When I try to reprovision a server it fails at TASK [letsencrypt : Generate the certificates]
.
Snippet of the error message:
Not creating a new certificate.\n\nCertificate file /etc/nginx/ssl/letsencrypt/mywebsite.nl-53859fd.cert already exists\nGenerating certificate for mywebsite.nl\nError while generating certificate for mywebsite.nl\nTraceback (most recent call last):\n File \"/usr/local/letsencrypt/acme_tiny.py\", line 198, in <module>\n main(sys.argv[1:])\n File \"/usr/local/letsencrypt/acme_tiny.py\", line 194, in main\n signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)\n File \"/usr/local/letsencrypt/acme_tiny.py\", line 149, in get_crt\n domain, challenge_status))\nValueError: www.mywebsite.nl challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'server.ip.address', u'2a01:7c8:eb:0:149:210:209:163'], u'url': u'http://www.mywebsite.nl/.well-known/acme-challenge/S5FAhPVNa173VKf_7ZfNTnA0ZSjEeF2GVwBfyEACSog', u'hostname': u'www.mywebsite.nl', u'addressesTried': [], u'addressUsed': u'2a01:7c8:eb:0:149:210:209:163', u'port': u'80'}], u'keyAuthorization': u'S5FAhPVNa173VKf_7ZfNTnA0ZSjEeF2GVwBfyEACSog.ZvFiOy8_ZHj-j7QzmnPC6pTVimWXjsZyO3xpi9M9DnM', u'uri': u'https://acme-v01.api.letsencrypt.org/acme/challenge/', u'token': u'S5FAhPVNa173VKf_7ZfNTnA0ZSjEeF2GVwBfyEACSog', u'error': {u'status': 403, u'type': u'urn:acme:error:unauthorized', u'detail': u'Invalid response from http://www.mywebsite.nl/.well-known/acme-challenge/S5FAhPVNa173VKf_7ZfNTnA0ZSjEeF2GVwBfyEACSog: \"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\\n<html><head>\\n<title>404 Not Found</title>\\n</head><body>\\n<h1>Not Found</h1>\\n<p\"'}
When I check the certificate on https://www.digicert.com/help/, I see that the domain name is not that of the domain which it should be. The domain name in the certificate is now that of another website on the same server. The website becomes unavailable with a ‘Your connection is not private’ browser error.
The worrying thing is that whenever I set ssl enabled to false (in wordpress_sites.yml) on another website and reprovision, then set ssl to true again and reprovision the same problem occurs there as well, where the provision fails at the task and now on this website the domain name in the cert points to yet another site on the same server. With again a browser error.
When I ssh into the server as admin and try to check the SSL folders: /var/lib/letsencrypt/csrs
and /etc/nginx/ssl/letsencrypt
(as I’ve read in this post), I get a permission denied.
I could really use some advice, as two websites are now inaccessible.
Thank you.