nathanlcarlson
commented
4 years ago Hi, we found this as well a little while ago https://github.com/ESGF/esgf-ansible/commit/13711bde3347c75b6848251fd9b3358415c373a4. Getting a release with the change has been a little delayed, but will be coming soon.
Describe the bug I was using Lets encrypt web certificate for data node. Since the certificate in our node is expired, so I tried to renew the certificate through ESGF ansible. But it failed with the following message.
TASK [httpd : Create ACME Challenge] **** fatal: [dist.nmlab.snu.ac.kr]: FAILED! => { "changed": false, "other": {} }
MSG:
Error registering: 403 {u'status': 403, u'type': u'urn:acme:error:unauthorized', u'detail': u'Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.'}
It seems like ACME client using in ESGF ansible does not support ACMEv2. I tried updating ESGF ansible to the latest version but it did not help.
To Reproduce Steps to reproduce the behavior:
ansible-playbook -v -i hosts.test --tags data --limit dist.nmlab.snu.ac.kr install.yml OR ansible-playbook -v -i hosts.test --tags data --limit dist.nmlab.snu.ac.kr web_certs.yml
ESGF Node (please complete the following information):