kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-30 15:28:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Handle Let's Encrypt maintenance errors gracefully

Browse Source 
- Extend certbundle task to ignore 'The service is down for maintenance or had an internal error'
  as a fatal failure.
- Add debug/warning output when this error occurs, so playbook does not stop but logs the issue.
- Ensure changed_when does not mark run as changed if only maintenance error was hit.

Ref: https://chatgpt.com/share/68af4e15-24cc-800f-b1dd-6a5f2380e35a
This commit is contained in:
Kevin Veen-Birkenbach
2025-08-27 20:28:25 +02:00
parent de159db918
commit f62d09d8f1
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roles/srv-tls-core/tasks/flavors/san.yml
View File

@@ -23,7 +23,15 @@
changed_when: "'Certificate not yet due for renewal' not in certbundle_result.stdout" changed_when: "'Certificate not yet due for renewal' not in certbundle_result.stdout"
failed_when: > failed_when: >
certbundle_result.rc != 0 certbundle_result.rc != 0
and 'too many certificates' not in certbundle_result.stderr and 'too many certificates' not in (certbundle_result.stderr | lower | default(''))
and 'the service is down for maintenance or had an internal error' not in (certbundle_result.stderr | lower | default(''))
- name: Warn if LetsEncrypt was down
when: "'the service is down for maintenance or had an internal error' in (certbundle_result.stderr | lower | default(''))"
debug:
msg: >
WARNING: Let's Encrypt responded with "service down for maintenance / internal error".
Certificate request skipped; please retry later.
- name: run the san tasks once - name: run the san tasks once
set_fact: set_fact: