Failure during `Generate CSRs` step

[matgargano]

Submit a feature request or bug report

• [x ] I've read the guidelines for Contributing to Roots Projects
• [ ] This is a feature request
• [x ] This is a bug report
• [ ] This request isn't a duplicate of an existing issue
• [x ] I've read the docs and followed them (if applicable)
• [ ] This is not a personal support request that should be posted on the Roots Discourse forums

Replace any X with your information.

---

What is the current behavior?

When trying to provision, I get a failure while

TASK [letsencrypt : Generate CSRs] ************************************************************************************************************************************************************************************************
System info:
  Ansible 2.4.0.0; Darwin
  Trellis version (per changelog): "Allow customizing Nginx `worker_connections`"
---------------------------------------------------
non-zero return code
Error Loading request extension section SAN
140099923629720:error:2206D06D:X509 V3 routines:X509V3_parse_list:invalid
null value:v3_utl.c:354:
140099923629720:error:22097069:X509 V3 routines:DO_EXT_NCONF:invalid
extension string:v3_conf.c:140:name=subjectAltName,section=DNS:
140099923629720:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in
extension:v3_conf.c:95:name=subjectAltName, value=DNS:
failed: [142.93.114.46] (item=mysite.com) => {"changed": true, "cmd": "openssl req -new -sha256 -key '/etc/nginx/ssl/letsencrypt/mysite.com.key' -subj '/' -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:')) > /var/lib/letsencrypt/csrs/mysite.com-8fc8607.csr", "delta": "0:00:00.010657", "end": "2018-10-10 01:38:46.208166", "failed": true, "item": "mysite.com", "rc": 1, "start": "2018-10-10 01:38:46.197509", "stderr_lines": ["Error Loading request extension section SAN", "140099923629720:error:2206D06D:X509 V3 routines:X509V3_parse_list:invalid null value:v3_utl.c:354:", "140099923629720:error:22097069:X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:140:name=subjectAltName,section=DNS:", "140099923629720:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=subjectAltName, value=DNS:"], "stdout": "", "stdout_lines": []}

What is the expected or desired behavior?

A provisioned site on my box with an SSL key

---

Bug report

(delete this section if not applicable)

Please provide steps to reproduce, including full log output:

create new Ubuntu box version 16.04 clone trellis create trellis installation script for staging (update passwords, etc) run ansible-playbook server.yml -e env=staging

me (master) trellis $ ansible-playbook server.yml -e env=staging

PLAY [Ensure necessary variables are defined] *************************************************************************************************************************************************************************************

TASK [Ensure environment is defined] **********************************************************************************************************************************************************************************************
skipping: [localhost]

PLAY [Test Connection and Determine Remote User] **********************************************************************************************************************************************************************************

TASK [connection : Require manual definition of remote-user] **********************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [connection : Specify preferred HostKeyAlgorithms for unknown hosts] *********************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [connection : Check whether Ansible can connect as root] *********************************************************************************************************************************************************************
ok: [142.93.114.46 -> localhost]

TASK [connection : Warn about change in host keys] ********************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [connection : Set remote user for each host] *********************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [connection : Announce which user was selected] ******************************************************************************************************************************************************************************
Note: Ansible will attempt connections as user = root

Note: The host `142.93.114.46` was not detected in known_hosts
so Trellis prompted the host to offer a key type that will work with
the stronger key types Trellis configures on the server. This avoids future
connection failures due to changed host keys. Trellis used this SSH option:

  -o HostKeyAlgorithms=ssh-ed25519-cert-v01@openssh.com,ssh-rsa-
cert-v01@openssh.com,ssh-ed25519,ssh-rsa

To prevent Trellis from ever using this SSH option, add this to group_vars:

  dynamic_host_key_algorithms: false
ok: [142.93.114.46]

TASK [connection : Load become password] ******************************************************************************************************************************************************************************************
skipping: [142.93.114.46]

PLAY [Install prerequisites] ******************************************************************************************************************************************************************************************************

TASK [Install Python 2.x] *********************************************************************************************************************************************************************************************************
changed: [142.93.114.46]

PLAY [WordPress Server - Install LEMP Stack with PHP 7.2 and MariaDB MySQL] *******************************************************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [common : Load wordpress_sites.yml vars into <env>_sites vars] ***************************************************************************************************************************************************************
skipping: [142.93.114.46] => (item=staging) 

TASK [common : Fail if there are duplicate site keys within host's wordpress_sites] ***********************************************************************************************************************************************

TASK [common : Validate wordpress_sites] ******************************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [common : Validate format of site_hosts] *************************************************************************************************************************************************************************************
skipping: [142.93.114.46] => (item=mysite.com) 

