Privacy warning, certificate not updated

Hi guys,

My site is giving a privacy warning. Saying the certificate has not been updated and has expired yesterday.

I have updated Trellis, and am trying to run the following steps:

  • Update trellis to include roots/trellis#630
  • Set ssl enabled: false for affected sites in group_vars//wordpress_sites.yml
  • Run ansible-playbook server.yml -e env= --tags wordpress
  • Reset ssl enabled: true for applicable sites in group_vars//wordpress_sites.yml
  • Run ansible-playbook server.yml -e env= --tags letsencrypt

Unfortunately Nginx is not reloading giving me the following warning:

RUNNING HANDLER [common : reload nginx] ****************************************
System info:
  Ansible 2.5.4; Darwin
  Trellis version (per changelog): "Update wp-cli to 2.0.1"
---------------------------------------------------
non-zero return code
nginx: [emerg] unknown directive "fastcgi_cache_background_update" in
/etc/nginx/sites-enabled/domain.com.conf:71
nginx: configuration file /etc/nginx/nginx.conf test failed
fatal: [178.62.208.219]: FAILED! => {"changed": true, "cmd": ["nginx", "-t"], "delta": "0:00:00.026731", "end": "2018-09-09 09:41:06.131827", "rc": 1, "start": "2018-09-09 09:41:06.105096", "stderr_lines": ["nginx: [emerg] unknown directive \"fastcgi_cache_background_update\" in /etc/nginx/sites-enabled/domain.com.conf:71", "nginx: configuration file /etc/nginx/nginx.conf test failed"], "stdout": "", "stdout_lines": []}

Running “nginx -t” is giving me:
nginx: [emerg] unknown directive "fastcgi_cache_background_update" in /etc/nginx/sites-enabled/domain.com.conf:71

Any idea how to fix this? Thanks!

Edit:
I’m thinking Nginx is not the right version for ‘fastcgi_cache_background_update’. I’ve updated Nginx. Unfortunately this has lead to the next error:

Unable to start service php7.2-fpm: Job for php7.2-fpm.service failed because
the control process exited with error code.
1 Like

I had an issue with an SSL cert recently and ultimately it was faster to update Trellis to the latest HEAD, back up the database and uploads and destroy/reprovision the server. Whole thing took about an hour with about 10 minutes of down time.

Is that an option here?

Thanks for your reply.

It’s what I ended up doing. Only instead of destroying the Production server I created a new one. Just to make sure I had an extra back-up. Downside was the new IP, for some external services.

Steps I took for reference:

  1. Download database via WP-CLI (https://developer.wordpress.org/cli/commands/db/export/)
  2. Create new Droplet / Server.
  3. Change IP for production server.
  4. Provision server.
  5. Deploy site (no need to adjust settings).
  6. Import database
    (https://developer.wordpress.org/cli/commands/db/import/)

If like me you hadn’t updated Trellis for while, this might be a good moment to work with the latest version.

1 Like

I simply ran the provisioning script again and this error went away.

I got this after reprovisioning after updating trellis.

I had the same issue and it turned out to an issue with NGINX not being able to restart after regenerating the certs. I think I must have upgraded Trellis, but the nginx version was older than that defined in Trellis.

Checking the logs, I saw this:

2018/12/10 22:29:52 [emerg] 2022#2022: unknown directive "fastcgi_cache_background_update" in /etc/nginx/sites-enabled/forty7id.com.conf:82

So one way to get around this without reprovisioning your server is to disable fastcgi_cache_background_update in your nginx config and restart nginx.

This post solves the issue well, if you had an old trellis install, it installed an old version of Nginx, you will need to upgrade to a version that includes the module

1 Like

Great, for future reference these are the steps mentioned.

To update nginx manually you can run:

sudo add-apt-repository ppa:nginx/stable
sudo apt-get update
sudo apt-get install nginx
1 Like