ansible-role-certbot icon indicating copy to clipboard operation
ansible-role-certbot copied to clipboard

Published 20 hours ago verified publisher icon geerlingguy

`certbot_create_standalone_stop_services` does not stop nginx on first run

Open C0rn3j opened this issue 2 months ago • 0 comments 

- name: Run certbot role for rys.pw
  ansible.builtin.include_role:
    name: geerlingguy.certbot
  vars:
    certbot_certs:
      - email: [email protected]
        domains:
          - proxy.rys.pw
          - auth.rys.pw
          - books.rys.pw
          - cloud.rys.pw
          - gitea.rys.pw
          - jellyfin.rys.pw
          - monitoring.rys.pw
          - radio.rys.pw
          - rss.rys.pw
          - sd.rys.pw
          - wekan.rys.pw
      - email: [email protected]
        domains: 
          - cloud.rys.pw
    certbot_create_command: "{{ certbot_script }} certonly --standalone --duplicate --noninteractive --key-type ecdsa --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} -d {{ cert_item.domains | join(',') }}"
    certbot_create_if_missing: true
    certbot_create_method: standalone
    certbot_create_standalone_stop_services:
      - nginx
    certbot_auto_renew: false

This is my current definition, which runs against an Arch Linux server with nginx.
Actual non-modified version can be seen here.

TASK [geerlingguy.certbot : Generate new certificate if one doesn't exist.] *******************************************************************************************************************************************************************************************
fatal: [proxy.rys.pw]: FAILED! => {"changed": true, "cmd": ["certbot", "certonly", "--standalone", "--duplicate", "--noninteractive", "--key-type", "ecdsa", "--agree-tos", "--email", "[email protected]", "-d", "proxy.rys.rs,auth.rys.rs,books.rys.rs,cloud.rys.rs,gitea.rys.rs,jellyfin.rys.rs,monitoring.rys.rs,radio.rys.rs,rss.rys.rs,sd.rys.rs,wekan.rys.rs"], "delta": "0:00:02.993247", "end": "2024-04-16 09:34:57.449532", "msg": "non-zero return code", "rc": 1, "start": "2024-04-16 09:34:54.456285", "stderr": "Saving debug log to /var/log/letsencrypt/letsencrypt.log\nCould not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.\nAsk for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.", "stderr_lines": ["Saving debug log to /var/log/letsencrypt/letsencrypt.log", "Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.", "Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details."], "stdout": "Requesting a certificate for proxy.rys.rs and 10 more domains", "stdout_lines": ["Requesting a certificate for proxy.rys.rs and 10 more domains"]}

This fails to stop nginx, and just crashes because it's running.

C0rn3j avatar Apr 16 '24 07:04 C0rn3j