TASK [common : Verify dict format for apt package component variables] ************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [common : Verify dict format for apt package combined variables] *************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [common : Validate Ubuntu version] *******************************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [common : Check whether passlib is needed] ***********************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [common : Retrieve local SSH client's settings per host] *********************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [common : Validate compatible settings between SSH client and server] ********************************************************************************************************************************************************
ok: [142.93.114.46] => {
    "changed": false, 
    "failed": false, 
    "msg": "All assertions passed"
}

TASK [common : Checking essentials] ***********************************************************************************************************************************************************************************************
changed: [142.93.114.46] => (item=python-software-properties)
changed: [142.93.114.46] => (item=build-essential)
ok: [142.93.114.46] => (item=git)
changed: [142.93.114.46] => (item=python-mysqldb)
changed: [142.93.114.46] => (item=libnss-myhostname)
ok: [142.93.114.46] => (item=dbus)
ok: [142.93.114.46] => (item=python-pycurl)
ok: [142.93.114.46] => (item=curl)

TASK [common : Validate timezone variable] ****************************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [common : Explain timezone error] ********************************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [common : Add myhostname to nsswitch.conf to ensure resolvable hostname] *****************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [common : Generate SSH key for vagrant user] *********************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [common : Retrieve SSH client IP] ********************************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [swapfile : install dependencies] ********************************************************************************************************************************************************************************************
ok: [142.93.114.46] => (item=[u'util-linux'])

TASK [swapfile : write swap file] *************************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [swapfile : set swap file permissions] ***************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [swapfile : create swap file] ************************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [swapfile : enable swapfile] *************************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [swapfile : add swapfile to /etc/fstab] **************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [swapfile : configure vm.swappiness] *****************************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [swapfile : configure vm.vfs_cache_pressure] *********************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [fail2ban : ensure fail2ban is installed] ************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [fail2ban : ensure fail2ban is configured] ***********************************************************************************************************************************************************************************
changed: [142.93.114.46] => (item=jail.local)
changed: [142.93.114.46] => (item=fail2ban.local)

TASK [fail2ban : ensure fail2ban starts on a fresh reboot] ************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [ferm : ensure ferm status is in debconf] ************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [ferm : ensure ferm is installed] ********************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [ferm : ensure configuration directories exist] ******************************************************************************************************************************************************************************
changed: [142.93.114.46] => (item=/etc/ferm/ferm.d)
changed: [142.93.114.46] => (item=/etc/ferm/filter-input.d)

TASK [ferm : ensure firewall is configured] ***************************************************************************************************************************************************************************************
changed: [142.93.114.46] => (item=etc/default/ferm)
changed: [142.93.114.46] => (item=etc/ferm/ferm.conf)

TASK [ferm : ensure iptables INPUT rules are removed] *****************************************************************************************************************************************************************************
skipping: [142.93.114.46] => (item={u'dport': [u'http', u'https'], u'type': u'dport_accept', u'filename': u'nginx_accept'}) 
skipping: [142.93.114.46] => (item={u'dport': [u'ssh'], u'type': u'dport_accept', u'saddr': [u'108.30.39.84']}) 
skipping: [142.93.114.46] => (item={u'dport': [u'ssh'], u'seconds': 300, u'hits': 20, u'type': u'dport_limit'}) 

TASK [ferm : ensure iptables INPUT rules are added] *******************************************************************************************************************************************************************************
changed: [142.93.114.46] => (item={u'dport': [u'http', u'https'], u'type': u'dport_accept', u'filename': u'nginx_accept'})
changed: [142.93.114.46] => (item={u'dport': [u'ssh'], u'type': u'dport_accept', u'saddr': [u'108.30.39.84']})
changed: [142.93.114.46] => (item={u'dport': [u'ssh'], u'seconds': 300, u'hits': 20, u'type': u'dport_limit'})

TASK [ferm : ensure iptables rules are enabled] ***********************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [ferm : ensure iptables rules are disabled] **********************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [ntp : Include OS-specific variables.] ***************************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [ntp : Ensure NTP-related packages are installed.] ***************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [ntp : Ensure tzdata package is installed (Linux).] **************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [ntp : include_tasks] ********************************************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [ntp : Set timezone] *********************************************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [ntp : Ensure NTP is running and enabled as configured.] *********************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [ntp : Ensure NTP is stopped and disabled as configured.] ********************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [ntp : Generate ntp.conf file] ***********************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [users : Ensure requested groups are present] ********************************************************************************************************************************************************************************
ok: [142.93.114.46] => (item=www-data)
ok: [142.93.114.46] => (item=sudo)

