Thank you for the answer! Unfortunately I still can't make acme_certificate to create the certificate. I've changed the challenge to dns-01 and taken care of creating the _acme-challenge.domain.name vi REST api but when the last task is run I get: "msg": "Authorization for dns:*.domain.name returned invalid: CHALLENGE: dns-01 DETAILS: DNS problem: NXDOMAIN looking up TXT for _ acme-challenge.domain.name - check that a DNS record exists for this domain;" or "msg": "Authorization for dns:domain.name returned invalid: CHALLENGE: dns-01 DETAILS: DNS problem: NXDOMAIN looking up TXT for _ acme-challenge.domain.name - check that a DNS record exists for this domain;" alternately.
The DNS record exists * 2 before last task is run and as of the ansible output (-vvv) it's the same token. Thank You! Patric On Sun, Apr 5, 2020 at 9:53 AM 'Felix Fontein' via Ansible Project < [email protected]> wrote: > Hi, > > you cannot use http-01 challenges for wildcard certificates. You need > to use the dns-01 challenge type for that. (This is a policy decision > by Let's Encrypt.) > > How that works depends on how your DNS setup. Ansible needs to be able > to create/update the DNS TXT record _acme_challenge.domain.name for > this. (If you feel uncomfortable to give Let's Encrypt access to it, > you can also use a CNAME record and use > https://github.com/joohoi/acme-dns. Haven't tried that with Ansible > though.) > > > < > https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04 > > > > Interesting, I haven't seen that. One remark: you should change the > step which creates the http-01 challenge files slightly by adding > > when: item in acme_challenge_your_domain['challenge_data'] > > to it. (Also see the examples in the module docs: > > https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#examples > ) > > > Obviously... You can't name a file with a '*' in it's name. > > Actually, you can; you can even have a newline in a filename. But > that's never a good idea ;-) And won't help you here, since you can't > get wildcard certificates with the http-01 challenge. > > Cheers, > Felix > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/20200405095342.2da6eced%40rovaniemi > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CABG_dsuo27TfqWEXdMJ7LLaYBvb5UEtsMuqjEY2KT23RBMYMrw%40mail.gmail.com.
