Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

acme_certificate challenge completion (step 2) hangs #171

Closed
sivy opened this issue Jan 15, 2021 · 11 comments · Fixed by #173
Closed

acme_certificate challenge completion (step 2) hangs #171

sivy opened this issue Jan 15, 2021 · 11 comments · Fixed by #173

Comments

@sivy
Copy link

sivy commented Jan 15, 2021
edited
Loading

SUMMARY

I have a playbook I've built from the description here:

https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04

The final task, which is the acme_certificate challenge completion (step 2), hangs and never completes. Most of my playbook is like the one in the article. The final task is pasted below.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

acme_certificate

ANSIBLE VERSION
ansible 2.10.3
  config file = None
  configured module search path = ['/Users/me/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/me/gf-monkinetic/ansible/.venv/lib/python3.8/site-packages/ansible
  executable location = /Users/me/gf-monkinetic/ansible/.venv/bin/ansible
  python version = 3.8.5 (default, Oct 29 2020, 22:28:07) [Clang 11.0.0 (clang-1100.0.33.16)]
CONFIGURATION
DEFAULT_ROLES_PATH(env: ANSIBLE_ROLES_PATH) = ['/Users/sivy/gf-monkinetic/ansible/roles']
OS / ENVIRONMENT

local: MacOS 11.0.1
remote: Centos8

STEPS TO REPRODUCE
    - name: "Complete Let's Encrypt challenges"
      community.crypto.acme_certificate:
        account_key_src: "{{ letsencrypt_account_key }}"
        account_email: "{{ acme_email }}"
        src: "{{ letsencrypt_csrs_dir }}/{{ domain_name }}.csr"
        cert: "{{ letsencrypt_certs_dir }}/{{ domain_name }}.crt"
        fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ domain_name }}.crt"
        chain: "{{ letsencrypt_certs_dir }}/chain_{{ domain_name }}.crt"
        challenge: "{{ acme_challenge_type }}"
        acme_directory: "{{ acme_directory }}"
        remaining_days: 61
        acme_version: "{{ acme_version }}"
        data: "{{ acme_challenge_monkinetic_blog }}"
      when: acme_challenge_monkinetic_blog is changed

The entire file: https://gist.github.com/sivy/f9120a8197100672f6c5b7824f95d4d0

EXPECTED RESULTS

I expected the challenge to complete and the keys being generated.

ACTUAL RESULTS

The last step hangs and does not complete. I have to Cntl-C to cancel the command.

sivy@blackglass ansible % pipenv run ansible-playbook -vvv -i hosts letsencrypt-issue.yml
Loading .env environment variables...
ansible-playbook 2.10.3
  config file = None
  configured module search path = ['/Users/sivy/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible
  executable location = /Users/me/project/ansible/.venv/bin/ansible-playbook
  python version = 3.8.5 (default, Oct 29 2020, 22:28:07) [Clang 11.0.0 (clang-1100.0.33.16)]
No config file found; using defaults
host_list declined parsing /Users/me/project/ansible/hosts as it did not pass its verify_file() method
script declined parsing /Users/me/project/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /Users/me/project/ansible/hosts as it did not pass its verify_file() method
Parsed /Users/me/project/ansible/hosts inventory source with ini plugin
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: letsencrypt-issue.yml ***************************************************************************************
1 plays in letsencrypt-issue.yml

PLAY [webservers] *****************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************
task path: /Users/me/project/ansible/letsencrypt-issue.yml:2
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<my-ip> (0, b'/root\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1610752728.84761-3640-102448132436584 `" && echo ansible-tmp-1610752728.84761-3640-102448132436584="` echo /root/.ansible/tmp/ansible-tmp-1610752728.84761-3640-102448132436584 `" ) && sleep 0'"'"''
<my-ip> (0, b'ansible-tmp-1610752728.84761-3640-102448132436584=/root/.ansible/tmp/ansible-tmp-1610752728.84761-3640-102448132436584\n', b'')
<my-ip> Attempting python interpreter discovery
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'echo PLATFORM; uname; echo FOUND; command -v '"'"'"'"'"'"'"'"'/usr/bin/python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.5'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/libexec/platform-python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python3'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python'"'"'"'"'"'"'"'"'; echo ENDFOUND && sleep 0'"'"''
<my-ip> (0, b'PLATFORM\nLinux\nFOUND\n/usr/bin/python3.6\n/usr/libexec/platform-python\n/usr/bin/python3\nENDFOUND\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'/usr/bin/python3.6 && sleep 0'"'"''
<my-ip> (0, b'{"platform_dist_result": ["centos", "8.3.2011", ""], "osrelease_content": "NAME=\\"CentOS Linux\\"\\nVERSION=\\"8\\"\\nID=\\"centos\\"\\nID_LIKE=\\"rhel fedora\\"\\nVERSION_ID=\\"8\\"\\nPLATFORM_ID=\\"platform:el8\\"\\nPRETTY_NAME=\\"CentOS Linux 8\\"\\nANSI_COLOR=\\"0;31\\"\\nCPE_NAME=\\"cpe:/o:centos:centos:8\\"\\nHOME_URL=\\"https://centos.org/\\"\\nBUG_REPORT_URL=\\"https://bugs.centos.org/\\"\\nCENTOS_MANTISBT_PROJECT=\\"CentOS-8\\"\\nCENTOS_MANTISBT_PROJECT_VERSION=\\"8\\"\\n"}\n', b'')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible/modules/setup.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmp86okascj TO /root/.ansible/tmp/ansible-tmp-1610752728.84761-3640-102448132436584/AnsiballZ_setup.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmp86okascj /root/.ansible/tmp/ansible-tmp-1610752728.84761-3640-102448132436584/AnsiballZ_setup.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752728.84761-3640-102448132436584/ /root/.ansible/tmp/ansible-tmp-1610752728.84761-3640-102448132436584/AnsiballZ_setup.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752728.84761-3640-102448132436584/AnsiballZ_setup.py && sleep 0'"'"''
<my-ip> (0, b'\r\n{"ansible_facts": {"ansible_ssh_host_key_rsa_public": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDyhKimmVxkrExUpZVMrOcj5JRfxiSvzbG5W1iwS+kVFVhMVL2MsD9rsIdwkpJWJP4YnDclLiiTtd1Zcx0ls4eWGA843KtHwqAKTaJ5Tvb/zq89ac9lF6ZCNhyjoYYMmKTX7+6k9/XypbAzj9xkPlNKccboOU6vNWUBme8Y0J/EKBGxMs59WuoqrDE+EbTtsl3oDNPGfj50Beyy7G6jNoC2kR/459oH+hy/sEp6V/gxzVqQq5T68lYwm3EVFNR+MrGnkKnjUZrptvuIeA8c1BIPPw/o3I+RnsjVdRcPuZ5v5IuR6w5bedgDXpbVcy4r3wfteBZiND31oERxlC9P4jox", "ansible_ssh_host_key_rsa_public_keytype": "ssh-rsa", "ansible_ssh_host_key_ecdsa_public": "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJcHeuB0/zZqeNITCflmeIEziYt+gb8EBIa4CW1u5Hqf9M669w0iOd3R7MYdLC/hyG34m+Nk9+3QEyaux0NzGw4=", "ansible_ssh_host_key_ecdsa_public_keytype": "ecdsa-sha2-nistp256", "ansible_ssh_host_key_ed25519_public": "AAAAC3NzaC1lZDI1NTE5AAAAIFcGlqBwlcsinFljZFjEdvHF/x0WsTzGHr+SIB7q9mLt", "ansible_ssh_host_key_ed25519_public_keytype": "ssh-ed25519", "ansible_virtualization_role": "guest", "ansible_virtualization_type": "kvm", "ansible_hostnqn": "", "ansible_distribution": "CentOS", "ansible_distribution_release": "NA", "ansible_distribution_version": "8.3", "ansible_distribution_major_version": "8", "ansible_distribution_file_path": "/etc/redhat-release", "ansible_distribution_file_variety": "RedHat", "ansible_distribution_file_parsed": true, "ansible_os_family": "RedHat", "ansible_user_id": "root", "ansible_user_uid": 0, "ansible_user_gid": 0, "ansible_user_gecos": "root", "ansible_user_dir": "/root", "ansible_user_shell": "/bin/bash", "ansible_real_user_id": 0, "ansible_effective_user_id": 0, "ansible_real_group_id": 0, "ansible_effective_group_id": 0, "ansible_fibre_channel_wwn": [], "ansible_iscsi_iqn": "", "ansible_is_chroot": false, "ansible_selinux_python_present": true, "ansible_selinux": {"status": "enabled", "policyvers": 31, "config_mode": "enforcing", "mode": "enforcing", "type": "targeted"}, "ansible_lsb": {}, "ansible_system": "Linux", "ansible_kernel": "4.18.0-80.7.1.el8_0.x86_64", "ansible_kernel_version": "#1 SMP Sat Aug 3 15:14:00 UTC 2019", "ansible_machine": "x86_64", "ansible_python_version": "3.6.8", "ansible_fqdn": "li225-158.members.linode.com", "ansible_hostname": "li225-158", "ansible_nodename": "li225-158.members.linode.com", "ansible_domain": "members.linode.com", "ansible_userspace_bits": "64", "ansible_architecture": "x86_64", "ansible_userspace_architecture": "x86_64", "ansible_machine_id": "3e729c2d7c094902af0333ce40564ffe", "ansible_fips": false, "ansible_dns": {"search": ["members.linode.com"], "nameservers": ["173.230.155.5", "173.255.241.5", "173.255.243.5"]}, "ansible_apparmor": {"status": "disabled"}, "ansible_env": {"LS_COLORS": "rs=0:di=38;5;33:ln=38;5;51:mh=00:pi=40;38;5;11:so=38;5;13:do=38;5;5:bd=48;5;232;38;5;11:cd=48;5;232;38;5;3:or=48;5;232;38;5;9:mi=01;05;37;41:su=48;5;196;38;5;15:sg=48;5;11;38;5;16:ca=48;5;196;38;5;226:tw=48;5;10;38;5;16:ow=48;5;10;38;5;21:st=48;5;21;38;5;15:ex=38;5;40:*.tar=38;5;9:*.tgz=38;5;9:*.arc=38;5;9:*.arj=38;5;9:*.taz=38;5;9:*.lha=38;5;9:*.lz4=38;5;9:*.lzh=38;5;9:*.lzma=38;5;9:*.tlz=38;5;9:*.txz=38;5;9:*.tzo=38;5;9:*.t7z=38;5;9:*.zip=38;5;9:*.z=38;5;9:*.dz=38;5;9:*.gz=38;5;9:*.lrz=38;5;9:*.lz=38;5;9:*.lzo=38;5;9:*.xz=38;5;9:*.zst=38;5;9:*.tzst=38;5;9:*.bz2=38;5;9:*.bz=38;5;9:*.tbz=38;5;9:*.tbz2=38;5;9:*.tz=38;5;9:*.deb=38;5;9:*.rpm=38;5;9:*.jar=38;5;9:*.war=38;5;9:*.ear=38;5;9:*.sar=38;5;9:*.rar=38;5;9:*.alz=38;5;9:*.ace=38;5;9:*.zoo=38;5;9:*.cpio=38;5;9:*.7z=38;5;9:*.rz=38;5;9:*.cab=38;5;9:*.wim=38;5;9:*.swm=38;5;9:*.dwm=38;5;9:*.esd=38;5;9:*.jpg=38;5;13:*.jpeg=38;5;13:*.mjpg=38;5;13:*.mjpeg=38;5;13:*.gif=38;5;13:*.bmp=38;5;13:*.pbm=38;5;13:*.pgm=38;5;13:*.ppm=38;5;13:*.tga=38;5;13:*.xbm=38;5;13:*.xpm=38;5;13:*.tif=38;5;13:*.tiff=38;5;13:*.png=38;5;13:*.svg=38;5;13:*.svgz=38;5;13:*.mng=38;5;13:*.pcx=38;5;13:*.mov=38;5;13:*.mpg=38;5;13:*.mpeg=38;5;13:*.m2v=38;5;13:*.mkv=38;5;13:*.webm=38;5;13:*.ogm=38;5;13:*.mp4=38;5;13:*.m4v=38;5;13:*.mp4v=38;5;13:*.vob=38;5;13:*.qt=38;5;13:*.nuv=38;5;13:*.wmv=38;5;13:*.asf=38;5;13:*.rm=38;5;13:*.rmvb=38;5;13:*.flc=38;5;13:*.avi=38;5;13:*.fli=38;5;13:*.flv=38;5;13:*.gl=38;5;13:*.dl=38;5;13:*.xcf=38;5;13:*.xwd=38;5;13:*.yuv=38;5;13:*.cgm=38;5;13:*.emf=38;5;13:*.ogv=38;5;13:*.ogx=38;5;13:*.aac=38;5;45:*.au=38;5;45:*.flac=38;5;45:*.m4a=38;5;45:*.mid=38;5;45:*.midi=38;5;45:*.mka=38;5;45:*.mp3=38;5;45:*.mpc=38;5;45:*.ogg=38;5;45:*.ra=38;5;45:*.wav=38;5;45:*.oga=38;5;45:*.opus=38;5;45:*.spx=38;5;45:*.xspf=38;5;45:", "SSH_CONNECTION": "174.73.213.235 53688 my-ip 22", "_": "/usr/libexec/platform-python", "LANG": "en_US.UTF-8", "S_COLORS": "auto", "XDG_SESSION_ID": "80", "USER": "root", "SELINUX_ROLE_REQUESTED": "", "PWD": "/root", "HOME": "/root", "SSH_CLIENT": "174.73.213.235 53688 22", "SELINUX_LEVEL_REQUESTED": "", "SSH_TTY": "/dev/pts/2", "SHELL": "/bin/bash", "TERM": "xterm-256color", "SELINUX_USE_CURRENT_RANGE": "", "SHLVL": "2", "LOGNAME": "root", "DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/0/bus", "XDG_RUNTIME_DIR": "/run/user/0", "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin", "LESSOPEN": "||/usr/bin/lesspipe.sh %s"}, "ansible_date_time": {"year": "2021", "month": "01", "weekday": "Friday", "weekday_number": "5", "weeknumber": "02", "day": "15", "hour": "23", "minute": "18", "second": "49", "epoch": "1610752729", "date": "2021-01-15", "time": "23:18:49", "iso8601_micro": "2021-01-15T23:18:49.675682Z", "iso8601": "2021-01-15T23:18:49Z", "iso8601_basic": "20210115T231849675682", "iso8601_basic_short": "20210115T231849", "tz": "UTC", "tz_offset": "+0000"}, "ansible_pkg_mgr": "dnf", "ansible_service_mgr": "systemd", "ansible_processor": ["0", "AuthenticAMD", "AMD EPYC 7601 32-Core Processor"], "ansible_processor_count": 1, "ansible_processor_cores": 1, "ansible_processor_threads_per_core": 1, "ansible_processor_vcpus": 1, "ansible_processor_nproc": 1, "ansible_memtotal_mb": 821, "ansible_memfree_mb": 88, "ansible_swaptotal_mb": 511, "ansible_swapfree_mb": 76, "ansible_memory_mb": {"real": {"total": 821, "used": 733, "free": 88}, "nocache": {"free": 397, "used": 424}, "swap": {"total": 511, "free": 76, "used": 435, "cached": 5}}, "ansible_bios_date": "04/01/2014", "ansible_bios_vendor": "SeaBIOS", "ansible_bios_version": "rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org", "ansible_board_asset_tag": "NA", "ansible_board_name": "NA", "ansible_board_serial": "NA", "ansible_board_vendor": "NA", "ansible_board_version": "NA", "ansible_chassis_asset_tag": "NA", "ansible_chassis_serial": "NA", "ansible_chassis_vendor": "QEMU", "ansible_chassis_version": "pc-q35-3.1", "ansible_form_factor": "Other", "ansible_product_name": "Standard PC (Q35 + ICH9, 2009)", "ansible_product_serial": "NA", "ansible_product_uuid": "NA", "ansible_product_version": "pc-q35-3.1", "ansible_system_vendor": "QEMU", "ansible_devices": {"sdb": {"virtual": 1, "links": {"ids": ["scsi-0QEMU_QEMU_HARDDISK_drive-scsi-disk-1"], "uuids": ["253b7023-bfa0-4b68-97bb-22daa28cd21e"], "labels": [], "masters": []}, "vendor": "QEMU", "model": "QEMU HARDDISK", "sas_address": null, "sas_device_handle": null, "removable": "0", "support_discard": "4096", "partitions": {}, "rotational": "1", "scheduler_mode": "mq-deadline", "sectors": "1048576", "sectorsize": "512", "size": "512.00 MB", "host": "", "holders": []}, "sda": {"virtual": 1, "links": {"ids": ["scsi-0QEMU_QEMU_HARDDISK_drive-scsi-disk-0"], "uuids": ["e6dc116f-50af-48ba-a1fc-5a25dc9bb7ba"], "labels": [], "masters": []}, "vendor": "QEMU", "model": "QEMU HARDDISK", "sas_address": null, "sas_device_handle": null, "removable": "0", "support_discard": "4096", "partitions": {}, "rotational": "1", "scheduler_mode": "mq-deadline", "sectors": "51380224", "sectorsize": "512", "size": "24.50 GB", "host": "", "holders": []}}, "ansible_device_links": {"ids": {"sdb": ["scsi-0QEMU_QEMU_HARDDISK_drive-scsi-disk-1"], "sda": ["scsi-0QEMU_QEMU_HARDDISK_drive-scsi-disk-0"]}, "uuids": {"sdb": ["253b7023-bfa0-4b68-97bb-22daa28cd21e"], "sda": ["e6dc116f-50af-48ba-a1fc-5a25dc9bb7ba"]}, "labels": {}, "masters": {}}, "ansible_uptime_seconds": 857879, "ansible_mounts": [{"mount": "/", "device": "/dev/sda", "fstype": "ext4", "options": "rw,seclabel,relatime", "size_total": 25836417024, "size_available": 15278559232, "block_size": 4096, "block_total": 6307719, "block_available": 3730117, "block_used": 2577602, "inode_total": 1568000, "inode_available": 1184870, "inode_used": 383130, "uuid": "e6dc116f-50af-48ba-a1fc-5a25dc9bb7ba"}], "ansible_interfaces": ["eth0", "lo", "docker0"], "ansible_docker0": {"device": "docker0", "macaddress": "02:42:13:ef:61:36", "mtu": 1500, "active": false, "type": "bridge", "interfaces": [], "id": "8000.024213ef6136", "stp": false, "promisc": false, "ipv4": {"address": "172.17.0.1", "broadcast": "172.17.255.255", "netmask": "255.255.0.0", "network": "172.17.0.0"}, "features": {"rx_checksumming": "off [fixed]", "tx_checksumming": "on", "tx_checksum_ipv4": "off [fixed]", "tx_checksum_ip_generic": "on", "tx_checksum_ipv6": "off [fixed]", "tx_checksum_fcoe_crc": "off [fixed]", "tx_checksum_sctp": "off [fixed]", "scatter_gather": "on", "tx_scatter_gather": "on", "tx_scatter_gather_fraglist": "on", "tcp_segmentation_offload": "on", "tx_tcp_segmentation": "on", "tx_tcp_ecn_segmentation": "on", "tx_tcp_mangleid_segmentation": "on", "tx_tcp6_segmentation": "on", "generic_segmentation_offload": "on", "generic_receive_offload": "on", "large_receive_offload": "off [fixed]", "rx_vlan_offload": "off [fixed]", "tx_vlan_offload": "on", "ntuple_filters": "off [fixed]", "receive_hashing": "off [fixed]", "highdma": "on", "rx_vlan_filter": "off [fixed]", "vlan_challenged": "off [fixed]", "tx_lockless": "on [fixed]", "netns_local": "on [fixed]", "tx_gso_robust": "on", "tx_fcoe_segmentation": "on", "tx_gre_segmentation": "on", "tx_gre_csum_segmentation": "on", "tx_ipxip4_segmentation": "on", "tx_ipxip6_segmentation": "on", "tx_udp_tnl_segmentation": "on", "tx_udp_tnl_csum_segmentation": "on", "tx_gso_partial": "on", "tx_sctp_segmentation": "on", "tx_esp_segmentation": "on", "tx_udp_segmentation": "on", "fcoe_mtu": "off [fixed]", "tx_nocache_copy": "off", "loopback": "off [fixed]", "rx_fcs": "off [fixed]", "rx_all": "off [fixed]", "tx_vlan_stag_hw_insert": "on", "rx_vlan_stag_hw_parse": "off [fixed]", "rx_vlan_stag_filter": "off [fixed]", "l2_fwd_offload": "off [fixed]", "hw_tc_offload": "off [fixed]", "esp_hw_offload": "off [fixed]", "esp_tx_csum_hw_offload": "off [fixed]", "rx_udp_tunnel_port_offload": "off [fixed]", "tls_hw_tx_offload": "off [fixed]", "rx_gro_hw": "off [fixed]", "tls_hw_record": "off [fixed]"}, "timestamping": ["rx_software", "software"], "hw_timestamp_filters": []}, "ansible_lo": {"device": "lo", "mtu": 65536, "active": true, "type": "loopback", "promisc": false, "ipv4": {"address": "127.0.0.1", "broadcast": "", "netmask": "255.0.0.0", "network": "127.0.0.0"}, "ipv6": [{"address": "::1", "prefix": "128", "scope": "host"}], "features": {"rx_checksumming": "on [fixed]", "tx_checksumming": "on", "tx_checksum_ipv4": "off [fixed]", "tx_checksum_ip_generic": "on [fixed]", "tx_checksum_ipv6": "off [fixed]", "tx_checksum_fcoe_crc": "off [fixed]", "tx_checksum_sctp": "on [fixed]", "scatter_gather": "on", "tx_scatter_gather": "on [fixed]", "tx_scatter_gather_fraglist": "on [fixed]", "tcp_segmentation_offload": "on", "tx_tcp_segmentation": "on", "tx_tcp_ecn_segmentation": "on", "tx_tcp_mangleid_segmentation": "on", "tx_tcp6_segmentation": "on", "generic_segmentation_offload": "on", "generic_receive_offload": "on", "large_receive_offload": "off [fixed]", "rx_vlan_offload": "off [fixed]", "tx_vlan_offload": "off [fixed]", "ntuple_filters": "off [fixed]", "receive_hashing": "off [fixed]", "highdma": "on [fixed]", "rx_vlan_filter": "off [fixed]", "vlan_challenged": "on [fixed]", "tx_lockless": "on [fixed]", "netns_local": "on [fixed]", "tx_gso_robust": "off [fixed]", "tx_fcoe_segmentation": "off [fixed]", "tx_gre_segmentation": "off [fixed]", "tx_gre_csum_segmentation": "off [fixed]", "tx_ipxip4_segmentation": "off [fixed]", "tx_ipxip6_segmentation": "off [fixed]", "tx_udp_tnl_segmentation": "off [fixed]", "tx_udp_tnl_csum_segmentation": "off [fixed]", "tx_gso_partial": "off [fixed]", "tx_sctp_segmentation": "on", "tx_esp_segmentation": "off [fixed]", "tx_udp_segmentation": "off [fixed]", "fcoe_mtu": "off [fixed]", "tx_nocache_copy": "off [fixed]", "loopback": "on [fixed]", "rx_fcs": "off [fixed]", "rx_all": "off [fixed]", "tx_vlan_stag_hw_insert": "off [fixed]", "rx_vlan_stag_hw_parse": "off [fixed]", "rx_vlan_stag_filter": "off [fixed]", "l2_fwd_offload": "off [fixed]", "hw_tc_offload": "off [fixed]", "esp_hw_offload": "off [fixed]", "esp_tx_csum_hw_offload": "off [fixed]", "rx_udp_tunnel_port_offload": "off [fixed]", "tls_hw_tx_offload": "off [fixed]", "rx_gro_hw": "off [fixed]", "tls_hw_record": "off [fixed]"}, "timestamping": ["tx_software", "rx_software", "software"], "hw_timestamp_filters": []}, "ansible_eth0": {"device": "eth0", "macaddress": "f2:3c:92:bb:61:19", "mtu": 1500, "active": true, "module": "virtio_net", "type": "ether", "pciid": "virtio2", "speed": -1, "promisc": false, "ipv4": {"address": "my-ip", "broadcast": "173.255.215.255", "netmask": "255.255.255.0", "network": "173.255.215.0"}, "ipv6": [{"address": "2600:3c01::f03c:92ff:febb:6119", "prefix": "64", "scope": "global"}, {"address": "fe80::f03c:92ff:febb:6119", "prefix": "64", "scope": "link"}], "features": {"rx_checksumming": "on [fixed]", "tx_checksumming": "on", "tx_checksum_ipv4": "off [fixed]", "tx_checksum_ip_generic": "on", "tx_checksum_ipv6": "off [fixed]", "tx_checksum_fcoe_crc": "off [fixed]", "tx_checksum_sctp": "off [fixed]", "scatter_gather": "on", "tx_scatter_gather": "on", "tx_scatter_gather_fraglist": "off [fixed]", "tcp_segmentation_offload": "on", "tx_tcp_segmentation": "on", "tx_tcp_ecn_segmentation": "on", "tx_tcp_mangleid_segmentation": "off", "tx_tcp6_segmentation": "on", "generic_segmentation_offload": "on", "generic_receive_offload": "on", "large_receive_offload": "off [fixed]", "rx_vlan_offload": "off [fixed]", "tx_vlan_offload": "off [fixed]", "ntuple_filters": "off [fixed]", "receive_hashing": "off [fixed]", "highdma": "on [fixed]", "rx_vlan_filter": "on [fixed]", "vlan_challenged": "off [fixed]", "tx_lockless": "off [fixed]", "netns_local": "off [fixed]", "tx_gso_robust": "on [fixed]", "tx_fcoe_segmentation": "off [fixed]", "tx_gre_segmentation": "off [fixed]", "tx_gre_csum_segmentation": "off [fixed]", "tx_ipxip4_segmentation": "off [fixed]", "tx_ipxip6_segmentation": "off [fixed]", "tx_udp_tnl_segmentation": "off [fixed]", "tx_udp_tnl_csum_segmentation": "off [fixed]", "tx_gso_partial": "off [fixed]", "tx_sctp_segmentation": "off [fixed]", "tx_esp_segmentation": "off [fixed]", "tx_udp_segmentation": "off [fixed]", "fcoe_mtu": "off [fixed]", "tx_nocache_copy": "off", "loopback": "off [fixed]", "rx_fcs": "off [fixed]", "rx_all": "off [fixed]", "tx_vlan_stag_hw_insert": "off [fixed]", "rx_vlan_stag_hw_parse": "off [fixed]", "rx_vlan_stag_filter": "off [fixed]", "l2_fwd_offload": "off [fixed]", "hw_tc_offload": "off [fixed]", "esp_hw_offload": "off [fixed]", "esp_tx_csum_hw_offload": "off [fixed]", "rx_udp_tunnel_port_offload": "off [fixed]", "tls_hw_tx_offload": "off [fixed]", "rx_gro_hw": "off [fixed]", "tls_hw_record": "off [fixed]"}, "timestamping": ["tx_software", "rx_software", "software"], "hw_timestamp_filters": []}, "ansible_default_ipv4": {"gateway": "173.255.215.1", "interface": "eth0", "address": "my-ip", "broadcast": "173.255.215.255", "netmask": "255.255.255.0", "network": "173.255.215.0", "macaddress": "f2:3c:92:bb:61:19", "mtu": 1500, "type": "ether", "alias": "eth0"}, "ansible_default_ipv6": {"gateway": "fe80::1", "interface": "eth0", "address": "2600:3c01::f03c:92ff:febb:6119", "prefix": "64", "scope": "global", "macaddress": "f2:3c:92:bb:61:19", "mtu": 1500, "type": "ether"}, "ansible_all_ipv4_addresses": ["172.17.0.1", "my-ip"], "ansible_all_ipv6_addresses": ["2600:3c01::f03c:92ff:febb:6119", "fe80::f03c:92ff:febb:6119"], "ansible_cmdline": {"BOOT_IMAGE": "(hd0)/boot/vmlinuz-4.18.0-80.7.1.el8_0.x86_64", "root": "/dev/sda", "ro": true, "console": "ttyS0,19200n8", "net.ifnames": "0", "crashkernel": "auto", "rhgb": true}, "ansible_proc_cmdline": {"BOOT_IMAGE": "(hd0)/boot/vmlinuz-4.18.0-80.7.1.el8_0.x86_64", "root": "/dev/sda", "ro": true, "console": "ttyS0,19200n8", "net.ifnames": "0", "crashkernel": "auto", "rhgb": true}, "ansible_system_capabilities_enforced": "True", "ansible_system_capabilities": ["cap_chown", "cap_dac_override", "cap_dac_read_search", "cap_fowner", "cap_fsetid", "cap_kill", "cap_setgid", "cap_setuid", "cap_setpcap", "cap_linux_immutable", "cap_net_bind_service", "cap_net_broadcast", "cap_net_admin", "cap_net_raw", "cap_ipc_lock", "cap_ipc_owner", "cap_sys_module", "cap_sys_rawio", "cap_sys_chroot", "cap_sys_ptrace", "cap_sys_pacct", "cap_sys_admin", "cap_sys_boot", "cap_sys_nice", "cap_sys_resource", "cap_sys_time", "cap_sys_tty_config", "cap_mknod", "cap_lease", "cap_audit_write", "cap_audit_control", "cap_setfcap", "cap_mac_override", "cap_mac_admin", "cap_syslog", "cap_wake_alarm", "cap_block_suspend", "cap_audit_read+ep"], "ansible_local": {}, "ansible_python": {"version": {"major": 3, "minor": 6, "micro": 8, "releaselevel": "final", "serial": 0}, "version_info": [3, 6, 8, "final", 0], "executable": "/usr/libexec/platform-python", "has_sslcontext": true, "type": "cpython"}, "gather_subset": ["all"], "module_setup": true}, "invocation": {"module_args": {"gather_subset": ["all"], "gather_timeout": 10, "filter": "*", "fact_path": "/etc/ansible/facts.d"}}}\r\n', b'Shared connection to my-ip closed.\r\n')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1610752728.84761-3640-102448132436584/ > /dev/null 2>&1 && sleep 0'"'"''
<my-ip> (0, b'', b'')
ok: [my-ip]
META: ran handlers