TASK [users : Ensure sudo group has sudo privileges] ******************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [users : Fail if root login will be disabled but admin_user will not be a sudoer] ********************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [users : Setup users] ********************************************************************************************************************************************************************************************************
changed: [142.93.114.46] => (item={u'keys': [u'https://github.com/me.keys', u'https://github.com/partner.keys'], u'name': u'web', u'groups': [u'www-data']})
changed: [142.93.114.46] => (item={u'keys': [u'https://github.com/me.keys', u'https://github.com/partner.keys'], u'name': u'admin', u'groups': [u'sudo']})

TASK [users : Add web user sudoers items for services] ****************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [users : Add SSH keys] *******************************************************************************************************************************************************************************************************
changed: [142.93.114.46] => (item=({u'name': u'web', u'groups': [u'www-data']}, u'https://github.com/me.keys'))
changed: [142.93.114.46] => (item=({u'name': u'web', u'groups': [u'www-data']}, u'https://github.com/partner.keys'))
changed: [142.93.114.46] => (item=({u'name': u'admin', u'groups': [u'sudo']}, u'https://github.com/me.keys'))
changed: [142.93.114.46] => (item=({u'name': u'admin', u'groups': [u'sudo']}, u'https://github.com/partner.keys'))

TASK [users : Check whether Ansible can connect as admin_user] ********************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [users : Fail if root login will be disabled but admin_user cannot connect] **************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [users : Confirm that a non-root user can connect] ***************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [users : Confirm disabling of SSH password authentication] *******************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [sshd : Ensure latest SSH server and client are installed] *******************************************************************************************************************************************************************
ok: [142.93.114.46] => (item=openssh-server)
ok: [142.93.114.46] => (item=openssh-client)

TASK [sshd : Create a secure sshd_config] *****************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [sshd : Create a secure ssh_config] ******************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [sshd : Remove Diffie-Hellman moduli of size < 2000] *************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [mariadb : Add MariaDB APT key] **********************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [mariadb : Add MariaDB PPA] **************************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [mariadb : Install MySQL client] *********************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [mariadb : Install MySQL server] *********************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [mariadb : Disable MariaDB binary logging] ***********************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [mariadb : Set root user password] *******************************************************************************************************************************************************************************************
changed: [142.93.114.46] => (item=142.93.114.46)
changed: [142.93.114.46] => (item=127.0.0.1)
changed: [142.93.114.46] => (item=::1)
changed: [142.93.114.46] => (item=localhost)

TASK [mariadb : Copy .my.cnf file with root password credentials.] ****************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [mariadb : Delete anonymous MySQL server users] ******************************************************************************************************************************************************************************
ok: [142.93.114.46] => (item=localhost)
ok: [142.93.114.46] => (item=142.93.114.46)
ok: [142.93.114.46] => (item=deleteme)

TASK [mariadb : Remove the test database] *****************************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [ssmtp : Install ssmtp] ******************************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [ssmtp : ssmtp configuration] ************************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [ssmtp : ssmtp revaliases configuration] *************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [php : Add PHP 7.2 PPA] ******************************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [php : Install PHP 7.2] ******************************************************************************************************************************************************************************************************
changed: [142.93.114.46] => (item=php7.2-fpm)
ok: [142.93.114.46] => (item=php7.2-cli)
changed: [142.93.114.46] => (item=php7.2-mysql)
changed: [142.93.114.46] => (item=php7.2-xml)
changed: [142.93.114.46] => (item=php7.2-curl)
changed: [142.93.114.46] => (item=php7.2-dev)
changed: [142.93.114.46] => (item=php7.2-xmlrpc)
ok: [142.93.114.46] => (item=php7.2-opcache)
changed: [142.93.114.46] => (item=php7.2-gd)
ok: [142.93.114.46] => (item=php7.2-common)
changed: [142.93.114.46] => (item=php7.2-mbstring)
changed: [142.93.114.46] => (item=php7.2-zip)

TASK [php : Start php7.2-fpm service] *********************************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [php : Check for existing php7.1-fpm service] ********************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [php : Stop php7.1-fpm service if it exists] *********************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [php : PHP configuration file] ***********************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [memcached : Install memcached] **********************************************************************************************************************************************************************************************
changed: [142.93.114.46] => (item=memcached)
changed: [142.93.114.46] => (item=php-memcached)

