Let's Encrypt fails on future attempts after initial failure
I wanted to reproduce some failure modes, to validate installation instructions, so I first ran with an IP address:
Running handlers: There was an error running gitlab-ctl reconfigure: letsencrypt_certificate[35.185.12.137] (letsencrypt::http_authorization line 3) had an error: Acme::Client::Error:: Malformed: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certific ate.rb line 20) had an error: Acme::Client::Error::Malformed: Error creating new authz :: Issuance for IP addresses not supported
That was great! I got a decent error message indicating why my attempt failed.
However after that, I tried using a DNS name https://35.185.12.137.nip.io
, but Let's Encrypt failed to run again and my instance was just provisioned as if we already had certs.
It seems like we don't attempt to fetch certificates again after a failure, we should investigate and ensure we attempt again.