I’m faced with a similar issue as in LetsEncrypt: Could Not Access Challenge File
The Trellis install at hand looks to be somehow “in limbo” for the letsencrypt challenge conf files of a staging subdomain.
domain.com has SSL in place and it works.
While ansible-playbook server.yml -e env=staging
runs for sub.domain.com, it starts skipping where the files would be created:
TASK [letsencrypt : Get list of hosts in current Nginx conf] ********************************
ok: [ip.address] => (item=sub.domain.com)
TASK [letsencrypt : Create needed Nginx confs for challenges] *******************************
skipping: [ip.address] => (item=sub.domain.com)
TASK [letsencrypt : Enable Nginx sites] *****************************************************
skipping: [ip.address] => (item=sub.domain.com)
TASK [letsencrypt : reload nginx] ***********************************************************
skipping: [ip.address]
TASK [letsencrypt : perform nginx reload] ***************************************************
skipping: [ip.address]
This results in no files for sub.domain.com at /var/lib/letsencrypt
.
Similar to the linked post, I set up DNS for sub2.domain.com and changed site keys in group_vars/staging/wordpress_sites.yml and group_vars/staging/vault.yml, and everything worked the first try.
I’d prefer using the initial subdomain, as my test suite expects it, but more than that, I’d like to understand what’s going on and / or find a way to fix this.
Since the run is skipping the needed task “Create needed Nginx confs for challenges”, is it a terribly bad idea to comment out the conditions for it and run the tag “letsencrypt” once?
Thanks in advance!
EDIT: Forgot to mention that to reduce downtime, I initially provisioned the server with SSL disabled. Once DNS was ready, I re-provisioned with SSL enabled. Worked for production, but not for staging.