TASK [memcached : Copy the client configuration file] *****************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [memcached : Set the max open file descriptors] ******************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [memcached : Start the memcached service] ************************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [nginx : Add Nginx PPA] ******************************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [nginx : Install Nginx] ******************************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [nginx : Create SSL directory] ***********************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [nginx : Generate strong unique Diffie-Hellman group.] ***********************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [nginx : Copy h5bp configs] **************************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [nginx : Create nginx.conf] **************************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [nginx : Disable default server] *********************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [nginx : Enable Nginx to start on boot] **************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [logrotate : nickhammond.logrotate | Install logrotate] **********************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [logrotate : nickhammond.logrotate | Setup logrotate.d scripts] **************************************************************************************************************************************************************
changed: [142.93.114.46] => (item={u'path': u'/srv/www/**/logs/*.log', u'scripts': {u'postrotate': u'service nginx rotate', u'prerotate': u'if [ -d /etc/logrotate.d/httpd-prerotate ]; then \\\n      run-parts /etc/logrotate.d/httpd-prerotate; \\\n    fi \\\n'}, u'options': [u'weekly', u'maxsize 50M', u'missingok', u'rotate 8', u'compress', u'delaycompress', u'notifempty', u'create 0640 web www-data', u'sharedscripts'], u'name': u'wordpress-sites'})

TASK [composer : Set php_executable variable to a default if not defined.] ********************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [composer : Check if Composer is installed.] *********************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [composer : Download Composer installer.] ************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [composer : Run Composer installer.] *****************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [composer : Move Composer into globally-accessible location.] ****************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [composer : Update Composer to latest version (if configured).] **************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [composer : Ensure composer directory exists.] *******************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [composer : Add GitHub OAuth token for Composer (if configured).] ************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [composer : include_tasks] ***************************************************************************************************************************************************************************************************
included: /Users/me/Sites/mysite.com/trellis/vendor/roles/composer/tasks/global-require.yml for 142.93.114.46

TASK [composer : Install configured globally-required packages.] ******************************************************************************************************************************************************************
changed: [142.93.114.46] => (item={u'name': u'hirak/prestissimo'})

TASK [composer : Add composer_home_path bin directory to global $PATH.] ***********************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [composer : include_tasks] ***************************************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [wp-cli : Ensure gpg2 is installed] ******************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [wp-cli : Download WP-CLI Phar] **********************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [wp-cli : Download WP-CLI Phar Signature] ************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [wp-cli : Copy WP-CLI release team public key] *******************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [wp-cli : Verify WP-CLI Phar Signature] **************************************************************************************************************************************************************************************
ok: [142.93.114.46]

TASK [wp-cli : Install WP-CLI] ****************************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [wp-cli : Retrieve WP-CLI tab completions] ***********************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [wp-cli : Install WP-CLI tab completions] ************************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [wp-cli : Install WP-CLI packages] *******************************************************************************************************************************************************************************************

TASK [letsencrypt : Create directories and set permissions] ***********************************************************************************************************************************************************************
changed: [142.93.114.46] => (item={u'path': u'/var/lib/letsencrypt', u'mode': u'0700'})
changed: [142.93.114.46] => (item={u'path': u'/var/lib/letsencrypt/csrs'})
changed: [142.93.114.46] => (item={u'path': u'/usr/local/letsencrypt'})
changed: [142.93.114.46] => (item={u'path': u'/srv/www/letsencrypt'})
changed: [142.93.114.46] => (item={u'path': u'/etc/nginx/ssl/letsencrypt', u'mode': u'0700'})

TASK [letsencrypt : Clone acme-tiny repository] ***********************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [letsencrypt : Copy Lets Encrypt account key source file] ********************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [letsencrypt : Copy Lets Encrypt account key source contents] ****************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [letsencrypt : Generate a new account key] ***********************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [letsencrypt : Download intermediate certificate] ****************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [letsencrypt : Create Nginx conf for challenges location] ********************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [letsencrypt : Get list of hosts in current Nginx conf] **********************************************************************************************************************************************************************
ok: [142.93.114.46] => (item=mysite.com)

TASK [letsencrypt : Create needed Nginx confs for challenges] *********************************************************************************************************************************************************************
skipping: [142.93.114.46] => (item=mysite.com) 

TASK [letsencrypt : Enable Nginx sites] *******************************************************************************************************************************************************************************************
skipping: [142.93.114.46] => (item=mysite.com) 

TASK [letsencrypt : reload nginx] *************************************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [letsencrypt : perform nginx reload] *****************************************************************************************************************************************************************************************
skipping: [142.93.114.46]

TASK [letsencrypt : Create test Acme Challenge file] ******************************************************************************************************************************************************************************
changed: [142.93.114.46]

