LE problem with older version of Trellis (0.9.8: August 14th, 2016)

gilad · December 17, 2018, 9:31pm

We have an older Trellis project (0.9.8: August 14th, 2016) that did not have SSL enabled when first released.

Changing SSL to enabled results in the following (under ``):

fatal: [IP.ADDRESS.HERE]: FAILED! => {"changed": false, "cmd": ["./renew-certs.py"], "delta": "0:00:00.375393", "end": "2018-12-17 20:50:54.533664", "failed": true, "rc": 1, "start": "2018-12-17 20:50:54.158271", "stderr": "", "stdout": "Generating certificate for domainname.com\nError while generating certificate for domainname.com\nParsing account key...\nParsing CSR...\nRegistering account...\nTraceback (most recent call last):\n File \"/usr/local/letsencrypt/acme_tiny.py\", line 198, in <module>\n main(sys.argv[1:])\n File \"/usr/local/letsencrypt/acme_tiny.py\", line 194, in main\n signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)\n File \"/usr/local/letsencrypt/acme_tiny.py\", line 92, in get_crt\n raise ValueError(\"Error registering: {0} {1}\".format(code, result))\nValueError: Error registering: 400 {\n \"type\": \"urn:acme:error:malformed\",\n \"detail\": \"Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]\",\n \"status\": 400\n}", "stdout_lines": ["Generating certificate for domainname.com", "Error while generating certificate for domainname.com", "Parsing account key...", "Parsing CSR...", "Registering account...", "Traceback (most recent call last):", " File \"/usr/local/letsencrypt/acme_tiny.py\", line 198, in <module>", " main(sys.argv[1:])", " File \"/usr/local/letsencrypt/acme_tiny.py\", line 194, in main", " signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)", " File \"/usr/local/letsencrypt/acme_tiny.py\", line 92, in get_crt", " raise ValueError(\"Error registering: {0} {1}\".format(code, result))", "ValueError: Error registering: 400 {", " \"type\": \"urn:acme:error:malformed\",", " \"detail\": \"Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]\",", " \"status\": 400", "}"], "warnings": []}

All redirects resolve to the same IP address.

I see a couple of complaints about “provided agreement URL” not matching the newer “current agreement URL”… Is this the actual issue? If so, how do I fix without risking similar behavior in future reprovision actions?

gilad · December 17, 2018, 10:08pm

Writing out the above gave me clarity on the question I should have been asking of Mr Google, and I found the answer: Merge pull request #921 from MWDelaney/master

Thank you all for being my rubber duckies.

system · January 28, 2019, 9:31pm

This topic was automatically closed after 42 days. New replies are no longer allowed.