TASK [Create required directories in /etc/letsencrypt] ****************************************************************
task path: /Users/me/project/ansible/letsencrypt-issue.yml:4
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<my-ip> (0, b'/root\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1610752731.4431381-3655-161372433971296 `" && echo ansible-tmp-1610752731.4431381-3655-161372433971296="` echo /root/.ansible/tmp/ansible-tmp-1610752731.4431381-3655-161372433971296 `" ) && sleep 0'"'"''
<my-ip> (0, b'ansible-tmp-1610752731.4431381-3655-161372433971296=/root/.ansible/tmp/ansible-tmp-1610752731.4431381-3655-161372433971296\n', b'')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible/modules/file.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmp06uw8psa TO /root/.ansible/tmp/ansible-tmp-1610752731.4431381-3655-161372433971296/AnsiballZ_file.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmp06uw8psa /root/.ansible/tmp/ansible-tmp-1610752731.4431381-3655-161372433971296/AnsiballZ_file.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752731.4431381-3655-161372433971296/ /root/.ansible/tmp/ansible-tmp-1610752731.4431381-3655-161372433971296/AnsiballZ_file.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752731.4431381-3655-161372433971296/AnsiballZ_file.py && sleep 0'"'"''
<my-ip> (0, b'\r\n{"path": "/etc/letsencrypt/account", "changed": false, "diff": {"before": {"path": "/etc/letsencrypt/account"}, "after": {"path": "/etc/letsencrypt/account"}}, "uid": 0, "gid": 0, "owner": "root", "group": "root", "mode": "0711", "state": "directory", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "invocation": {"module_args": {"path": "/etc/letsencrypt/account", "state": "directory", "owner": "root", "group": "root", "mode": "u=rwx,g=x,o=x", "recurse": false, "force": false, "follow": true, "modification_time_format": "%Y%m%d%H%M.%S", "access_time_format": "%Y%m%d%H%M.%S", "unsafe_writes": false, "_original_basename": null, "_diff_peek": null, "src": null, "modification_time": null, "access_time": null, "seuser": null, "serole": null, "selevel": null, "setype": null, "attributes": null}}}\r\n', b'Shared connection to my-ip closed.\r\n')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1610752731.4431381-3655-161372433971296/ > /dev/null 2>&1 && sleep 0'"'"''
<my-ip> (0, b'', b'')
ok: [my-ip] => (item=account) => {
    "ansible_loop_var": "item",
    "changed": false,
    "diff": {
        "after": {
            "path": "/etc/letsencrypt/account"
        },
        "before": {
            "path": "/etc/letsencrypt/account"
        }
    },
    "gid": 0,
    "group": "root",
    "invocation": {
        "module_args": {
            "_diff_peek": null,
            "_original_basename": null,
            "access_time": null,
            "access_time_format": "%Y%m%d%H%M.%S",
            "attributes": null,
            "follow": true,
            "force": false,
            "group": "root",
            "mode": "u=rwx,g=x,o=x",
            "modification_time": null,
            "modification_time_format": "%Y%m%d%H%M.%S",
            "owner": "root",
            "path": "/etc/letsencrypt/account",
            "recurse": false,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "state": "directory",
            "unsafe_writes": false
        }
    },
    "item": "account",
    "mode": "0711",
    "owner": "root",
    "path": "/etc/letsencrypt/account",
    "secontext": "unconfined_u:object_r:etc_t:s0",
    "size": 4096,
    "state": "directory",
    "uid": 0
}
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<my-ip> (0, b'/root\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1610752733.183379-3655-271667033736175 `" && echo ansible-tmp-1610752733.183379-3655-271667033736175="` echo /root/.ansible/tmp/ansible-tmp-1610752733.183379-3655-271667033736175 `" ) && sleep 0'"'"''
<my-ip> (0, b'ansible-tmp-1610752733.183379-3655-271667033736175=/root/.ansible/tmp/ansible-tmp-1610752733.183379-3655-271667033736175\n', b'')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible/modules/file.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmp2r8jldkk TO /root/.ansible/tmp/ansible-tmp-1610752733.183379-3655-271667033736175/AnsiballZ_file.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmp2r8jldkk /root/.ansible/tmp/ansible-tmp-1610752733.183379-3655-271667033736175/AnsiballZ_file.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752733.183379-3655-271667033736175/ /root/.ansible/tmp/ansible-tmp-1610752733.183379-3655-271667033736175/AnsiballZ_file.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752733.183379-3655-271667033736175/AnsiballZ_file.py && sleep 0'"'"''
<my-ip> (0, b'\r\n{"path": "/etc/letsencrypt/certs", "changed": false, "diff": {"before": {"path": "/etc/letsencrypt/certs"}, "after": {"path": "/etc/letsencrypt/certs"}}, "uid": 0, "gid": 0, "owner": "root", "group": "root", "mode": "0711", "state": "directory", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "invocation": {"module_args": {"path": "/etc/letsencrypt/certs", "state": "directory", "owner": "root", "group": "root", "mode": "u=rwx,g=x,o=x", "recurse": false, "force": false, "follow": true, "modification_time_format": "%Y%m%d%H%M.%S", "access_time_format": "%Y%m%d%H%M.%S", "unsafe_writes": false, "_original_basename": null, "_diff_peek": null, "src": null, "modification_time": null, "access_time": null, "seuser": null, "serole": null, "selevel": null, "setype": null, "attributes": null}}}\r\n', b'Shared connection to my-ip closed.\r\n')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1610752733.183379-3655-271667033736175/ > /dev/null 2>&1 && sleep 0'"'"''
<my-ip> (0, b'', b'')
ok: [my-ip] => (item=certs) => {
    "ansible_loop_var": "item",
    "changed": false,
    "diff": {
        "after": {
            "path": "/etc/letsencrypt/certs"
        },
        "before": {
            "path": "/etc/letsencrypt/certs"
        }
    },
    "gid": 0,
    "group": "root",
    "invocation": {
        "module_args": {
            "_diff_peek": null,
            "_original_basename": null,
            "access_time": null,
            "access_time_format": "%Y%m%d%H%M.%S",
            "attributes": null,
            "follow": true,
            "force": false,
            "group": "root",
            "mode": "u=rwx,g=x,o=x",
            "modification_time": null,
            "modification_time_format": "%Y%m%d%H%M.%S",
            "owner": "root",
            "path": "/etc/letsencrypt/certs",
            "recurse": false,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "state": "directory",
            "unsafe_writes": false
        }
    },
    "item": "certs",
    "mode": "0711",
    "owner": "root",
    "path": "/etc/letsencrypt/certs",
    "secontext": "unconfined_u:object_r:etc_t:s0",
    "size": 4096,
    "state": "directory",
    "uid": 0
}
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<my-ip> (0, b'/root\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1610752734.4033222-3655-180424854113911 `" && echo ansible-tmp-1610752734.4033222-3655-180424854113911="` echo /root/.ansible/tmp/ansible-tmp-1610752734.4033222-3655-180424854113911 `" ) && sleep 0'"'"''
<my-ip> (0, b'ansible-tmp-1610752734.4033222-3655-180424854113911=/root/.ansible/tmp/ansible-tmp-1610752734.4033222-3655-180424854113911\n', b'')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible/modules/file.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpsab4qbsb TO /root/.ansible/tmp/ansible-tmp-1610752734.4033222-3655-180424854113911/AnsiballZ_file.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpsab4qbsb /root/.ansible/tmp/ansible-tmp-1610752734.4033222-3655-180424854113911/AnsiballZ_file.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752734.4033222-3655-180424854113911/ /root/.ansible/tmp/ansible-tmp-1610752734.4033222-3655-180424854113911/AnsiballZ_file.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752734.4033222-3655-180424854113911/AnsiballZ_file.py && sleep 0'"'"''
<my-ip> (0, b'\r\n{"path": "/etc/letsencrypt/csrs", "changed": false, "diff": {"before": {"path": "/etc/letsencrypt/csrs"}, "after": {"path": "/etc/letsencrypt/csrs"}}, "uid": 0, "gid": 0, "owner": "root", "group": "root", "mode": "0711", "state": "directory", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "invocation": {"module_args": {"path": "/etc/letsencrypt/csrs", "state": "directory", "owner": "root", "group": "root", "mode": "u=rwx,g=x,o=x", "recurse": false, "force": false, "follow": true, "modification_time_format": "%Y%m%d%H%M.%S", "access_time_format": "%Y%m%d%H%M.%S", "unsafe_writes": false, "_original_basename": null, "_diff_peek": null, "src": null, "modification_time": null, "access_time": null, "seuser": null, "serole": null, "selevel": null, "setype": null, "attributes": null}}}\r\n', b'Shared connection to my-ip closed.\r\n')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1610752734.4033222-3655-180424854113911/ > /dev/null 2>&1 && sleep 0'"'"''
<my-ip> (0, b'', b'')
ok: [my-ip] => (item=csrs) => {
    "ansible_loop_var": "item",
    "changed": false,
    "diff": {
        "after": {
            "path": "/etc/letsencrypt/csrs"
        },
        "before": {
            "path": "/etc/letsencrypt/csrs"
        }
    },
    "gid": 0,
    "group": "root",
    "invocation": {
        "module_args": {
            "_diff_peek": null,
            "_original_basename": null,
            "access_time": null,
            "access_time_format": "%Y%m%d%H%M.%S",
            "attributes": null,
            "follow": true,
            "force": false,
            "group": "root",
            "mode": "u=rwx,g=x,o=x",
            "modification_time": null,
            "modification_time_format": "%Y%m%d%H%M.%S",
            "owner": "root",
            "path": "/etc/letsencrypt/csrs",
            "recurse": false,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "state": "directory",
            "unsafe_writes": false
        }
    },
    "item": "csrs",
    "mode": "0711",
    "owner": "root",
    "path": "/etc/letsencrypt/csrs",
    "secontext": "unconfined_u:object_r:etc_t:s0",
    "size": 4096,
    "state": "directory",
    "uid": 0
}
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<my-ip> (0, b'/root\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1610752735.6406631-3655-142926575184705 `" && echo ansible-tmp-1610752735.6406631-3655-142926575184705="` echo /root/.ansible/tmp/ansible-tmp-1610752735.6406631-3655-142926575184705 `" ) && sleep 0'"'"''
<my-ip> (0, b'ansible-tmp-1610752735.6406631-3655-142926575184705=/root/.ansible/tmp/ansible-tmp-1610752735.6406631-3655-142926575184705\n', b'')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible/modules/file.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmphzq04sym TO /root/.ansible/tmp/ansible-tmp-1610752735.6406631-3655-142926575184705/AnsiballZ_file.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmphzq04sym /root/.ansible/tmp/ansible-tmp-1610752735.6406631-3655-142926575184705/AnsiballZ_file.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752735.6406631-3655-142926575184705/ /root/.ansible/tmp/ansible-tmp-1610752735.6406631-3655-142926575184705/AnsiballZ_file.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752735.6406631-3655-142926575184705/AnsiballZ_file.py && sleep 0'"'"''
<my-ip> (0, b'\r\n{"path": "/etc/letsencrypt/keys", "changed": false, "diff": {"before": {"path": "/etc/letsencrypt/keys"}, "after": {"path": "/etc/letsencrypt/keys"}}, "uid": 0, "gid": 0, "owner": "root", "group": "root", "mode": "0711", "state": "directory", "secontext": "unconfined_u:object_r:etc_t:s0", "size": 4096, "invocation": {"module_args": {"path": "/etc/letsencrypt/keys", "state": "directory", "owner": "root", "group": "root", "mode": "u=rwx,g=x,o=x", "recurse": false, "force": false, "follow": true, "modification_time_format": "%Y%m%d%H%M.%S", "access_time_format": "%Y%m%d%H%M.%S", "unsafe_writes": false, "_original_basename": null, "_diff_peek": null, "src": null, "modification_time": null, "access_time": null, "seuser": null, "serole": null, "selevel": null, "setype": null, "attributes": null}}}\r\n', b'Shared connection to my-ip closed.\r\n')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1610752735.6406631-3655-142926575184705/ > /dev/null 2>&1 && sleep 0'"'"''
<my-ip> (0, b'', b'')
ok: [my-ip] => (item=keys) => {
    "ansible_loop_var": "item",
    "changed": false,
    "diff": {
        "after": {
            "path": "/etc/letsencrypt/keys"
        },
        "before": {
            "path": "/etc/letsencrypt/keys"
        }
    },
    "gid": 0,
    "group": "root",
    "invocation": {
        "module_args": {
            "_diff_peek": null,
            "_original_basename": null,
            "access_time": null,
            "access_time_format": "%Y%m%d%H%M.%S",
            "attributes": null,
            "follow": true,
            "force": false,
            "group": "root",
            "mode": "u=rwx,g=x,o=x",
            "modification_time": null,
            "modification_time_format": "%Y%m%d%H%M.%S",
            "owner": "root",
            "path": "/etc/letsencrypt/keys",
            "recurse": false,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "state": "directory",
            "unsafe_writes": false
        }
    },
    "item": "keys",
    "mode": "0711",
    "owner": "root",
    "path": "/etc/letsencrypt/keys",
    "secontext": "unconfined_u:object_r:etc_t:s0",
    "size": 4096,
    "state": "directory",
    "uid": 0
}