TASK [letsencrypt : Test Acme Challenges] *****************************************************************************************************************************************************************************************
ok: [142.93.114.46] => (item=mysite.com)

TASK [letsencrypt : Notify of challenge failures] *********************************************************************************************************************************************************************************
skipping: [142.93.114.46] => (item=mysite.com) 

TASK [letsencrypt : Generate private keys] ****************************************************************************************************************************************************************************************
changed: [142.93.114.46] => (item=mysite.com)

TASK [letsencrypt : Ensure correct permissions on private keys] *******************************************************************************************************************************************************************
changed: [142.93.114.46] => (item=mysite.com)

TASK [letsencrypt : Generate Lets Encrypt certificate IDs] ************************************************************************************************************************************************************************
ok: [142.93.114.46] => (item=mysite.com)

TASK [letsencrypt : Generate CSRs] ************************************************************************************************************************************************************************************************
System info:
  Ansible 2.4.0.0; Darwin
  Trellis version (per changelog): "Allow customizing Nginx `worker_connections`"
---------------------------------------------------
non-zero return code
Error Loading request extension section SAN
140099923629720:error:2206D06D:X509 V3 routines:X509V3_parse_list:invalid
null value:v3_utl.c:354:
140099923629720:error:22097069:X509 V3 routines:DO_EXT_NCONF:invalid
extension string:v3_conf.c:140:name=subjectAltName,section=DNS:
140099923629720:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in
extension:v3_conf.c:95:name=subjectAltName, value=DNS:
failed: [142.93.114.46] (item=mysite.com) => {"changed": true, "cmd": "openssl req -new -sha256 -key '/etc/nginx/ssl/letsencrypt/mysite.com.key' -subj '/' -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:')) > /var/lib/letsencrypt/csrs/mysite.com-8fc8607.csr", "delta": "0:00:00.010657", "end": "2018-10-10 01:38:46.208166", "failed": true, "item": "mysite.com", "rc": 1, "start": "2018-10-10 01:38:46.197509", "stderr_lines": ["Error Loading request extension section SAN", "140099923629720:error:2206D06D:X509 V3 routines:X509V3_parse_list:invalid null value:v3_utl.c:354:", "140099923629720:error:22097069:X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:140:name=subjectAltName,section=DNS:", "140099923629720:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=subjectAltName, value=DNS:"], "stdout": "", "stdout_lines": []}

RUNNING HANDLER [common : restart memcached] **************************************************************************************************************************************************************************************
changed: [142.93.114.46]

RUNNING HANDLER [common : reload php-fpm] *****************************************************************************************************************************************************************************************
changed: [142.93.114.46]

RUNNING HANDLER [common : reload nginx] *******************************************************************************************************************************************************************************************
changed: [142.93.114.46]

RUNNING HANDLER [common : perform nginx reload] ***********************************************************************************************************************************************************************************
changed: [142.93.114.46]

RUNNING HANDLER [fail2ban : restart fail2ban] *************************************************************************************************************************************************************************************
changed: [142.93.114.46]

RUNNING HANDLER [ferm : restart ferm] *********************************************************************************************************************************************************************************************
changed: [142.93.114.46]

RUNNING HANDLER [ntp : restart ntp] ***********************************************************************************************************************************************************************************************
changed: [142.93.114.46]

RUNNING HANDLER [sshd : restart ssh] **********************************************************************************************************************************************************************************************
changed: [142.93.114.46]

RUNNING HANDLER [mariadb : restart mysql server] **********************************************************************************************************************************************************************************
changed: [142.93.114.46]
        to retry, use: --limit @/Users/me/Sites/mysite.com/trellis/server.retry

PLAY RECAP ************************************************************************************************************************************************************************************************************************
142.93.114.46              : ok=111  changed=78   unreachable=0    failed=1   
localhost                  : ok=0    changed=0    unreachable=0    failed=0  

Please describe your local environment:

Ansible version: 4.2.0.0

OS: osx 10.12.6

Vagrant version: N/A

Where did the bug happen? Development or remote servers?

A fresh Ubuntu 16.04 server from Digital Ocean

Please provide a repository or your wordpress_sites config (if possible):

can't publically

Is there a related Discourse thread or were any utilized (please link them)?

https://discourse.roots.io/t/ran-the-latest-trellis-on-a-fresh-16-04-04-box-from-digitalocean-and-letsencrypt-is-failing/13797

---

Feature Request

(delete this section if not applicable)

Please provide use cases for changing the current behavior:

X

Other relevant information:

X

[matgargano]

For prudence sake, the issue was I did not have a site_hosts defined in my config