This is coming up for me on the hawthorn deploys pretty frequently. If everything works right, it's not a problem, but sometimes the deploy has other issues that I'm working out and I have to comment out or skip certain roles (that are completely unrelated to letsencrypt) and it ends up in a weird state where letsencrypt generates an /etc/nginx/sites-enabled/letsencrypt file with no server_name set (just server_name ;).
I really don't understand exactly what is causing it to not get the list of domains in those cases, but the result is a broken config, nginx won't start, and I have to ssh into the servers to manually remove the files and get nginx running again before I can re-run ansible.
I think the issue is that the server_name {{ letsencrypt_certs | sum(attribute='domains', start=[]) | join(' ') }}; introduced in #23 / #24 needs to have a little extra logic to just not add the line at all if letsencrypt_certs doesn't have any entries.
Something like:
{% if len(letsencrypt_certs) > 0 %}
server_name {{ letsencrypt_certs | sum(attribute='domains', start=[]) | join(' ') }};
{% endif %}
But I haven't tested that.
This is coming up for me on the hawthorn deploys pretty frequently. If everything works right, it's not a problem, but sometimes the deploy has other issues that I'm working out and I have to comment out or skip certain roles (that are completely unrelated to letsencrypt) and it ends up in a weird state where letsencrypt generates an
/etc/nginx/sites-enabled/letsencryptfile with noserver_nameset (justserver_name ;).I really don't understand exactly what is causing it to not get the list of domains in those cases, but the result is a broken config, nginx won't start, and I have to ssh into the servers to manually remove the files and get nginx running again before I can re-run ansible.
I think the issue is that the
server_name {{ letsencrypt_certs | sum(attribute='domains', start=[]) | join(' ') }};introduced in #23 / #24 needs to have a little extra logic to just not add the line at all ifletsencrypt_certsdoesn't have any entries.Something like:
But I haven't tested that.