l-p / ansible-role-acmetool Goto Github PK
View Code? Open in Web Editor NEWInstall, configure, and run acmetool to generate Let's Encrypt TLS certificates.
License: MIT License
ansible-role-acmetool's People
Contributors
Stargazers
Watchers
Forkers
karlmdavisansible-role-acmetool's Issues
New acme-agreement v1.2 URL causes errors: "acmetool: fatal: couldn't complete registration: cannot prompt the user: currently non-interactive"
The agreement URL has been bumped to a new version again.
Getting this output when running the role:
TASK [L-P.acmetool : Setup acmetool] ***************************************************************************************************************************
Sunday 24 December 2017 21:06:41 -0500 (0:00:01.055) 0:02:01.002 *******
fatal: [eddings.justdavis.com]: FAILED! => {"changed": false, "cmd": ["acmetool", "quickstart", "--batch"], "delta": "0:00:00.321911", "end": "2017-12-25 02:06:41.725693", "failed": true, "msg": "non-zero return code", "rc": 1, "start": "2017-12-25 02:06:41.403782", "stderr": "20171225020641 [CRITICAL] acmetool: fatal: couldn't complete registration: cannot prompt the user: currently non-interactive", "stderr_lines": ["20171225020641 [CRITICAL] acmetool: fatal: couldn't complete registration: cannot prompt the user: currently non-interactive"], "stdout": "", "stdout_lines": []}
New acme-agreement URL causes errors: "acmetool: fatal: couldn't complete registration: cannot prompt the user: currently non-interactive"
The new LE agreement is now here: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf.
Because this isn't the URL written to the response file, errors like the following are occurring:
$ sudo acmetool quickstart --batch
20171125060209 [CRITICAL] acmetool: fatal: couldn't complete registration: cannot prompt the user: currently non-interactive
Fails for multiple domains
I've got the following configuration for this role, which doesn't work:
acmetool_domains: "{{ [domain] | union(domain_site_aliases) | join(' ') }}"
This just expands to tests.justdavis.com www.tests.justdavis.com tests.davisonlinehome.name www.tests.davisonlinehome.name", as you can see in the following Ansible -vvv` output, along with the error that the space-separated domins cause:
changed: [eddings.justdavis.com] => {"changed": true, "cmd": ["acmetool", "want", "--batch", "tests.justdavis.com www.tests.justdavis.com tests.davisonlinehome.name www.t
ests.davisonlinehome.name"], "delta": "0:00:00.029405", "end": "2016-11-28 20:46:27.699574", "invocation": {"module_args": {"_raw_params": "acmetool want --batch \"tests.
justdavis.com www.tests.justdavis.com tests.davisonlinehome.name www.tests.davisonlinehome.name\"", "_uses_shell": false, "chdir": null, "creates": null, "executable": nu
ll, "removes": null, "warn": true}, "module_name": "command"}, "rc": 0, "start": "2016-11-28 20:46:27.670169", "stderr": "20161128204627 [ERROR] acme.storage: failed to l
oad target tests.justdavis.com www.tests.justdavis.com tests.davisonlinehome.name www.tests.davisonlinehome.name-4dh5nisfojfjjjdnyh47piv7wi: invalid target: tests.justdav
is.com www.tests.justdavis.com tests.davisonlinehome.name www.tests.davisonlinehome.name-4dh5nisfojfjjjdnyh47piv7wi: invalid hostname: \"tests.justdavis.com www.tests.jus
tdavis.com tests.davisonlinehome.name www.tests.davisonlinehome.name\"\n20161128204627 [ERROR] acme.storage: failed to load target tests.justdavis.com www.tests.justdavis
.com tests.davisonlinehome.name www.tests.davisonlinehome.name-4dh5nisfojfjjjdnyh47piv7wi: invalid target: tests.justdavis.com www.tests.justdavis.com tests.davisonlineho
me.name www.tests.davisonlinehome.name-4dh5nisfojfjjjdnyh47piv7wi: invalid hostname: \"tests.justdavis.com www.tests.justdavis.com tests.davisonlinehome.name www.tests.da
visonlinehome.name\"", "stdout": "", "stdout_lines": [], "warnings": []}
It's passing the space-separated domains as a single argument, which effectively escapes the spaces. I think this can be resolved by either quoting the command in ansible-role-acmetool/tasks/main.yml, or perhaps by switching to the shell module? Something like that, anyways.
Using the generated systemd configuration
Hello,
First I would like to thank you for the playbook, I have been using it for a while now!
There is an issue with the redirector feature, in the fact that your service file is running as the acme user who does not have the right to bind the port 80.
While I was fixing it, I stumble across the fact that acmetool can generate its own service file.
I believe it would be less maintenance to use the provided generated service file instead of using a new one. What do you think?
Role has namespace conflicts with standard modules: "setup" and "service"
Please see ansible/ansible#20702 for a detailed explanation of the problem.
Two of this role's tasks/ files: tasks/setup.yml and tasks/service.yml conflict with the builtin Ansible modules of the same names. Not sure why this only now started happening for me (since I've been using the role for a while), but this role is now causing all of my plays to fail. Maybe my move to Ansible 2.4.1.0? Not sure.
Renaming the two files (and updating main.yml to reflect that, of course) resolves the problem.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.