Successful remote provision and deploy.... all I see is Nginx welcome screen

I’ve searched through this discourse and Google and cannot find an answer.

I have successfully installed the latest version of Trellis locally with an older Sage 8 theme. Everything works great locally.

I was able to successfully provision the remote server at the domain with zero errors on a fresh DO droplet. I was also able to deploy the site to the remote server with zero errors.

When visiting the site url, all I see is the Nginx welcome screen:

Also, I’ve SSH’d into the server and navigated to the /current directory to ensure all the files are there and they do exist…

I have done a ton of these in the past with no issues but for some reason all of a sudden this is what I get. Any help would be greatly appreciated of course.

Can you please share the contents of group_vars/<environment>/wordpress_sites.yml?

wordpress_sites:
site.com:
site_hosts:
- canonical: site.com
redirects:
- www.site.com
local_path: …/site # path targeting local Bedrock site directory (relative to Ansible root)
repo: git@github.com:account/site.git # replace with your Git repo URL
repo_subtree_path: site # relative path to your Bedrock/WP directory in your repo
branch: master
multisite:
enabled: false
ssl:
enabled: true
provider: letsencrypt
cache:
enabled: false

Do you really have three dots in front of this? That might be the problem.

Hi, thank you for the response.

No, actually, there are only 2. Not sure how that ended up there when I pasted.

I tried to provision again and now I’m getting the following error:

MODULE FAILURE
Shared connection to site.com closed.

/bin/sh: 1: /usr/bin/python: not found

fatal: [site.com]: FAILED! => {"changed": false, "failed": true, "rc": 0}

Try this change:

Thanks for the help.

That got me past GATHERING FACTS, where it was failing before, but now it fails here:

RUNNING HANDLER [common : reload nginx] 
****************************************************
System info:
  Ansible 2.4.0.0; Darwin
  Trellis 1.0.0: December 27th, 2018
---------------------------------------------------

non-zero return code
nginx: [emerg]
SSL_CTX_use_PrivateKey_file("/etc/nginx/ssl/letsencrypt/site.com.key")
failed (SSL: error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed
fatal: [xxx.xx.xxx.xxx]: FAILED! => {"changed": true, "cmd": ["nginx", "-t"], "delta": "0:00:00.012474", "end": 
"2019-01-09 16:55:20.382254", "failed": true, "rc": 1, "start": "2019-01-09 16:55:20.369780", "stderr_lines": 
["nginx: [emerg] SSL_CTX_use_PrivateKey_file(\"/etc/nginx/ssl/letsencrypt/site.com.key\") failed (SSL: 
error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)", "nginx: 
configuration file /etc/nginx/nginx.conf test failed"], "stdout": "", "stdout_lines": []}

Would you be able to just recreate the server and start fresh? Seems like it’s a brand new one. My hunch is that the previous error caused the server/SSL stuff to get into a bad state which you could try and fix manually, but would be easier to start fresh again.

Sorry about that!

Thanks @swalkinshaw-

I rebuilt the droplet and I’m currently provisioning again. I’ll report back with the results.

Kindly-

Ok, I rebuilt the droplet. Using Ubuntu 18.04 x64 and still receiving the same previous error from above.

With no offense to anybody on this great team, I see no other option but to revert back to a previous version of Trellis as these problems have created down time and it’s been difficult to fix.

Is it best to start from a fresh droplet? A rebuilt droplet is the same thing right?

Thanks again.

One last update.

I changed ssl -> enabled to false in wordpress_sites.yml and had zero errors provisioning this time.

I deployed my site successfully. The site now loads.

I’d love to have SSL, lol.

Now that I have the server provisioned (without LE ssl) and the site deployed and running… I tried:

ansible-playbook server.yml -e env=production --tags letsencrypt

Still receives:

RUNNING HANDLER [common : reload nginx] 
****************************************************
System info:
  Ansible 2.4.0.0; Darwin
  Trellis 1.0.0: December 27th, 2018
---------------------------------------------------

non-zero return code
nginx: [emerg]
SSL_CTX_use_PrivateKey_file("/etc/nginx/ssl/letsencrypt/site.com.key")
failed (SSL: error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed
fatal: [xxx.xx.xxx.xxx]: FAILED! => {"changed": true, "cmd": ["nginx", "-t"], "delta": "0:00:00.012474", "end": 
"2019-01-09 16:55:20.382254", "failed": true, "rc": 1, "start": "2019-01-09 16:55:20.369780", "stderr_lines": 
["nginx: [emerg] SSL_CTX_use_PrivateKey_file(\"/etc/nginx/ssl/letsencrypt/site.com.key\") failed (SSL: 
error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)", "nginx: 
configuration file /etc/nginx/nginx.conf test failed"], "stdout": "", "stdout_lines": []}

No offense at all. Thanks for taking the time to try it out. Just to verify, did you try this on a new droplet with the current master version?

@swalkinshaw

I rebuilt the droplet I had setup, this way I did not have to deal changing IPs and DNS propagation. I believe a rebuilt droplet is the same as a fresh one.

My apologies but it turns out I had left the production host file as the droplet IP address and forgot to change it back to the domain. I had switched it to the IP address to perform some tests with provisioning the server because of all the roadblocks I was encountering.

Turns out it’s provisioning fine now with SSL set to true, however, now the site loads with https but the browser says it can’t be reached and refused to connect.

Argh!

Summary

https://nevcm.com/

FYI, in order to get the site back up live I’ve had to change the host back to the IP, disable SSL and reprovision again.

Looks like @philipp has the same issue: https://github.com/roots/trellis/pull/1057#issuecomment-452374127

I see you’ve moved suggested to move the discussion here. Is there a valid fix for this yet that you know of?

Hi @joshb & @swalkinshaw,

I have the feeling that the changes for python3 support on renew-certs.py introduced the issue @joshb also had here: Successful remote provision and deploy.... all I see is Nginx welcome screen

The first provision on a complete fresh Ubuntu 18.04 broke with an error I currently can’t remember exactly but had to do with the ssl certificates.
It took me a while to understand, that a reprovison doesn’t solve that issue as doing so went successfully through without any error. I guess the ssl files were recognizes as available but corrupted. So eventhough the reprovision was successful nginx was not running as described here: https://github.com/roots/trellis/pull/1057#issuecomment-452374127

Currently it sounds to me that @joshb is at the same point now. Can you please login to the remote via ssh and validate nginx is running via service nginx status?

As I can see @swalkinshaw reverted our changes on renew-certs.py and instead forces installation of python2. That makes sense to me but I didn’t tried it, yet. However @joshb can you go sure that all Trellis files are as in the current master?

1 Like

Yeah thanks for the summary. This is my current understanding of the situation as well. If current master is not working, then something else is going on. I’ll try it on some new servers tonight to test.

Just updated all files to latest master & set up a complete new server with fresh Ubuntu 18.04:

1.) First try to provision: Success
2.) First try to deploy: Success

:rocket:

2 Likes