GithubHelp home page GithubHelp logo

Comments (2)

kwisatz avatar kwisatz commented on July 19, 2024

There seems to be a specific problem with the config on the host above. On another host were we applied the same changes (from standalone to webroot), the puppet run works fine and it is not attempting to launch letsencrypt-auto:

Notice: /Stage[main]/Profile::Letsencrypt/Letsencrypt::Certonly[icinga.mon.my.domain.tld]/Cron[letsencrypt renew cron icinga.mon.my.domain.tld]/ensure: created

What might be specific about the other host is that at some point – IIRC when we added another domain as a SAN – letsencrypt decided to create new configuration files:

root@loadbalancer:~# ls -l /etc/letsencrypt/renewal/
total 12
-rwxr-xr-x 1 root root 516 Nov 11 12:56 api.my.domain.tld-0001.conf
-rw-r--r-- 1 root root 864 Jan 30 10:49 api.my.domain.tld-0002.conf
-rwxr-xr-x 1 root root 496 Nov  6 22:46 api.my.domain.tld.conf

I don't know what caused it to do so and since this is a production site, I'm not really inclined to too much experimentation.
However, a renewed attempt to do a puppet run resulted in it trying to bootstrap the entire thing again, starting from installing dependencies, etc (although valid certs had been generated in November):

Notice: /Stage[main]/Profile::Letsencrypt/Letsencrypt::Certonly[api.my.domain.tld]/Exec[letsencrypt certonly api.my.domain.tld]/returns: Bootstrapping dependencies for Debian-based OSes...

OK, that last thing seems to be a bug in the letsencrypt-auto script that causes it to not interpret ~ as $HOME but literally.

from puppet-letsencrypt.

kwisatz avatar kwisatz commented on July 19, 2024

And that seems to be at least part of the problem.
Now that I first moved to /root and executed puppet agent -t from there, all is fine:

Notice: /Stage[main]/Profile::Letsencrypt/Letsencrypt::Certonly[api.my.domain.tld]/Exec[letsencrypt certonly api.my.domain.tld]/returns: executed successfully
Notice: /Stage[main]/Profile::Letsencrypt/Module::Letsencrypt::Dhparam[api.my.domain.tld]/Dhparam[/etc/letsencrypt/live/my.domain.tld/dhparam.pem]/ensure: created
Notice: Finished catalog run in 47.39 seconds

Another point is that it suddenly and for no obvious reason to me decided to use another domain from the array of domains passed to certonly as the first domain.

from puppet-letsencrypt.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.