You could look into whether your internal networking/routing isn’t enabling requests to yf.splendidperch.co to resolve correctly, when initiated from within the network.
In the meantime, given that the .well-known/acme-challenge/ping.txt is publicly accessible, you could try this:
- Comment out these two tasks that are blocking
- Set the staging
letsencrypt_cain a group_vars file ansible-playbook server.yml -e env=production --tags letsencrypt
If the playbook completes without failure (your browser will still show a warning because it’s just a test cert), remove the staging letsencrypt_ca definition and run the playbook again to get a real cert.
I think the steps above will spare you having to manually step through the process. But really, all the steps are viewable in the letsencrypt role code, particularly in the certificates.yml file.
If you’re using Trellis anyway, I’d not bother with the cert you acquired via Certbot, just letting Trellis do its thing instead. In a pinch, you could get a copy of your Certbot cert and key onto your local machine and use them as provider: manual.