I’ve been baffled with this bug for about 24hrs straight at this point. Feeling slightly delirious, so if anyone could point me in the right direction, would be much appreciated.
I’ve been having issues whenever I generate a LetsEncrypt SSL on a staging/production server @ bonsai.jackalope.io. Here is the main error I get when provisioning:
TASK [letsencrypt : Test Acme Challenges] ****************************************************************************************************************************************************************************************************
System info:
Ansible 2.8.11; Darwin
Trellis version (per changelog): "Removes ID from Lets Encrypt bundled certificate and make filename stable"
---------------------------------------------------
failed: [bonsai.jackalope.io] (item=bonsai.jackalope.io) => {"ansible_loop_var": "item", "changed": false, "failed_hosts": ["bonsai.jackalope.io"], "item": {"key": "bonsai.jackalope.io", "value": {"branch": "master", "cache": {"enabled": false}, "local_path": "../site", "multisite": {"enabled": false}, "repo": "git@github.com:masoninthesis/bonsai-test.git", "repo_subtree_path": "site", "site_hosts": [{"canonical": "bonsai.jackalope.io"}], "ssl": {"enabled": true, "provider": "letsencrypt"}}}, "rc": 1}
...ignoring
TASK [letsencrypt : Notify of challenge failures] ********************************************************************************************************************************************************************************************
System info:
Ansible 2.8.11; Darwin
Trellis version (per changelog): "Removes ID from Lets Encrypt bundled certificate and make filename stable"
---------------------------------------------------
Could not access the challenge file for the hosts/domains:
bonsai.jackalope.io. Let's Encrypt requires every domain/host be publicly
accessible. Make sure that a valid DNS record exists for bonsai.jackalope.io
and that they point to this server's IP. If you don't want these domains in
your SSL certificate, then remove them from `site_hosts`. See
https://roots.io/trellis/docs/ssl for more details.
failed: [bonsai.jackalope.io] (item=bonsai.jackalope.io) => {"ansible_loop_var": "item", "changed": false, "item": {"ansible_loop_var": "item", "changed": false, "failed": true, "failed_hosts": ["bonsai.jackalope.io"], "invocation": {"module_args": {"file": "ping.txt", "hosts": ["bonsai.jackalope.io"], "path": ".well-known/acme-challenge"}}, "item": {"key": "bonsai.jackalope.io", "value": {"branch": "master", "cache": {"enabled": false}, "local_path": "../site", "multisite": {"enabled": false}, "repo": "git@github.com:masoninthesis/bonsai-test.git", "repo_subtree_path": "site", "site_hosts": [{"canonical": "bonsai.jackalope.io"}], "ssl": {"enabled": true, "provider": "letsencrypt"}}}, "rc": 1}}
I tried everything in the book that I could find.
• Similar issue from April 2016
• Another similar issue from April 2016
• And another issue from April 2016 where I make a cameo
The thing is, I do have my bonsai.jackalope.io DNS setup for this. I can ping it. The weird thing is that I change to a different subdomain, it provisions fine. I would think that must be some caching issue, propagation, or something. So I spin up a completely new project, and I have the same issue.
If I switch domains and use test.jackalope.io for my production environment, it works fine. But if bonsai.jackalope.io is on my staging environment, I get the same error.
If I change bonsai to staging-bonsai, it also works fine. It’s just that particular subdomain it doesn’t like.
As suggested from the threads above, I’ve tried (to no avail):
- Set ssl
enabled: false - Run
ansible-playbook server.yml -e env=<environment> --tags wordpress
This will create a fresh Nginx conf, which this time shouldn’t be trying to load the apparently missing file/etc/nginx/ssl/letsencrypt/ssltest.com-bundled.cert - Set ssl back to
enabled: true - Run
ansible-playbook server.yml -e env=<environment> --tags letsencrypt
This time the Nginx stuff shouldn’t choke on the missing cert file
I’m currently on Ansible 2.8.122, but I’ve tried 2.7-2.9 with no luck. As a last resort I rebuilt the project from scratch and got the same error. I can ssh in to the servers just fine. I’ve also tried editing the /etc/nginx/sites-available/example.com.conf as suggested here.
Here is a public repo of it.
Any help is appreciated. Thanks!