TASK [Create .well-known/acme-challenge directory] ********************************************************************
task path: /Users/me/project/ansible/letsencrypt-issue.yml:17
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<my-ip> (0, b'/root\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1610752736.901033-3685-242638116441913 `" && echo ansible-tmp-1610752736.901033-3685-242638116441913="` echo /root/.ansible/tmp/ansible-tmp-1610752736.901033-3685-242638116441913 `" ) && sleep 0'"'"''
<my-ip> (0, b'ansible-tmp-1610752736.901033-3685-242638116441913=/root/.ansible/tmp/ansible-tmp-1610752736.901033-3685-242638116441913\n', b'')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible/modules/file.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpz7a60tyu TO /root/.ansible/tmp/ansible-tmp-1610752736.901033-3685-242638116441913/AnsiballZ_file.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpz7a60tyu /root/.ansible/tmp/ansible-tmp-1610752736.901033-3685-242638116441913/AnsiballZ_file.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752736.901033-3685-242638116441913/ /root/.ansible/tmp/ansible-tmp-1610752736.901033-3685-242638116441913/AnsiballZ_file.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752736.901033-3685-242638116441913/AnsiballZ_file.py && sleep 0'"'"''
<my-ip> (0, b'\r\n{"path": "/var/www/html/.well-known/acme-challenge", "changed": false, "diff": {"before": {"path": "/var/www/html/.well-known/acme-challenge"}, "after": {"path": "/var/www/html/.well-known/acme-challenge"}}, "uid": 0, "gid": 0, "owner": "root", "group": "root", "mode": "0755", "state": "directory", "secontext": "unconfined_u:object_r:var_t:s0", "size": 4096, "invocation": {"module_args": {"path": "/var/www/html/.well-known/acme-challenge", "state": "directory", "owner": "root", "group": "root", "mode": "u=rwx,g=rx,o=rx", "recurse": false, "force": false, "follow": true, "modification_time_format": "%Y%m%d%H%M.%S", "access_time_format": "%Y%m%d%H%M.%S", "unsafe_writes": false, "_original_basename": null, "_diff_peek": null, "src": null, "modification_time": null, "access_time": null, "seuser": null, "serole": null, "selevel": null, "setype": null, "attributes": null}}}\r\n', b'Shared connection to my-ip closed.\r\n')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1610752736.901033-3685-242638116441913/ > /dev/null 2>&1 && sleep 0'"'"''
<my-ip> (0, b'', b'')
ok: [my-ip] => {
    "changed": false,
    "diff": {
        "after": {
            "path": "/var/www/html/.well-known/acme-challenge"
        },
        "before": {
            "path": "/var/www/html/.well-known/acme-challenge"
        }
    },
    "gid": 0,
    "group": "root",
    "invocation": {
        "module_args": {
            "_diff_peek": null,
            "_original_basename": null,
            "access_time": null,
            "access_time_format": "%Y%m%d%H%M.%S",
            "attributes": null,
            "follow": true,
            "force": false,
            "group": "root",
            "mode": "u=rwx,g=rx,o=rx",
            "modification_time": null,
            "modification_time_format": "%Y%m%d%H%M.%S",
            "owner": "root",
            "path": "/var/www/html/.well-known/acme-challenge",
            "recurse": false,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "state": "directory",
            "unsafe_writes": false
        }
    },
    "mode": "0755",
    "owner": "root",
    "path": "/var/www/html/.well-known/acme-challenge",
    "secontext": "unconfined_u:object_r:var_t:s0",
    "size": 4096,
    "state": "directory",
    "uid": 0
}

