Giters

thefinn93 / ansible-letsencrypt

An ansible role to generate TLS certificates and get them signed by Let's Encrypt

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Fix renewal file fails

jbroadway opened this issue · comments

commented

I'm getting a failure on the Fix the renewal file task, on Ubuntu 14.04.3. Wasn't sure if it was related to #12, so I filed it separately.

Here's the Ansible output, only modified to use dummy domain/user/ip values:

TASK: [letsencrypt | Fix the renewal file] ************************************ 
failed: [123.123.123.123] => (item={'key': 'hsts', 'value': False}) => {"failed": true, "item": {"key": "hsts", "value": false}, "parsed": false}
Traceback (most recent call last):
  File "/root/.ansible/tmp/ansible-tmp-1457017860.45-188220749930771/ini_file", line 1808, in <module>
    main()
  File "/root/.ansible/tmp/ansible-tmp-1457017860.45-188220749930771/ini_file", line 199, in main
    changed = do_ini(module, dest, section, option, value, state, backup)
  File "/root/.ansible/tmp/ansible-tmp-1457017860.45-188220749930771/ini_file", line 107, in do_ini
    cp.readfp(f)
  File "/usr/lib/python2.7/ConfigParser.py", line 324, in readfp
    self._read(fp, filename)
  File "/usr/lib/python2.7/ConfigParser.py", line 512, in _read
    raise MissingSectionHeaderError(fpname, lineno, line)
ConfigParser.MissingSectionHeaderError: File contains no section headers.
file: /etc/letsencrypt/renewal/www.example.com.conf, line: 1
'cert = /etc/letsencrypt/live/www.example.com/cert.pem\n'
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/me/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: auto-mux: Trying existing master
debug1: mux_client_request_session: master session id: 2
Shared connection to 123.123.123.123 closed.

failed: [123.123.123.123] => (item={'key': 'noninteractive_mode', 'value': False}) => {"failed": true, "item": {"key": "noninteractive_mode", "value": false}, "parsed": false}
Traceback (most recent call last):
  File "/root/.ansible/tmp/ansible-tmp-1457017862.43-256610657680159/ini_file", line 1808, in <module>
    main()
  File "/root/.ansible/tmp/ansible-tmp-1457017862.43-256610657680159/ini_file", line 199, in main
    changed = do_ini(module, dest, section, option, value, state, backup)
  File "/root/.ansible/tmp/ansible-tmp-1457017862.43-256610657680159/ini_file", line 107, in do_ini
    cp.readfp(f)
  File "/usr/lib/python2.7/ConfigParser.py", line 324, in readfp
    self._read(fp, filename)
  File "/usr/lib/python2.7/ConfigParser.py", line 512, in _read
    raise MissingSectionHeaderError(fpname, lineno, line)
ConfigParser.MissingSectionHeaderError: File contains no section headers.
file: /etc/letsencrypt/renewal/www.example.com.conf, line: 1
'cert = /etc/letsencrypt/live/www.example.com/cert.pem\n'
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/me/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: auto-mux: Trying existing master
debug1: mux_client_request_session: master session id: 2
Shared connection to 123.123.123.123 closed.

failed: [123.123.123.123] => (item={'key': 'verb', 'value': 'certonly'}) => {"failed": true, "item": {"key": "verb", "value": "certonly"}, "parsed": false}
Traceback (most recent call last):
  File "/root/.ansible/tmp/ansible-tmp-1457017863.52-132582587862555/ini_file", line 1808, in <module>
    main()
  File "/root/.ansible/tmp/ansible-tmp-1457017863.52-132582587862555/ini_file", line 199, in main
    changed = do_ini(module, dest, section, option, value, state, backup)
  File "/root/.ansible/tmp/ansible-tmp-1457017863.52-132582587862555/ini_file", line 107, in do_ini
    cp.readfp(f)
  File "/usr/lib/python2.7/ConfigParser.py", line 324, in readfp
    self._read(fp, filename)
  File "/usr/lib/python2.7/ConfigParser.py", line 512, in _read
    raise MissingSectionHeaderError(fpname, lineno, line)
ConfigParser.MissingSectionHeaderError: File contains no section headers.
file: /etc/letsencrypt/renewal/www.example.com.conf, line: 1
'cert = /etc/letsencrypt/live/www.example.com/cert.pem\n'
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/me/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: auto-mux: Trying existing master
debug1: mux_client_request_session: master session id: 2
Shared connection to 123.123.123.123 closed.

