From ed74d9affc23704c5df4c7a2d9f25341ccc9ec21 Mon Sep 17 00:00:00 2001 From: Andrew Howden Date: Wed, 20 Dec 2017 15:47:18 +0100 Subject: [PATCH] AD-HOC fix (Renewal): Modify consumption of renewal variable to be int When the work to initially implement the Lets Encrypt work was created, the "renewal" variable was surrounded by `"` characters, a habit the author picked up while working with yaml more generally. However, it appears that unless it is of the type "int" (i.e. without the `"` characters and numeric) it does not take effect. This appears to mean that the default value is used, which is 10 days. It is difficult to reproduce this issue. Originally when it presented, this was presumed to be an issue in the generation of the fullchain certificate, however further investigation shows the renewal works, and seemed to work at the "8" day period. Ansible was run as part of a deployment 2 days prior to expiry, and the default is 10[1] [1] - https://github.com/ansible/ansible/blob/devel/lib/ansible/modules/web_infrastructure/letsencrypt.py#L858 --- tasks/lets_encrypt.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/lets_encrypt.yml b/tasks/lets_encrypt.yml index 6322b42..6890aeb 100644 --- a/tasks/lets_encrypt.yml +++ b/tasks/lets_encrypt.yml @@ -55,7 +55,7 @@ - name: "Make the request of the Lets Encrypt API" letsencrypt: - remaining_days: "{{ lets_encrypt_renew_limit }}" + remaining_days: {{ lets_encrypt_renew_limit }} acme_directory: "{{ lets_encrypt_directory }}" account_email: "{{ lets_encrypt_account_email }}" account_key: "/etc/ssl/private/lets_encrypt.key"