LetsEncrypt error on fresh install

Hi, I’m new to Trellis.

  • Fresh MacOS install. Followed instructions.

  • Added ssl: enabled: true and ssl: provider: letsencrypt

  • Ran vagrant up

  • Got this error:

    RUNNING HANDLER [common : reload nginx] ****************************************
    System info:
    Ansible 2.2.0.0; Vagrant 1.9.1; Darwin
    Trellis at “Vagrantfile: add automatic support for landrush”

    nginx: [emerg] BIO_new_file("/etc/nginx/ssl/letsencrypt/foo.bar.org-
    bundled.cert") failed (SSL: error:02001002:system library:fopen:No such file
    or directory:fopen(’/etc/nginx/ssl/letsencrypt/foo.bar.org-
    bundled.cert’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
    nginx: configuration file /etc/nginx/nginx.conf test failed
    fatal: [default]: FAILED! => {“changed”: true, “cmd”: [“nginx”, “-t”], “delta”: “0:00:00.020067”, “end”: “2017-01-01 18:43:56.881300”, “failed”: true, “rc”: 1, “start”: “2017-01-01 18:43:56.861233”, “stderr”: “nginx: [emerg] BIO_new_file(”/etc/nginx/ssl/letsencrypt/foo.bar.org-bundled.cert") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/nginx/ssl/letsencrypt/foo.bar.org-bundled.cert’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed", “stdout”: “”, “stdout_lines”: [], “warnings”: []}

I’m not sure if it’s because I’m using a subdomain or what. Any ideas?

I think you have set ssl provider: letsencrypt in your group_vars/development/wordpress_sites.yml but should probably change it back to provider: self-signed (for development).

However, it’s fine to use provider: letsencrypt for staging and production.

Consider the implications of the following:

Let’s Encrypt verifies and creates certificates through a publicly accessible web server for every domain you want on the certificate.
This means you need valid and working DNS records for every site host/domain you have configured for your WP site. – Trellis SSL docs

The Let’s Encrypt process won’t be able to verify DNS and domain ownership for domains in your vagrant VM because these domains are not publicly accessible. For that reason, Trellis doesn’t even try to set up Let’s Encrypt for the development environment (dev.yml runs for development and lacks the letsencrypt role, compared to server.yml for staging and production environments).

1 Like

Ah okay, missed that part of the SSL docs. Thank you.