From f62d09d8f18cdfaeb89ad4b9f73e1609ebd2efab Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 27 Aug 2025 20:28:25 +0200 Subject: [PATCH] Handle Let's Encrypt maintenance errors gracefully - Extend certbundle task to ignore 'The service is down for maintenance or had an internal error' as a fatal failure. - Add debug/warning output when this error occurs, so playbook does not stop but logs the issue. - Ensure changed_when does not mark run as changed if only maintenance error was hit. Ref: https://chatgpt.com/share/68af4e15-24cc-800f-b1dd-6a5f2380e35a --- roles/srv-tls-core/tasks/flavors/san.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/srv-tls-core/tasks/flavors/san.yml b/roles/srv-tls-core/tasks/flavors/san.yml index cfad083c..918db855 100644 --- a/roles/srv-tls-core/tasks/flavors/san.yml +++ b/roles/srv-tls-core/tasks/flavors/san.yml @@ -23,7 +23,15 @@ changed_when: "'Certificate not yet due for renewal' not in certbundle_result.stdout" failed_when: > certbundle_result.rc != 0 - and 'too many certificates' not in certbundle_result.stderr + and 'too many certificates' not in (certbundle_result.stderr | lower | default('')) + and 'the service is down for maintenance or had an internal error' not in (certbundle_result.stderr | lower | default('')) + + - name: Warn if LetsEncrypt was down + when: "'the service is down for maintenance or had an internal error' in (certbundle_result.stderr | lower | default(''))" + debug: + msg: > + WARNING: Let's Encrypt responded with "service down for maintenance / internal error". + Certificate request skipped; please retry later. - name: run the san tasks once set_fact: