release and Ansible 2.9.6 (but tried with a variety of other versions)

TASK [letsencrypt : Generate certificate renewal script] ***********************************************************************************************************************************************************************************************************************
ok: [sitename]

TASK [letsencrypt : Generate the certificates] *********************************************************************************************************************************************************************************************************************************
System info:
  Ansible 2.9.6; Darwin
  Trellis version (per changelog): "Support Ansible 2.9"
---------------------------------------------------
non-zero return code
Traceback (most recent call last):
  File "./renew-certs.py", line 13, in <module>
    bundled_cert_path = os.path.join('/etc/nginx/ssl/letsencrypt', site + '-'
+ letsencrypt_cert_ids[site] + '-bundled.cert')
KeyError: 'sitename.com'
fatal: [sitename]: FAILED! => {"changed": false, "cmd": ["./renew-certs.py"], "delta": "0:00:00.020800", "end": "2020-04-07 23:21:45.936900", "rc": 1, "start": "2020-04-07 23:21:45.916100", "stderr_lines": ["Traceback (most recent call last):", "  File \"./renew-certs.py\", line 13, in <module>", "    bundled_cert_path = os.path.join('/etc/nginx/ssl/letsencrypt', site + '-' + letsencrypt_cert_ids[site] + '-bundled.cert')", "KeyError: 'sitename.com'"], "stdout": "", "stdout_lines": []}

For some reason it is skipping the task that will set that generate_cert_ids variables but it is running a task that depends on that. The said file (“renew-certs.py”) has an empty { } under the output of “generate_cert_ids” on the production server.

Site is no longer accessible via: https://sitename.com/
If I set the “ssl: false” it provisions just fine.

Any help would be greatly appreciated! Thanks,

Art

swalkinshaw · April 8, 2020, 1:56am

Do you know what version/commit you updated from? That would be helpful is trying to figure out what broke it.

swalkinshaw · April 8, 2020, 2:10am

Oddly enough I found a potential issue with https://github.com/roots/trellis/pull/1175 but according to your output you didn’t update to that commit yet. Regardless, I’m fixing that now.

swalkinshaw · April 8, 2020, 2:16am

I have a fix up for that here: https://github.com/roots/trellis/pull/1176

However as I said it appears you didn’t update to that commit. I ran that generate_cert_ids task as of the version you were on (“Support Ansible 2.9”) and it worked:

TASK [debug] ***************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "letsencrypt_cert_ids": {
        "example.com": "7b6f0f2"
    }
}

artshostak · April 8, 2020, 9:19pm

That did it, really appreciate that Scott — please mark as resolved.

system · May 19, 2020, 11:35pm

This topic was automatically closed after 42 days. New replies are no longer allowed.