Provisioning Digital Ocean Ubuntu 16.04.3 lets encrypt error with IP addresss

ansible
sage9
letsencrypt

#1

Hello,

New to Trellis, running into this error. IP address reporting as failed. Any ideas what could be wrong here? (Note replaced actual domain with example and xx’s for IP)

Thanks in advance.

TASK [letsencrypt : Generate the certificates] ***************************************************************************
task path: /Users/mydrive/dev/hello-world.com/trellis/roles/letsencrypt/tasks/certificates.yml:41
Using module file /usr/local/Cellar/ansible/2.4.3.0/libexec/lib/python2.7/site-packages/ansible/modules/commands/command.py
<159.x.xx.xxx> ESTABLISH SSH CONNECTION FOR USER: admin
<159.x.xx.xxx> SSH: EXEC ssh -vvv -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=admin -o ConnectTimeout=10 -o ControlPath=/Users/mydrive/.ansible/cp/3af416c67c 159.x.xx.xxx ‘/bin/sh -c ‘"’"‘sudo -H -S -p “[sudo via ansible, key=dxhqbvwmcsawvskjxrcbyobgwklsgrjo] password: " -u root /bin/sh -c '”’"’"’"’"’"’"’"‘echo BECOME-SUCCESS-dxhqbvwmcsawvskjxrcbyobgwklsgrjo; /usr/bin/python’"’"’"’"’"’"’"’"’ && sleep 0’"’"’’
<159.x.xx.xxx> (1, ‘\n{“changed”: true, “end”: “2018-02-12 00:07:31.729273”, “stdout”: “Generating certificate for helloworld.example.com\nError while generating certificate for helloworld.example.com\nTraceback (most recent call last):\n File \”/usr/local/letsencrypt/acme_tiny.py\", line 198, in \n main(sys.argv[1:])\n File \"/usr/local/letsencrypt/acme_tiny.py\", line 194, in main\n signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)\n File \"/usr/local/letsencrypt/acme_tiny.py\", line 149, in get_crt\n domain, challenge_status))\nValueError: helloworld.example.com challenge did not pass: {u’status’: u’invalid’, u’validationRecord’: [{u’url’: u’http://helloworld.example.com/.well-known/acme-challenge/y0cTQkQCZy4SLeW6nrSVN_zgRzp6k13icxN5XWMqtjI’, u’hostname’: u’helloworld.example.com’, u’addressUsed’: u’159.x.xx.xxx’, u’port’: u’80’, u’addressesResolved’: [u\‘159.x.xx.xxx\’]}], u’keyAuthorization’: u’y0cTQkQCZy4SLeW6nrSVN_zgRzp6k13icxN5XWMqtjI.fvxFZC5GGGEZM21pPlILHmmfXU3p4ooveuiknsCFZHI’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/xgAe8VtgG4i6aUYW-wgCRZrXoWxm-cmlw0Q4HcC4Cq0/3425830169’, u’token’: u’y0cTQkQCZy4SLeW6nrSVN_zgRzp6k13icxN5XWMqtjI’, u’error’: {u’status’: 400, u’type’: u’urn:acme:error:connection’, u’detail’: u’DNS problem: SERVFAIL looking up CAA for example.com’}, u’type’: u’http-01’}", “cmd”: ["./renew-certs.py"], “failed”: true, “delta”: “0:00:11.203908”, “stderr”: “”, “rc”: 1, “invocation”: {“module_args”: {“warn”: true, “executable”: null, “chdir”: “/var/lib/letsencrypt”, “_raw_params”: “./renew-certs.py”, “removes”: null, “creates”: null, “_uses_shell”: false, “stdin”: null}}, “start”: “2018-02-12 00:07:20.525365”, “msg”: “non-zero return code”}\n’, ‘OpenSSH_7.6p1, LibreSSL 2.6.2\r\ndebug1: Reading configuration data /Users/mydrive/.ssh/config\r\ndebug1: /Users/mydrive/.ssh/config line 1: Applying options for *\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 20: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 3372\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\n’)
System info:
Ansible 2.4.3.0; Darwin
Trellis at “Fix failed_when in template_root check with wp-cli 1.5.0”