TASK [Generate a Let's Encrypt account key] ***************************************************************************
task path: /Users/me/project/ansible/letsencrypt-issue.yml:25
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<my-ip> (0, b'/root\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1610752738.0369668-3693-22130918289618 `" && echo ansible-tmp-1610752738.0369668-3693-22130918289618="` echo /root/.ansible/tmp/ansible-tmp-1610752738.0369668-3693-22130918289618 `" ) && sleep 0'"'"''
<my-ip> (0, b'ansible-tmp-1610752738.0369668-3693-22130918289618=/root/.ansible/tmp/ansible-tmp-1610752738.0369668-3693-22130918289618\n', b'')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible/modules/command.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpuffvzd6y TO /root/.ansible/tmp/ansible-tmp-1610752738.0369668-3693-22130918289618/AnsiballZ_command.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpuffvzd6y /root/.ansible/tmp/ansible-tmp-1610752738.0369668-3693-22130918289618/AnsiballZ_command.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752738.0369668-3693-22130918289618/ /root/.ansible/tmp/ansible-tmp-1610752738.0369668-3693-22130918289618/AnsiballZ_command.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752738.0369668-3693-22130918289618/AnsiballZ_command.py && sleep 0'"'"''
<my-ip> (0, b'\r\n{"cmd": "openssl genrsa 4096 | sudo tee /etc/letsencrypt/account/account.key", "stdout": "skipped, since /etc/letsencrypt/account/account.key exists", "changed": false, "rc": 0, "invocation": {"module_args": {"creates": "/etc/letsencrypt/account/account.key", "_raw_params": "openssl genrsa 4096 | sudo tee /etc/letsencrypt/account/account.key", "_uses_shell": true, "warn": true, "stdin_add_newline": true, "strip_empty_ends": true, "argv": null, "chdir": null, "executable": null, "removes": null, "stdin": null}}}\r\n', b'Shared connection to my-ip closed.\r\n')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1610752738.0369668-3693-22130918289618/ > /dev/null 2>&1 && sleep 0'"'"''
<my-ip> (0, b'', b'')
ok: [my-ip] => {
    "changed": false,
    "cmd": "openssl genrsa 4096 | sudo tee /etc/letsencrypt/account/account.key",
    "invocation": {
        "module_args": {
            "_raw_params": "openssl genrsa 4096 | sudo tee /etc/letsencrypt/account/account.key",
            "_uses_shell": true,
            "argv": null,
            "chdir": null,
            "creates": "/etc/letsencrypt/account/account.key",
            "executable": null,
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true,
            "warn": true
        }
    },
    "rc": 0,
    "stdout": "skipped, since /etc/letsencrypt/account/account.key exists",
    "stdout_lines": [
        "skipped, since /etc/letsencrypt/account/account.key exists"
    ]
}

