Comments (2)
There seems to be a specific problem with the config on the host above. On another host were we applied the same changes (from standalone to webroot), the puppet run works fine and it is not attempting to launch letsencrypt-auto
:
Notice: /Stage[main]/Profile::Letsencrypt/Letsencrypt::Certonly[icinga.mon.my.domain.tld]/Cron[letsencrypt renew cron icinga.mon.my.domain.tld]/ensure: created
What might be specific about the other host is that at some point – IIRC when we added another domain as a SAN – letsencrypt decided to create new configuration files:
root@loadbalancer:~# ls -l /etc/letsencrypt/renewal/
total 12
-rwxr-xr-x 1 root root 516 Nov 11 12:56 api.my.domain.tld-0001.conf
-rw-r--r-- 1 root root 864 Jan 30 10:49 api.my.domain.tld-0002.conf
-rwxr-xr-x 1 root root 496 Nov 6 22:46 api.my.domain.tld.conf
I don't know what caused it to do so and since this is a production site, I'm not really inclined to too much experimentation.
However, a renewed attempt to do a puppet run resulted in it trying to bootstrap the entire thing again, starting from installing dependencies, etc (although valid certs had been generated in November):
Notice: /Stage[main]/Profile::Letsencrypt/Letsencrypt::Certonly[api.my.domain.tld]/Exec[letsencrypt certonly api.my.domain.tld]/returns: Bootstrapping dependencies for Debian-based OSes...
OK, that last thing seems to be a bug in the letsencrypt-auto script that causes it to not interpret ~
as $HOME but literally.
from puppet-letsencrypt.
And that seems to be at least part of the problem.
Now that I first moved to /root and executed puppet agent -t
from there, all is fine:
Notice: /Stage[main]/Profile::Letsencrypt/Letsencrypt::Certonly[api.my.domain.tld]/Exec[letsencrypt certonly api.my.domain.tld]/returns: executed successfully
Notice: /Stage[main]/Profile::Letsencrypt/Module::Letsencrypt::Dhparam[api.my.domain.tld]/Dhparam[/etc/letsencrypt/live/my.domain.tld/dhparam.pem]/ensure: created
Notice: Finished catalog run in 47.39 seconds
Another point is that it suddenly and for no obvious reason to me decided to use another domain from the array of domains passed to certonly as the first domain.
from puppet-letsencrypt.
Related Issues (20)
- update metadata.json
- typo in example HOT 2
- certbot has a python problem on centos 7 HOT 8
- Cut new version with puppet-epel dependency? HOT 1
- RHEL8 support for dns-rfc2136
- Logrotate for the letsencrypt logs HOT 1
- certbot-auto no longer works on any OS HOT 2
- Adding domains to existing certificate leads to duplicate certs/renewal configs with pattern <cert>-0001,2 etc HOT 3
- Raise compatible puppet version from <7.0 to <8.0 HOT 2
- Drop VCS install method support
- Recent update causes problems with the nginx plugin HOT 1
- CONFIGDIR/renwal/domain.conf not updated HOT 2
- Manage Cron parameter on letsencrypt::certonly will not cleanup resources. HOT 2
- feature request: cron_after_command
- `register-unsafely-without-email` config key is kept when turning `unsafe_registration` back to `false`
- Could not find class ::epel when declaring Letsencrypt class HOT 1
- New release please? HOT 3
- letsencrypt-domain-validation case sensitivity
- Documentation/examples for certonly `suppress_cron_output` not updated after removal of parameter HOT 1
- Circular dependency caused by nginx plugin HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-letsencrypt.