Permission denied when provisioning production server

I apologize in advance if I’m simply missing something basic. I spent a lot of time on Thursday attempting to fix the issues outlined below to to avail. Decided to take off yesterday so I don’t lose any more hair.

FWIW, I have been working on this project for a few months and I was able to provision the staging server and deploy, deploy, deploy with no problems. Attempting to do the same for production is causing me grief. Both environments are on Digital Ocean on separate droplets.

After running:

I receive:

After running:

I receive:

I’ve checked and cross-compared the IP from DOcean with my hosts. I’ve made sure to add my ssh-agent via ssh-add ~/.ssh/id_rsa and that doesn’t help.

When I run ansible -m ping all I receive:

Disclaimer: Later on Wednesday I wanted to play around with the new Roots 9 so I did upgrade some stuff, which broke some of the flow. I reverted back some of the updates to get my current Trellis environments running again. This is the only issue I am having now.


I am able too ssh fine into the production droplet.

However, when I attempt this with the staging droplet, I get:
Permission denied (publickey).

Strange since I’m able to deploy to staging.

It appears this has been an intermittent issue.

I was able to get one instance to fully provision without error on Thursday after destroying and creating new droplets over and over again. Once again today I decided to try doing the same and after 2 attempts I was able to provision further but now I’m stuck on this error:

FAILED! => {“changed”: false, “cmd”: ["./"]

Provided agreement URL [] does not match current agreement URL []\

You’re describing a few different issues in this thread. The Let’sEncrypt one specifically was fixed in Trellis back in November. You’ll need to update Trellis with at least the changes in this Pull Request and, as noted by @swalkinshaw, reprovisioning your server.


@MWDelaney - thank you for the information there.

I went ahead and updated Trellis but then I’m prompted to update Ansible to 2.4 so it can work with Trellis. After updating Ansible 2.4 I get depreciation warnings and an error:

For now I reverted back to old Trellis and previous Ansible. I will just use a different certificate for now but wouldn’t mind running LE again.

The deprecation warnings are on the Trellis team, but the error makes it look like you replaced one or more of your vault.yml files (don’t forget there’s one in group_vars/all!) when you updated Trellis.