ansible-role-certbot icon indicating copy to clipboard operation
ansible-role-certbot copied to clipboard

Published 20 hours ago verified publisher icon geerlingguy

`certbot_create_standalone_stop_services` does not stop nginx on first run

Open C0rn3j opened this issue 1 year ago • 2 comments 

- name: Run certbot role for rys.pw
  ansible.builtin.include_role:
    name: geerlingguy.certbot
  vars:
    certbot_certs:
      - email: [email protected]
        domains:
          - proxy.rys.pw
          - auth.rys.pw
          - books.rys.pw
          - cloud.rys.pw
          - gitea.rys.pw
          - jellyfin.rys.pw
          - monitoring.rys.pw
          - radio.rys.pw
          - rss.rys.pw
          - sd.rys.pw
          - wekan.rys.pw
      - email: [email protected]
        domains: 
          - cloud.rys.pw
    certbot_create_command: "{{ certbot_script }} certonly --standalone --duplicate --noninteractive --key-type ecdsa --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} -d {{ cert_item.domains | join(',') }}"
    certbot_create_if_missing: true
    certbot_create_method: standalone
    certbot_create_standalone_stop_services:
      - nginx
    certbot_auto_renew: false

This is my current definition, which runs against an Arch Linux server with nginx.
Actual non-modified version can be seen here.

TASK [geerlingguy.certbot : Generate new certificate if one doesn't exist.] *******************************************************************************************************************************************************************************************
fatal: [proxy.rys.pw]: FAILED! => {"changed": true, "cmd": ["certbot", "certonly", "--standalone", "--duplicate", "--noninteractive", "--key-type", "ecdsa", "--agree-tos", "--email", "[email protected]", "-d", "proxy.rys.rs,auth.rys.rs,books.rys.rs,cloud.rys.rs,gitea.rys.rs,jellyfin.rys.rs,monitoring.rys.rs,radio.rys.rs,rss.rys.rs,sd.rys.rs,wekan.rys.rs"], "delta": "0:00:02.993247", "end": "2024-04-16 09:34:57.449532", "msg": "non-zero return code", "rc": 1, "start": "2024-04-16 09:34:54.456285", "stderr": "Saving debug log to /var/log/letsencrypt/letsencrypt.log\nCould not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.\nAsk for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.", "stderr_lines": ["Saving debug log to /var/log/letsencrypt/letsencrypt.log", "Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.", "Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details."], "stdout": "Requesting a certificate for proxy.rys.rs and 10 more domains", "stdout_lines": ["Requesting a certificate for proxy.rys.rs and 10 more domains"]}

This fails to stop nginx, and just crashes because it's running.

C0rn3j avatar Apr 16 '24 07:04 C0rn3j

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

github-actions[bot] avatar Aug 19 '24 12:08 github-actions[bot]

@geerlingguy Please stop autoclosing old issues, marking stale is fine.

C0rn3j avatar Aug 21 '24 16:08 C0rn3j