Self-signed certs interfers with letsencrypt

nickjj / ansible-nginx

Install and configure nginx (SSL A+ by default) with Ansible.

MIT License

73 stars 37 forks source link

Self-signed certs interfers with letsencrypt #12

Closed ScuttleSE closed 7 years ago

ScuttleSE commented 7 years ago

Something weird with the certs here...

First I installed the nginx-role with self-signed certs, the only way to get it up and running.

After that I did a letsencrypt-run to generate the "real" certs, but the playbook doesn't seem to replace the certs. All the sites are still using a cert for "localhost" instead of the letsencrypt one.

nickjj commented 7 years ago

What happens if you set letsencrypt_force_reset_all: True? It's False by default.

ScuttleSE commented 7 years ago

Hm, did a "manual" reset by deleting the files in /usr/local/acme-tiny, and that seemed to do the trick. Is this beacuse I did the first runs agains the test-api?

nickjj commented 7 years ago

Setting reset all does basically that, https://github.com/nickjj/ansible-letsencrypt/blob/master/tasks/main.yml#L25.

I didn't want the role to break or adjust your existing certificates unless reset all is turned on.

ScuttleSE commented 7 years ago

gotcha!