Roots Discourse

Trellis build issue... output inside weird line break in error


#1

I just tried to build out a box running… ansible-playbook server.yml -e env=production as I had done dozens + times… I run into the following issue…

one clue is that in the error there’s a linebreak between “my” and “site.com.key” on the line after the non-zero return code in the stacktrace.

RUNNING HANDLER [common : reload nginx] *****************************************************************************************************
System info:
  Ansible 2.4.0.0; Darwin
  Trellis 1.0.0: December 27th, 2018
---------------------------------------------------
non-zero return code
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/nginx/ssl/letsencrypt/my
site.com.key") failed (SSL: error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed
fatal: [mysite.com]: FAILED! => {"changed": true, "cmd": ["nginx", "-t"], "delta": "0:00:00.017923", "end": "2019-01-08 17:02:05.287841", "failed": true, "rc": 1, "start": "2019-01-08 17:02:05.269918", "stderr_lines": ["nginx: [emerg] SSL_CTX_use_PrivateKey_file(\"/etc/nginx/ssl/letsencrypt/mysite.com.key\") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)", "nginx: configuration file /etc/nginx/nginx.conf test failed"], "stdout": "", "stdout_lines": []}

Any idea what the issue is?

Edit: this is on a fresh 18.04 box on digitalocean
Edit2: my wordpress-sites.yml has letsencrypt set to true.

when I hit mysite.com with https i get an issue that the server is not listening on 443, when i hit it with http I get the welcome to nginx screen

Edit3: just rebuilt the sever, set

ssl:
      enabled: false

it provisions and deploys fine, going to try setting ssl to enabled: true and run

ansible-playbook server.yml -e env=production --tags "letsencrypt"

edit4:

same result as provisioning with ssl enabled true

RUNNING HANDLER [common : reload nginx] ***************************************************************************************************
System info:
  Ansible 2.4.0.0; Darwin
  Trellis 1.0.0: December 27th, 2018
---------------------------------------------------
non-zero return code
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/nginx/ssl/letsencrypt/my
site.com.key") failed (SSL: error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed
fatal: [mysite.com]: FAILED! => {"changed": true, "cmd": ["nginx", "-t"], "delta": "0:00:00.014845", "end": "2019-01-08 17:33:21.582023", "failed": true, "rc": 1, "start": "2019-01-08 17:33:21.567178", "stderr_lines": ["nginx: [emerg] SSL_CTX_use_PrivateKey_file(\"/etc/nginx/ssl/letsencrypt/mysite.com.key\") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)", "nginx: configuration file /etc/nginx/nginx.conf test failed"], "stdout": "", "stdout_lines": []}

#2

OK, so I see there were a few updates to the an update to trellis/roles/letsencrypt/templates/renew-certs.py in the past few days (hashes: a721ef61b95adc9e56d974b73de81c2cfbb1e4c7 and 899455ec836b122828066ffd1e699a427e384266). If I roll that file back to it’s state in the commit hash 8ef5718b3489e26657dba155ca06aa1714bb46f9 destroy/rebuild the box all works fine.


#3

scratch that - i’m having issues when I try to add an additional site on to the box


#4

if I roll back to trellis tag 1.0.0 it appears to work, will confirm


#5

Reverted the updates that caused this, sorry about that!


#6

Confirmed that 1.0.0 fixes it. Thanks @benword