Thank you sir!
I still have the problem.
One of my certificates expires tomorrow mar/02, but my site already have the privacy error.
I try every single solution posted in here, but still no results.
Certificate file /etc/nginx/ssl/letsencrypt/xxxxx.cert already exists Generating certificate for xxxxx.xxxx Error while generating certificate for xxxxx.xxxx Parsing account key... Parsing CSR... Registering account... Already registered! Verifying orei.org... Traceback (most recent call last): File "/usr/local/letsencrypt/acme_tiny.py", line 198, in <module> main(sys.argv[1:]) File "/usr/local/letsencrypt/acme_tiny.py", line 194, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca) File "/usr/local/letsencrypt/acme_tiny.py", line 123, in get_crt wellknown_path, wellknown_url)) ValueError: Wrote file to /srv/www/letsencrypt/LIAgjwgNlBXLrmnfNys_a8i1sFIsNLj_ac2rHZ374BM, but couldn't download http:// xxxxx.xxxx/.well-known/acme-challenge/LIAgjwgNlBXLrmnfNys_a8i1sFIsNLj_ac2rHZ374BM
How recent is your Trellis version?
It might be fastest to back up your database and uploads and try reprovisioning your server with a fresh copy of Trellis (and all your configs, of course).
Here’s a quick overview of how I update Trellis. There are better ways but this is fast:
Copy the following out of your Trellis directory:
.vault_pass ansible.cfg /group_vars /deploy-hooks /hosts
Delete everything in your Trellis directory
Clone Trellis from source into your Trellis directory
Copy back in and overwrite the following:
.vault_pass ansible.cfg /group_vars/development /group_vars/staging /group_vars/production /group_vars/all/mail.yml /group_vars/all/vault.yml /deploy-hooks /hosts
Then back up your database and uploads again!!! and rebuild and reprovision your server.
It was not me that make the installation and i never used trellis before…
One off my problems is that the
ansible-playbook server.yml -e env=production -K --tags letsencrypt not run cause do not find the
server.yml. Where i run this command?
About the version, how i get this information?
And there’s no way to install a fresh copy of trellis right now
Hello everyone, I got an issue.
My SSL renewal crashed yesterday.
I was able to do it manually today with this command which works perfectly ansible-playbook server.yml -e env=production -K --tags letsencrypt
However, I’m still interested in the automatic renewal!
I found out in the log that the process might have failed because of this -> ocsp.int-x3.letsencrypt.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org
When I tried to access the folder (as root and web users) /var/lib/letsencrypt, the response was ‘Permission denied’.
Can someone help me with this? Please ask me if you need more details.
Thanks a lot,
@MWDelaney is this still a valid option to update trellis?
i saw that it is an old post (2017) but if it is still a valid option, i will try this way because it sounds straightforward to me.
I am also wondering if this is still valid. I have some rather projects from the last 6 months to a year where the LE SSL is not being auto-renewed.
I would also like to know if the way @MWDelaney guides on trellis updating is still valid. I’d be happy to simply replace my current trellis files with a new one, just want to confirm which files are too be kept and restored.
If you haven’t customized any other files within Trellis (which ideally you shouldn’t) then yes that process is basically correct and the easiest way.
Thanks @swalkinshaw for confirming this.
I’ll be attempting this over the weekend on a project.
I stumbled upon this issue today. A client notified me that the certificate was about to expire, so I went to investigate.
Seems like I’ve already applied the fix, but that it failed to run the cron job:
cat /etc/cron.d/letsencrypt-certificate-renewal #Ansible: letsencrypt certificate renewal 30 4 1,11,21 * * root cd /var/lib/letsencrypt && ./renew-certs.py && /usr/sbin/service nginx reload
Running it manually (as root), I had no issues:
cd /var/lib/letsencrypt && ./renew-certs.py && /usr/sbin/service nginx reload Certificate file /etc/nginx/ssl/letsencrypt/domain.tld-933ed6e-bundled.cert already exists Generating certificate for domain.tld Created certificate for domain.tld
Is it possible that the cron job simply is not running? How can I debug?
Make sure you’ve reprovisioned the server since updating Trellis. That should fix the cron job, too.