Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certificate Requests stop if one certificate is already issued #113

Closed
Muirrum opened this issue Jun 8, 2020 · 7 comments · May be fixed by #223
Closed

Certificate Requests stop if one certificate is already issued #113

Muirrum opened this issue Jun 8, 2020 · 7 comments · May be fixed by #223
Labels
stale

Comments

@Muirrum
Copy link

Muirrum commented Jun 8, 2020

Given a domains list of two or more domains, if one of the domains already has a certificate issued, the others won't be issued because certbot will stop processing.
@guix77
Copy link

guix77 commented Jun 17, 2020

You can comment the domain which already has a cert. Dunnow if the renewal works fine, though.

@choice-webdev
Copy link

👍

@ymarkus ymarkus mentioned this issue Jun 26, 2020
Closed
@sashasaturn
Copy link

I can confirm such strange behavior ....

@LordAro
Copy link

LordAro commented Nov 17, 2020

Also ran into this. Looks like the role is just taking the first certificate, so I guess a workaround is to always prepend to that list?

ansible-role-certbot/tasks/create-cert-standalone.yml

Lines 2 to 5 in fe1716e

- name: Check if certificate already exists.
stat:
path: /etc/letsencrypt/live/{{ cert_item.domains | first | replace('*.', '') }}/cert.pem
register: letsencrypt_cert

Doesn't seem too difficult to make it operate on all elements of the list, rather than just the first

@LordAro
Copy link

LordAro commented Nov 17, 2020
edited
Loading

Ah, after prepending I run into:

fatal: [hostname.fqdn.com]: FAILED! => {"changed": true, "cmd": ["certbot", "certonly", "--standalone", "--noninteractive", "--agree-tos", "--email", "[email protected]", "-d", "newdomain.org,olddomain.org"]...

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Missing command line flag or config entry for this setting:
You have an existing certificate that contains a portion of the domains you requested (ref: /etc/letsencrypt/renewal/olddomain.org.conf)

It contains these names: olddomain.org

You requested these names for the new certificate: newdomain.org, olddomain.org.

Do you want to expand and replace this existing certificate with the new certificate?

(You can set this with the --expand flag)

@stale
Copy link

stale bot commented Feb 15, 2021

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

@stale stale bot added the stale label Feb 15, 2021
@stale
Copy link

stale bot commented Mar 18, 2021

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

@stale stale bot closed this as completed Mar 18, 2021
@astrojuanlu astrojuanlu mentioned this issue Aug 8, 2023
Closed
@fliespl fliespl mentioned this issue Sep 20, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Create certbot_expand flag that expands certificates if domains changes fliespl/ansible-role-certbot
5 participants
@LordAro @guix77 @sashasaturn @Muirrum @choice-webdev