Skip to content
This repository has been archived by the owner on Sep 2, 2021. It is now read-only.

Acmetool performs want while Nginx is down #21

Open
emcniece opened this issue Mar 11, 2017 · 3 comments
Open

Acmetool performs want while Nginx is down #21

emcniece opened this issue Mar 11, 2017 · 3 comments
Labels
bug
Milestone
MVP 1.0

Comments

@emcniece
Copy link
Member

acmetool want [domain] runs without checking if the domain is accessible. This results in an LE request failure:

DEBU[0180] Running check command '[ -d /etc/nginx/certs/docker.limbicmedia.ca ] && exit 1 || exit 0'
INFO[0180] Executing notify command 'acmetool want docker.limbicmedia.ca'
INFO[0181] [acmetool want docker.limbicmedia.ca]: "20170311005236 [ERROR] acme.storageops: could not obtain authorization for docker.limbicmedia.ca: failed all combinations"
INFO[0181] [acmetool want docker.limbicmedia.ca]: "20170311005236 [ERROR] acme.storageops: Target(docker.limbicmedia.ca;https://acme-staging.api.letsencrypt.org/directory;0): failed to request certificate: failed all combinations"
INFO[0181] [acmetool want docker.limbicmedia.ca]: "20170311005236 [ERROR] acme.storageops: error while processing targets: the following errors occurred:"
INFO[0181] [acmetool want docker.limbicmedia.ca]: "error satisfying Target(docker.limbicmedia.ca;https://acme-staging.api.letsencrypt.org/directory;0): failed all combinations"
INFO[0181] [acmetool want docker.limbicmedia.ca]: "20170311005236 [ERROR] acme.storageops: failed to reconcile: the following errors occurred:"
INFO[0181] [acmetool want docker.limbicmedia.ca]: "error satisfying Target(docker.limbicmedia.ca;https://acme-staging.api.letsencrypt.org/directory;0): failed all combinations"
INFO[0181] [acmetool want docker.limbicmedia.ca]: "20170311005236 [CRITICAL] acmetool: fatal: reconcile: the following errors occurred:"
INFO[0181] [acmetool want docker.limbicmedia.ca]: "error satisfying Target(docker.limbicmedia.ca;https://acme-staging.api.letsencrypt.org/directory;0): failed all combinations"
DEBU[0181] Processing template /etc/rancher-gen/default/nginx.tmpl for destination /etc/nginx/conf.d/nginx.conf

It's not clear if this counts as a request against the LE rate limits, but it would be good to handle the error. Potential solutions might be to make a curl [whatever] && acmetool want [domain], or to handle the output of rgon-exec differently.
@Munsio Munsio added the bug label Mar 13, 2017
@emcniece
Copy link
Member Author

emcniece commented Mar 14, 2017
edited
Loading

Required: CausticLab/rgon-exec#4

@Munsio
Copy link
Member

Munsio commented May 24, 2017

I think this issue is still present? Currently the acmetool rancher-gen block only checks if there is already an certificate file present for the domain - maybe we can also check if nginx -t runs through like it should

@emcniece emcniece added this to the MVP 1.0 milestone Jun 7, 2017
@Ramblurr
Copy link

Is this related?

If I have a service that has the rgon labels defined, but no containers exist for the service, then an empty upstream block is created in the nginx config, which prevents nginx from starting up.

This can happen if you create a service but don't start it.

Seems that rgon should check that the upstream server ip is non-empty.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
MVP 1.0
Development

No branches or pull requests
3 participants
@Ramblurr @Munsio @emcniece