letsencrypt / certbot failure to run
After a fresh install of https://gitlab.com/osas/ansible-role-mailing-lists-server, using current master (ansible-role-mailman3@9c2ac594) and ansible 2.5.4 on RHEL7:
After re-running my minimal playbook:
- hosts: all
pre_tasks:
- name: ensure a list of packages installed
yum:
name: "{{ packages }}"
vars:
packages:
- policycoreutils-python
- libsemanage-python
roles:
- role: ansible-role-mailing-lists-server
display_name: "Mailman 3 staging"
domain: my-domain.org.uk
manage_firewall: False
webui_vhost: lists-m3staging.my-domain.org.uk
admin_users:
- kenny
- someone-else
mail_aliases:
# Person who should get root's mail
root:
- root
- email@my-domain.org.uk
listmaster: root
mailman_rest_pw: rest-pw
use_simple_tls: trueHere's the output from ansible-playbook.
Presumably there should be some interaction with letsencrypt during the execution of the playbook?
The output below mentions --non-interactive or --force-interactive flags.
TASK [httpd : Run the letsencrypt query] ************************************************************
fatal: [ome-mail3-s]: FAILED! => {"changed": true, "cmd": ["certbot", "--text", "--renew-by-default", "--rsa-key-size", "3072", "--email", "root+lets-lists-m3staging.my-domain.org.uk@my-domain.org.uk ", "--domains", "lists-m3staging.my-domain.org.uk,ome-mail3-s", "--agree-tos", "--webroot", "--webroot-path", "/var/www/letsencrypt/lists-m3staging.my-domain.org.uk/", "certonly"], "delta": "0:00:03. 456168", "end": "2018-09-05 16:58:28.669139", "msg": "non-zero return code", "rc": 1, "start": "2018-09-05 16:58:25.212971", "stderr": "Saving debug log to /var/log/letsencrypt/letsencrypt.log\nPlugi ns selected: Authenticator webroot, Installer None\nStarting new HTTPS connection (1): acme-v02.api.letsencrypt.org\nSkipped user interaction because Certbot doesn't appear to be running in a termina l. You should probably include --non-interactive or --force-interactive on the command line.\nObtaining a new certificate\nAn unexpected error occurred:\nThe request message was malformed :: Error cr eating new order :: DNS name does not have enough labels\nPlease see the logfiles in /var/log/letsencrypt for more details.", "stderr_lines": ["Saving debug log to /var/log/letsencrypt/letsencrypt.lo g", "Plugins selected: Authenticator webroot, Installer None", "Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org", "Skipped user interaction because Certbot doesn't appear to be runnin g in a terminal. You should probably include --non-interactive or --force-interactive on the command line.", "Obtaining a new certificate", "An unexpected error occurred:", "The request message was m alformed :: Error creating new order :: DNS name does not have enough labels", "Please see the logfiles in /var/log/letsencrypt for more details."], "stdout": "IMPORTANT NOTES:\n - Your account crede ntials have been saved in your Certbot\n configuration directory at /etc/letsencrypt. You should make a\n secure backup of this folder now. This configuration directory will\n also contain cert ificates and private keys obtained by Certbot so\n making regular backups of this folder is ideal.", "stdout_lines": ["IMPORTANT NOTES:", " - Your account credentials have been saved in your Certbo t", " configuration directory at /etc/letsencrypt. You should make a", " secure backup of this folder now. This configuration directory will", " also contain certificates and private keys obtai ned by Certbot so", " making regular backups of this folder is ideal."]}
to retry, use: --limit @/Users/kenny/staging-mail/mailing-lists-server.retryEdited by Kenny Gillen