You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is coming up for me on the hawthorn deploys pretty frequently. If everything works right, it's not a problem, but sometimes the deploy has other issues that I'm working out and I have to comment out or skip certain roles (that are completely unrelated to letsencrypt) and it ends up in a weird state where letsencrypt generates an /etc/nginx/sites-enabled/letsencrypt file with no server_name set (just server_name ;).
I really don't understand exactly what is causing it to not get the list of domains in those cases, but the result is a broken config, nginx won't start, and I have to ssh into the servers to manually remove the files and get nginx running again before I can re-run ansible.
I think the issue is that the server_name {{ letsencrypt_certs | sum(attribute='domains', start=[]) | join(' ') }}; introduced in #23 / #24 needs to have a little extra logic to just not add the line at all if letsencrypt_certs doesn't have any entries.
This is coming up for me on the hawthorn deploys pretty frequently. If everything works right, it's not a problem, but sometimes the deploy has other issues that I'm working out and I have to comment out or skip certain roles (that are completely unrelated to letsencrypt) and it ends up in a weird state where letsencrypt generates an
/etc/nginx/sites-enabled/letsencrypt
file with noserver_name
set (justserver_name ;
).I really don't understand exactly what is causing it to not get the list of domains in those cases, but the result is a broken config, nginx won't start, and I have to ssh into the servers to manually remove the files and get nginx running again before I can re-run ansible.
I think the issue is that the
server_name {{ letsencrypt_certs | sum(attribute='domains', start=[]) | join(' ') }};
introduced in #23 / #24 needs to have a little extra logic to just not add the line at all ifletsencrypt_certs
doesn't have any entries.Something like:
But I haven't tested that.
The text was updated successfully, but these errors were encountered: