Privacy warning, certificate not updated


#1

Hi guys,

My site is giving a privacy warning. Saying the certificate has not been updated and has expired yesterday.

I have updated Trellis, and am trying to run the following steps:

  • Update trellis to include roots/trellis#630
  • Set ssl enabled: false for affected sites in group_vars//wordpress_sites.yml
  • Run ansible-playbook server.yml -e env= --tags wordpress
  • Reset ssl enabled: true for applicable sites in group_vars//wordpress_sites.yml
  • Run ansible-playbook server.yml -e env= --tags letsencrypt

Unfortunately Nginx is not reloading giving me the following warning:

RUNNING HANDLER [common : reload nginx] ****************************************
System info:
  Ansible 2.5.4; Darwin
  Trellis version (per changelog): "Update wp-cli to 2.0.1"
---------------------------------------------------
non-zero return code
nginx: [emerg] unknown directive "fastcgi_cache_background_update" in
/etc/nginx/sites-enabled/domain.com.conf:71
nginx: configuration file /etc/nginx/nginx.conf test failed
fatal: [178.62.208.219]: FAILED! => {"changed": true, "cmd": ["nginx", "-t"], "delta": "0:00:00.026731", "end": "2018-09-09 09:41:06.131827", "rc": 1, "start": "2018-09-09 09:41:06.105096", "stderr_lines": ["nginx: [emerg] unknown directive \"fastcgi_cache_background_update\" in /etc/nginx/sites-enabled/domain.com.conf:71", "nginx: configuration file /etc/nginx/nginx.conf test failed"], "stdout": "", "stdout_lines": []}

Running “nginx -t” is giving me:
nginx: [emerg] unknown directive "fastcgi_cache_background_update" in /etc/nginx/sites-enabled/domain.com.conf:71

Any idea how to fix this? Thanks!

Edit:
I’m thinking Nginx is not the right version for ‘fastcgi_cache_background_update’. I’ve updated Nginx. Unfortunately this has lead to the next error:

Unable to start service php7.2-fpm: Job for php7.2-fpm.service failed because
the control process exited with error code.

#2

I had an issue with an SSL cert recently and ultimately it was faster to update Trellis to the latest HEAD, back up the database and uploads and destroy/reprovision the server. Whole thing took about an hour with about 10 minutes of down time.

Is that an option here?


#3

Thanks for your reply.

It’s what I ended up doing. Only instead of destroying the Production server I created a new one. Just to make sure I had an extra back-up. Downside was the new IP, for some external services.

Steps I took for reference:

  1. Download database via WP-CLI (https://developer.wordpress.org/cli/commands/db/export/)
  2. Create new Droplet / Server.
  3. Change IP for production server.
  4. Provision server.
  5. Deploy site (no need to adjust settings).
  6. Import database
    (https://developer.wordpress.org/cli/commands/db/import/)

If like me you hadn’t updated Trellis for while, this might be a good moment to work with the latest version.


#4

I simply ran the provisioning script again and this error went away.

I got this after reprovisioning after updating trellis.