Testing the new trellis version with Let’s Encrpt configured. I have an already provisioned production server, and I went ahead and did server provisioning for a staging site. Everything worked OK, rebooted and tested the production site again and all was fine.
I tried ./deploy.sh staging stg.mydomain.com
I got an error on Wordpress Installed? task. Looks like it can’t connect to the DB. I think that’s because I forgot to make the vault.yml site key match the wordpress_sites.yml. One said mydomain.com and the other was stg.mydomain.com. I fixed that, and tried to provision the staging setup again.
This time I got this error:
TASK [letsencrypt : Generate the initial certificate] **************************
fatal: [45.33.23.36]: FAILED! => {“changed”: false, “cmd”: ["./renew-certs.py"], “delta”: “0:00:01.209595”, “end”: “2016-03-24 14:31:57.735555”, “failed”: true, “rc”: 1, “start”: “2016-03-24 14:31:56.525960”, “stderr”: “”, “stdout”: “Generating certificate for stg.mydomain.com\nError while generating certificate for stg.mydomain.com\nParsing account key…\nParsing CSR…\nRegistering account…\nAlready registered!\nVerifying www.stg.mydomain.com…\nTraceback (most recent call last):\n File “/usr/local/letsencrypt/acme_tiny.py”, line 198, in \n main(sys.argv[1:])\n File “/usr/local/letsencrypt/acme_tiny.py”, line 194, in main\n signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)\n File “/usr/local/letsencrypt/acme_tiny.py”, line 123, in get_crt\n wellknown_path, wellknown_url))\nValueError: Wrote file to /srv/www/letsencrypt/iYEVJ8gUc-4QORNnMNQGRPLvPDROc-4pZHs5rjoRxL0, but couldn’t download http://www.stg.mydomain.com/.well-known/acme-challenge/iYEVJ8gUc-4QORNnMNQGRPLvPDROc-4pZHs5rjoRxL0”, “stdout_lines”: [“Generating certificate for stg.mydomain.com”, “Error while generating certificate for stg.mydomain.com”, “Parsing account key…”, “Parsing CSR…”, “Registering account…”, “Already registered!”, “Verifying www.stg.mydomain.com…”, “Traceback (most recent call last):”, " File “/usr/local/letsencrypt/acme_tiny.py”, line 198, in “, " main(sys.argv[1:])”, " File “/usr/local/letsencrypt/acme_tiny.py”, line 194, in main", " signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)", " File “/usr/local/letsencrypt/acme_tiny.py”, line 123, in get_crt", " wellknown_path, wellknown_url))", “ValueError: Wrote file to /srv/www/letsencrypt/iYEVJ8gUc-4QORNnMNQGRPLvPDROc-4pZHs5rjoRxL0, but couldn’t download http://www.stg.mydomain.com/.well-known/acme-challenge/iYEVJ8gUc-4QORNnMNQGRPLvPDROc-4pZHs5rjoRxL0”], “warnings”: []}
to retry, use: --limit @server.retry
It says it’s already registered. I also noticed that it references www.stg.mydomain.com. That isn’t configured in my DNS and don’t expect to use it. I added it anyways to my DNS, and ran provisioning again.
I got the same error the second time. What am I doing wrong?
Do I need to start from scratch on a server? The trellis version I was using was 3 months old for this particular test site. Just updated the test site to see how it works.
UPDATE
I ran it a third time, and all of a sudden it passed that step with no changes from me. It error’d out on another step. Found that had to do with needed nginx v1.9.2, and I was on 1.8.1. did a sudo apt-get upgrade and ran deploy again, now it is failing on :
Trigger nginx reload task
with the error “reload: Job is not running: nginx\n”
nginx is running currently.
UPDATE 2
Ugh. After just rebooting over and over and re-provisioning & deploying. It finally got all the way through.
However, I noticed there is a letsencrypt-mydomain.com.conf file in sites-enabled folder still. It points to my stg.mydomain.com folder. I can delete this manually and all is good, but what did I miss in the process?