TASK [Generate Let's Encrypt private key] *****************************************************************************
task path: /Users/me/project/ansible/letsencrypt-issue.yml:30
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<my-ip> (0, b'/root\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1610752739.381155-3704-179070297793052 `" && echo ansible-tmp-1610752739.381155-3704-179070297793052="` echo /root/.ansible/tmp/ansible-tmp-1610752739.381155-3704-179070297793052 `" ) && sleep 0'"'"''
<my-ip> (0, b'ansible-tmp-1610752739.381155-3704-179070297793052=/root/.ansible/tmp/ansible-tmp-1610752739.381155-3704-179070297793052\n', b'')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible/modules/command.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpgvgiyzuh TO /root/.ansible/tmp/ansible-tmp-1610752739.381155-3704-179070297793052/AnsiballZ_command.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpgvgiyzuh /root/.ansible/tmp/ansible-tmp-1610752739.381155-3704-179070297793052/AnsiballZ_command.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752739.381155-3704-179070297793052/ /root/.ansible/tmp/ansible-tmp-1610752739.381155-3704-179070297793052/AnsiballZ_command.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752739.381155-3704-179070297793052/AnsiballZ_command.py && sleep 0'"'"''
<my-ip> (0, b'\r\n{"cmd": "openssl genrsa 4096 | sudo tee /etc/letsencrypt/keys/monkinetic.blog.key", "stdout": "skipped, since /etc/letsencrypt/csrs/monkinetic.blog.csr exists", "changed": false, "rc": 0, "invocation": {"module_args": {"creates": "/etc/letsencrypt/csrs/monkinetic.blog.csr", "_raw_params": "openssl genrsa 4096 | sudo tee /etc/letsencrypt/keys/monkinetic.blog.key", "_uses_shell": true, "warn": true, "stdin_add_newline": true, "strip_empty_ends": true, "argv": null, "chdir": null, "executable": null, "removes": null, "stdin": null}}}\r\n', b'Shared connection to my-ip closed.\r\n')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1610752739.381155-3704-179070297793052/ > /dev/null 2>&1 && sleep 0'"'"''
<my-ip> (0, b'', b'')
ok: [my-ip] => {
    "changed": false,
    "cmd": "openssl genrsa 4096 | sudo tee /etc/letsencrypt/keys/monkinetic.blog.key",
    "invocation": {
        "module_args": {
            "_raw_params": "openssl genrsa 4096 | sudo tee /etc/letsencrypt/keys/monkinetic.blog.key",
            "_uses_shell": true,
            "argv": null,
            "chdir": null,
            "creates": "/etc/letsencrypt/csrs/monkinetic.blog.csr",
            "executable": null,
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true,
            "warn": true
        }
    },
    "rc": 0,
    "stdout": "skipped, since /etc/letsencrypt/csrs/monkinetic.blog.csr exists",
    "stdout_lines": [
        "skipped, since /etc/letsencrypt/csrs/monkinetic.blog.csr exists"
    ]
}

