Can't generate SSL cert with ansible script (Unprocessable Entity)

fatal: [tezos.rocks]: FAILED! => {"attempts": 3, "cf_cache_status": "DYNAMIC", "cf_ray": "805f120e1a7edfab-SYD", "changed": false, "connection": "close", "content": "{\"id\":\"unprocessable_entity\",\"message\":\"name is not unique\",\"request_id\":\"866b6f50-0280-435d-8c39-1d4c0655efd1\"}\n", "content_length": "113", "content_type": "application/json; charset=utf-8", "date": "Wed, 13 Sep 2023 08:37:50 GMT", "elapsed": 0, "json": {"id": "unprocessable_entity", "message": "name is not unique", "request_id": "866b6f50-0280-435d-8c39-1d4c0655efd1"}, "msg": "Status code was 422 and not [202]: HTTP Error 422: Unprocessable Entity", "ratelimit_limit": "5000", "ratelimit_remaining": "4988", "ratelimit_reset": "1694597840", "redirected": false, "server": "cloudflare", "set_cookie": "__cf_bm=NetnvUvPJIJzc5yElo1K4.ow8_oM8Ba.OqP2nPTDA.4-1694594270-0-AcgNoo7yLF2IaEinMHJBrJAaflDzb1beulit59VBBQ9vKqk3zTbcl9yYVx9R5PGOUvYF2n2e5RN6udz0ZyAkaywbqulJkjTJ4Jdmm5nLEThI; path=/; expires=Wed, 13-Sep-23 09:07:50 GMT; domain=.digitalocean.com; HttpOnly; Secure; SameSite=None", "status": 422, "url": "https://api.digitalocean.com/v2/certificates", "x_gateway": "Edge-Gateway", "x_request_id": "866b6f50-0280-435d-8c39-1d4c0655efd1", "x_response_from": "service"}

Hey, sorry been swamped with finishing touches on an app for my day job and haven't had a chance to check the Wagtail slack in the past few days.

In this output the most telling things are:

{"id": "unprocessable_entity", "message": "name is not unique"...

and

..."status": 422, "url": "https://api.digitalocean.com/v2/certificates"...

So this is the block of code in the script that's failing:

https://github.com/RentFreeMedia/rentfreemedia/blob/7bfefa14af8ec732e14e1185d04fa897f677ee5d/ansible/main.yml#L187C4-L209C19

It's trying to create cdn.(yourdomain).(com/net/au/whichever)

Does that name already exist in your DigitalOcean account? Or in another existing domain name that's already in use? If your website is myname.au it's trying to create "cdn.myname.au" and associate it with the public storage bucket used for images, CSS, javascript files, etc.

I know you mentioned that you had used (or the script had failed to deploy) particular buckets before, and they might not be completely deleted. Or perhaps you've got a cdn.myname.au already in use by some other service.

There are three places where that hostname is specified in that ansible deployment's scripts, all in main.yml..

https://github.com/RentFreeMedia/rentfreemedia/blob/7bfefa14af8ec732e14e1185d04fa897f677ee5d/ansible/main.yml#L643

https://github.com/RentFreeMedia/rentfreemedia/blob/7bfefa14af8ec732e14e1185d04fa897f677ee5d/ansible/main.yml#L198

https://github.com/RentFreeMedia/rentfreemedia/blob/7bfefa14af8ec732e14e1185d04fa897f677ee5d/ansible/main.yml#L244

In each of these lines there's a cdn.

If that certificate already exists in your DigitalOcean account, or some other service is already using that domain name, you could change the prefix on all those entries to something else. cdn2 or cdn3 or pub. or some other such thing.

If that works, you would the only need to change the equivalent value in your Wagtail deployment's env file to propagate that change to the rest of the deployment.

https://github.com/RentFreeMedia/rentfreemedia/blob/7bfefa14af8ec732e14e1185d04fa897f677ee5d/rentfree/env#L18

The catch with ansible is it either works, or it doesn't and just fails, unfortunately, so if previous attempted deployments failed you'll probably have to manually delete things in your DigitalOcean account that it tried to create before.

I tried changing cdn to cdn2 and pub but got this:

[DEPRECATION WARNING]: Alias 's3_url' is deprecated. See the module docs for more information. This feature will be 
removed from amazon.aws in a release after 2024-12-01. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.
fatal: [tezos.rocks]: FAILED! => {"attempts": 3, "changed": false, "msg": "Failed to import the required Python library (botocore and boto3) on rentfreecannabis's Python /usr/bin/python3. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"}

Then I realised I needed to install the requirements, but it didn't look like the virtual environment activated properly (the command line didn't update to rentfreelibs)

  Downloading psycopg2-2.9.7.tar.gz (383 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 383.5/383.5 kB 34.8 MB/s eta 0:00:00
  Preparing metadata (setup.py) ... error
  error: subprocess-exited-with-error

  × python setup.py egg_info did not run successfully.
  │ exit code: 1
  ╰─> [23 lines of output]
      running egg_info
      creating /tmp/pip-pip-egg-info-727nj3la/psycopg2.egg-info
      writing /tmp/pip-pip-egg-info-727nj3la/psycopg2.egg-info/PKG-INFO
      writing dependency_links to /tmp/pip-pip-egg-info-727nj3la/psycopg2.egg-info/dependency_links.txt
      writing top-level names to /tmp/pip-pip-egg-info-727nj3la/psycopg2.egg-info/top_level.txt
      writing manifest file '/tmp/pip-pip-egg-info-727nj3la/psycopg2.egg-info/SOURCES.txt'

      Error: pg_config executable not found.

      pg_config is required to build psycopg2 from source.  Please add the directory
      containing pg_config to the $PATH or specify the full executable path with the
      option:

          python setup.py build_ext --pg-config /path/to/pg_config build ...

      or with the pg_config option in 'setup.cfg'.

      If you prefer to avoid building psycopg2 from source, please install the PyPI
      'psycopg2-binary' package instead.

      For further information please check the 'doc/src/install.rst' file (also at
      <https://www.psycopg.org/docs/install.html>).

      [end of output]

  note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed

I appreciate all your help so far but I think I'll need to use a more beginner friendly setup for this website I'm working on.

RentFreeMedia / rentfreemedia

Can't generate SSL cert with ansible script (Unprocessable Entity) #12