Problem with letsencrypt: Generate the initial certificate

So I set up SSL on my staging server via Let’s Encrypt, in order to make sure that it works prior to attempting on production.

When I go to run the server.yml playbook for production, I get the following error:

TASK [letsencrypt : Generate the initial certificate] **************************
task path: /www/teamrubicon/
System info:
  Ansible; Darwin
  Trellis at "Add `vault_users` for easier password management"
fatal: []: FAILED! => {"changed": false, "cmd": ["./"], "delta": "0:00:00.893103", "end": "2016-08-08 18:55:15.582461", "failed": true, "rc": 1, "start": "2016-08-08 18:55:14.689358", "stderr": "", "stdout": "Generating certificate for\nError while generating certificate for\nParsing account key...\nParsing CSR...\nRegistering account...\nAlready registered!\nVerifying\nTraceback (most recent call last):\n  File \"/usr/local/letsencrypt/\", line 198, in <module>\n    main(sys.argv[1:])\n  File \"/usr/local/letsencrypt/\", line 194, in main\n    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER,\n  File \"/usr/local/letsencrypt/\", line 123, in get_crt\n    wellknown_path, wellknown_url))\nValueError: Wrote file to /srv/www/letsencrypt/P3DW-E1WmMKL07i6GFapVVS-xGt9otO1riOyRErBnGU, but couldn't download", "stdout_lines": ["Generating certificate for", "Error while generating certificate for", "Parsing account key...", "Parsing CSR...", "Registering account...", "Already registered!", "Verifying", "Traceback (most recent call last):", "  File \"/usr/local/letsencrypt/\", line 198, in <module>", "    main(sys.argv[1:])", "  File \"/usr/local/letsencrypt/\", line 194, in main", "    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER,", "  File \"/usr/local/letsencrypt/\", line 123, in get_crt", "    wellknown_path, wellknown_url))", "ValueError: Wrote file to /srv/www/letsencrypt/P3DW-E1WmMKL07i6GFapVVS-xGt9otO1riOyRErBnGU, but couldn't download"], "warnings": []}

cmd: ./

start: 2016-08-08 18:55:14.689358

end: 2016-08-08 18:55:15.582461

delta: 0:00:00.893103

stdout: Generating certificate for
Error while generating certificate for
Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Traceback (most recent call last):
  File "/usr/local/letsencrypt/", line 198, in <module>
  File "/usr/local/letsencrypt/", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER,
  File "/usr/local/letsencrypt/", line 123, in get_crt
    wellknown_path, wellknown_url))
ValueError: Wrote file to /srv/www/letsencrypt/P3DW-E1WmMKL07i6GFapVVS-xGt9otO1riOyRErBnGU, but couldn't download

My guess is that since the site key for staging is the same as production, it sees that an account has been already registered, and then attempts to download it from the key url ( used for both staging and production, and fails since the key is actually at

How can I get Let’s Encrypt working on production?

I’ve pulled & merged Trellis to commit db0c068de7197c14132a42ab398c4c9b3cf9fcb3, and staging and production are on separate DO droplets.

Appreciate the help in advance!

You need to point to the same IP as Make sure they both ping to the correct IP then try again.

They both resolve to the same IP; here’s production/wordpress_sites.yml:

      - canonical:
    local_path: ../site # path targeting local Bedrock site directory (relative to Ansible root)
    repo_subtree_path: site # relative path to your Bedrock/WP directory in your repo
    branch: master
      enabled: false
      enabled: true
      provider: letsencrypt
      enabled: true
      duration: 180s
      skip_cache_uri: /wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml
      skip_cache_cookie: comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in
      ACF_PRO_KEY: "{{ ACF_PRO_KEY }}"

I’m getting a different IP than expected, probably due to CloudFlare, but I’m going to try again with the server’s IP instead of the floating IP (a la Digital Ocean) in hosts/production and see what happens…