search

geerlingguy / ansible-role-certbot

Ansible Role - Certbot (for Let's Encrypt)
https://galaxy.ansible.com/geerlingguy/certbot/
MIT License
793 stars 348 forks source link

`certbot_create_standalone_stop_services` does not stop nginx on first run #209

Open C0rn3j opened 7 months ago

C0rn3j commented 7 months ago 
- name: Run certbot role for rys.pw
  ansible.builtin.include_role:
    name: geerlingguy.certbot
  vars:
    certbot_certs:
      - email: MAIL@gmail.com
        domains:
          - proxy.rys.pw
          - auth.rys.pw
          - books.rys.pw
          - cloud.rys.pw
          - gitea.rys.pw
          - jellyfin.rys.pw
          - monitoring.rys.pw
          - radio.rys.pw
          - rss.rys.pw
          - sd.rys.pw
          - wekan.rys.pw
      - email: MAIL@gmail.com
        domains: 
          - cloud.rys.pw
    certbot_create_command: "{{ certbot_script }} certonly --standalone --duplicate --noninteractive --key-type ecdsa --agree-tos --email {{ cert_item.email | default(certbot_admin_email) }} -d {{ cert_item.domains | join(',') }}"
    certbot_create_if_missing: true
    certbot_create_method: standalone
    certbot_create_standalone_stop_services:
      - nginx
    certbot_auto_renew: false

This is my current definition, which runs against an Arch Linux server with nginx.
Actual non-modified version can be seen here.

TASK [geerlingguy.certbot : Generate new certificate if one doesn't exist.] *******************************************************************************************************************************************************************************************
fatal: [proxy.rys.pw]: FAILED! => {"changed": true, "cmd": ["certbot", "certonly", "--standalone", "--duplicate", "--noninteractive", "--key-type", "ecdsa", "--agree-tos", "--email", "MAIL@gmail.com", "-d", "proxy.rys.rs,auth.rys.rs,books.rys.rs,cloud.rys.rs,gitea.rys.rs,jellyfin.rys.rs,monitoring.rys.rs,radio.rys.rs,rss.rys.rs,sd.rys.rs,wekan.rys.rs"], "delta": "0:00:02.993247", "end": "2024-04-16 09:34:57.449532", "msg": "non-zero return code", "rc": 1, "start": "2024-04-16 09:34:54.456285", "stderr": "Saving debug log to /var/log/letsencrypt/letsencrypt.log\nCould not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.\nAsk for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.", "stderr_lines": ["Saving debug log to /var/log/letsencrypt/letsencrypt.log", "Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.", "Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details."], "stdout": "Requesting a certificate for proxy.rys.rs and 10 more domains", "stdout_lines": ["Requesting a certificate for proxy.rys.rs and 10 more domains"]}

This fails to stop nginx, and just crashes because it's running.

github-actions[bot] commented 3 months ago

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

C0rn3j commented 3 months ago

@geerlingguy Please stop autoclosing old issues, marking stale is fine.