Open jschaul opened 5 years ago
Hi @jschaul,
Sorry to hear you had trouble with the deployment.
You could probably reuse the last already generated certificate. You can find that in the S3 bucket named concourse-up-<deployment-name>-<region>-config
. Pass the value of concourse_cert
as a value for the --tls-cert
and the value of concourse_key
as a value for --tls-key
Let us know how it goes.
Hi,
thanks for providing this workaround, this worked for me. I would like to keep this issue open however, as I believe automating the "check if a recently-created let's encrypt certificate is available in the config and if so, re-use it automatically" is still worthwhile for other users and should be part of concourse-up.
In case anyone else comes across this issue: ensure your TLS certificates and keys have correct line breaks before passing it as an argument to concourse-up. (Passing a one-line string containing \n
characters to --tls-cert
or --tls-key
will be incorrectly written to disk on the concourse web instance, leading to the ATC and grafana not starting up).
Due to some issues with concourse-up / my local setup, I ran
concourse-up
multiple times. Since the certificate request code using let's encrypt does not keep track of already-requested certificates, this leads to errors caused by rate-limiting:The only workaround is to change the domain name, or wait a day/week, which is not great. Is there any way to only request a new certificate if needed (i.e. the old one is about to expire or there isn't one for that domain yet)? How/where is the let'sencrypt state saved?