non-zero return code
fatal: [159.x.xx.xxx]: FAILED! => {
“changed”: false,
“cmd”: [
"./renew-certs.py"
],
“delta”: “0:00:11.203908”,
“end”: “2018-02-12 00:07:31.729273”,
“invocation”: {
“module_args”: {
"_raw_params": “./renew-certs.py”,
"_uses_shell": false,
“chdir”: “/var/lib/letsencrypt”,
“creates”: null,
“executable”: null,
“removes”: null,
“stdin”: null,
“warn”: true
}
},
“rc”: 1,
“start”: “2018-02-12 00:07:20.525365”,
“stderr”: “”,
“stderr_lines”: [],
“stdout”: “Generating certificate for helloworld.example.com\nError while generating certificate for helloworld.example.com\nTraceback (most recent call last):\n File “/usr/local/letsencrypt/acme_tiny.py”, line 198, in \n main(sys.argv[1:])\n File “/usr/local/letsencrypt/acme_tiny.py”, line 194, in main\n signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)\n File “/usr/local/letsencrypt/acme_tiny.py”, line 149, in get_crt\n domain, challenge_status))\nValueError: helloworld.example.com challenge did not pass: {u’status’: u’invalid’, u’validationRecord’: [{u’url’: u’http://helloworld.example.com/.well-known/acme-challenge/y0cTQkQCZy4SLeW6nrSVN_zgRzp6k13icxN5XWMqtjI’, u’hostname’: u’helloworld.example.com’, u’addressUsed’: u’159.x.xx.xxx’, u’port’: u’80’, u’addressesResolved’: [u’159.x.xx.xxx’]}], u’keyAuthorization’: u’y0cTQkQCZy4SLeW6nrSVN_zgRzp6k13icxN5XWMqtjI.fvxFZC5GGGEZM21pPlILHmmfXU3p4ooveuiknsCFZHI’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/xgAe8VtgG4i6aUYW-wgCRZrXoWxm-cmlw0Q4HcC4Cq0/3425830169’, u’token’: u’y0cTQkQCZy4SLeW6nrSVN_zgRzp6k13icxN5XWMqtjI’, u’error’: {u’status’: 400, u’type’: u’urn:acme:error:connection’, u’detail’: u’DNS problem: SERVFAIL looking up CAA for example.com’}, u’type’: u’http-01’}”,
“stdout_lines”: [
“Generating certificate for helloworld.example.com”,
“Error while generating certificate for helloworld.example.com”,
“Traceback (most recent call last):”,
" File “/usr/local/letsencrypt/acme_tiny.py”, line 198, in “,
” main(sys.argv[1:])",
" File “/usr/local/letsencrypt/acme_tiny.py”, line 194, in main",
" signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)",
" File “/usr/local/letsencrypt/acme_tiny.py”, line 149, in get_crt",
" domain, challenge_status))",
“ValueError: helloworld.example.com challenge did not pass: {u’status’: u’invalid’, u’validationRecord’: [{u’url’: u’http://helloworld.example.com/.well-known/acme-challenge/y0cTQkQCZy4SLeW6nrSVN_zgRzp6k13icxN5XWMqtjI’, u’hostname’: u’helloworld.example.com’, u’addressUsed’: u’159.x.xx.xxx’, u’port’: u’80’, u’addressesResolved’: [u’159.x.xx.xxx’]}], u’keyAuthorization’: u’y0cTQkQCZy4SLeW6nrSVN_zgRzp6k13icxN5XWMqtjI.fvxFZC5GGGEZM21pPlILHmmfXU3p4ooveuiknsCFZHI’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/xgAe8VtgG4i6aUYW-wgCRZrXoWxm-cmlw0Q4HcC4Cq0/3425830169’, u’token’: u’y0cTQkQCZy4SLeW6nrSVN_zgRzp6k13icxN5XWMqtjI’, u’error’: {u’status’: 400, u’type’: u’urn:acme:error:connection’, u’detail’: u’DNS problem: SERVFAIL looking up CAA for example.com’}, u’type’: u’http-01’}”
]
}

PLAY RECAP ***************************************************************************************************************
159.xx.xx.xxx : ok=101 changed=7 unreachable=0 failed=1
localhost : ok=0 changed=0 unreachable=0 failed=0


#2

Any chance DNS simply hasn’t propagated yet?


#3

It’s sometimes the simplest of things. You are correct, I had changed DNS for that domain in the morning and assumed it would have propagated by now. Checked and it hasn’t propagated fully. Will try it again tomorrow, thanks much!