failed: [123.123.123.123] => (item={'key': 'uir', 'value': False}) => {"failed": true, "item": {"key": "uir", "value": false}, "parsed": false}
Traceback (most recent call last):
  File "/root/.ansible/tmp/ansible-tmp-1457017864.43-259468994528719/ini_file", line 1808, in <module>
    main()
  File "/root/.ansible/tmp/ansible-tmp-1457017864.43-259468994528719/ini_file", line 199, in main
    changed = do_ini(module, dest, section, option, value, state, backup)
  File "/root/.ansible/tmp/ansible-tmp-1457017864.43-259468994528719/ini_file", line 107, in do_ini
    cp.readfp(f)
  File "/usr/lib/python2.7/ConfigParser.py", line 324, in readfp
    self._read(fp, filename)
  File "/usr/lib/python2.7/ConfigParser.py", line 512, in _read
    raise MissingSectionHeaderError(fpname, lineno, line)
ConfigParser.MissingSectionHeaderError: File contains no section headers.
file: /etc/letsencrypt/renewal/www.example.com.conf, line: 1
'cert = /etc/letsencrypt/live/www.example.com/cert.pem\n'
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/me/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: auto-mux: Trying existing master
debug1: mux_client_request_session: master session id: 2
Shared connection to 123.123.123.123 closed.

failed: [123.123.123.123] => (item={'key': 'os_packages_only', 'value': False}) => {"failed": true, "item": {"key": "os_packages_only", "value": false}, "parsed": false}
Traceback (most recent call last):
  File "/root/.ansible/tmp/ansible-tmp-1457017865.18-131905098567879/ini_file", line 1808, in <module>
    main()
  File "/root/.ansible/tmp/ansible-tmp-1457017865.18-131905098567879/ini_file", line 199, in main
    changed = do_ini(module, dest, section, option, value, state, backup)
  File "/root/.ansible/tmp/ansible-tmp-1457017865.18-131905098567879/ini_file", line 107, in do_ini
    cp.readfp(f)
  File "/usr/lib/python2.7/ConfigParser.py", line 324, in readfp
    self._read(fp, filename)
  File "/usr/lib/python2.7/ConfigParser.py", line 512, in _read
    raise MissingSectionHeaderError(fpname, lineno, line)
ConfigParser.MissingSectionHeaderError: File contains no section headers.
file: /etc/letsencrypt/renewal/www.example.com.conf, line: 1
'cert = /etc/letsencrypt/live/www.example.com/cert.pem\n'
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /Users/me/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: /etc/ssh_config line 102: Applying options for *
debug1: auto-mux: Trying existing master
debug1: mux_client_request_session: master session id: 2
Shared connection to 123.123.123.123 closed.


FATAL: all hosts have already failed -- aborting
commented

Oo interesting okay. Sorry for delay on all of this, I don't really have time to figure it out right now. The renewal.conf starts with several variables before any section headings, which I thought was invalid for an ini file, but oi tried it on Debian Jessie and it worked, so I assumed it worked elsewhere. However, it appeared that is not the case. Perhaps the newer Python or versions are okay with it or something. I was considering fixing the renewal file with templates or lineinfile, both of which would fix this but make the whole process much more tedious and likely to break. I'll look at it more as I get a chance. If you figure anything out, please let me know

commented

I'm getting this with:

$ python -V
Python 2.7.9
commented

Okay, thanks. I'll keep playing with it. I'm confused how it worked the first time...

commented

I've got this issue when running with ansible 1.9 series - looks like 2.x fixes it

commented

Cool. So can I say this role requires Ansible 2.0 and close this issue?

commented

I've just ran current ansible-letsencrypt playbook with ansible 1.9.4 and a "old" production letsencrypt configuration. I had exactly the same problem:

failed: [xxxxxx] => (item={'key': 'os_packages_only', 'value': False}) => {"failed": true, "item": {"key": "os_packages_only", "value": false}, "parsed": false}
BECOME-SUCCESS-ngmaqxqbmvxngkpnttrbosxrzibzrtgg
Traceback (most recent call last):
  File "/home/ubuntu/.ansible/tmp/ansible-tmp-1461723697.4-188384493118721/ini_file", line 1821, in <module>
    main()
  File "/home/ubuntu/.ansible/tmp/ansible-tmp-1461723697.4-188384493118721/ini_file", line 199, in main
    changed = do_ini(module, dest, section, option, value, state, backup)
  File "/home/ubuntu/.ansible/tmp/ansible-tmp-1461723697.4-188384493118721/ini_file", line 107, in do_ini
    cp.readfp(f)
  File "/usr/lib/python2.7/ConfigParser.py", line 324, in readfp
    self._read(fp, filename)
  File "/usr/lib/python2.7/ConfigParser.py", line 512, in _read
    raise MissingSectionHeaderError(fpname, lineno, line)
ConfigParser.MissingSectionHeaderError: File contains no section headers.
file: /etc/letsencrypt/renewal/www.my-domain.net, line: 1
'cert = /etc/letsencrypt/live/www.my-domain.net/cert.pem\n'
OpenSSH_6.9p1, LibreSSL 2.1.8
...
Shared connection to XXXXXX closed.

To fix it, I deleted the conf file on the server:

sudo rm /etc/letsencrypt/renewal/www.my-domain.net
commented

That is not a fix, as you'll likely find out when it comes time to renew.