TASK [Create OpenSSL SAN config] **************************************************************************************
task path: /Users/me/project/ansible/letsencrypt-issue.yml:35
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<my-ip> (0, b'/root\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1610752740.5210261-3713-49962365959605 `" && echo ansible-tmp-1610752740.5210261-3713-49962365959605="` echo /root/.ansible/tmp/ansible-tmp-1610752740.5210261-3713-49962365959605 `" ) && sleep 0'"'"''
<my-ip> (0, b'ansible-tmp-1610752740.5210261-3713-49962365959605=/root/.ansible/tmp/ansible-tmp-1610752740.5210261-3713-49962365959605\n', b'')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible/modules/stat.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpe2uf4r5q TO /root/.ansible/tmp/ansible-tmp-1610752740.5210261-3713-49962365959605/AnsiballZ_stat.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpe2uf4r5q /root/.ansible/tmp/ansible-tmp-1610752740.5210261-3713-49962365959605/AnsiballZ_stat.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752740.5210261-3713-49962365959605/ /root/.ansible/tmp/ansible-tmp-1610752740.5210261-3713-49962365959605/AnsiballZ_stat.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752740.5210261-3713-49962365959605/AnsiballZ_stat.py && sleep 0'"'"''
<my-ip> (0, b'\r\n{"changed": false, "stat": {"exists": true, "path": "/etc/letsencrypt/san.cnf", "mode": "0644", "isdir": false, "ischr": false, "isblk": false, "isreg": true, "isfifo": false, "islnk": false, "issock": false, "uid": 0, "gid": 0, "size": 574, "inode": 138845, "dev": 2048, "nlink": 1, "atime": 1610721435.237, "mtime": 1610590957.507, "ctime": 1610590959.083, "wusr": true, "rusr": true, "xusr": false, "wgrp": false, "rgrp": true, "xgrp": false, "woth": false, "roth": true, "xoth": false, "isuid": false, "isgid": false, "blocks": 8, "block_size": 4096, "device_type": 0, "readable": true, "writeable": true, "executable": false, "pw_name": "root", "gr_name": "root", "checksum": "00c1ed0c8a31c155d172c7af657c386b969c2ed3", "mimetype": "text/plain", "charset": "us-ascii", "version": "2894880725", "attributes": ["extents"], "attr_flags": "e"}, "invocation": {"module_args": {"path": "/etc/letsencrypt/san.cnf", "follow": false, "get_checksum": true, "checksum_algorithm": "sha1", "get_md5": false, "get_mime": true, "get_attributes": true}}}\r\n', b'Shared connection to my-ip closed.\r\n')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible/modules/file.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpvp5cbrhr TO /root/.ansible/tmp/ansible-tmp-1610752740.5210261-3713-49962365959605/AnsiballZ_file.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpvp5cbrhr /root/.ansible/tmp/ansible-tmp-1610752740.5210261-3713-49962365959605/AnsiballZ_file.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752740.5210261-3713-49962365959605/ /root/.ansible/tmp/ansible-tmp-1610752740.5210261-3713-49962365959605/AnsiballZ_file.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752740.5210261-3713-49962365959605/AnsiballZ_file.py && sleep 0'"'"''
<my-ip> (0, b'\r\n{"path": "/etc/letsencrypt/san.cnf", "changed": false, "diff": {"before": {"path": "/etc/letsencrypt/san.cnf"}, "after": {"path": "/etc/letsencrypt/san.cnf"}}, "uid": 0, "gid": 0, "owner": "root", "group": "root", "mode": "0644", "state": "file", "secontext": "system_u:object_r:etc_t:s0", "size": 574, "invocation": {"module_args": {"mode": null, "dest": "/etc/letsencrypt/san.cnf", "_original_basename": "san.cnf.j2", "recurse": false, "state": "file", "path": "/etc/letsencrypt/san.cnf", "force": false, "follow": true, "modification_time_format": "%Y%m%d%H%M.%S", "access_time_format": "%Y%m%d%H%M.%S", "unsafe_writes": false, "_diff_peek": null, "src": null, "modification_time": null, "access_time": null, "owner": null, "group": null, "seuser": null, "serole": null, "selevel": null, "setype": null, "attributes": null}}}\r\n', b'Shared connection to my-ip closed.\r\n')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1610752740.5210261-3713-49962365959605/ > /dev/null 2>&1 && sleep 0'"'"''
<my-ip> (0, b'', b'')
ok: [my-ip] => {
    "changed": false,
    "checksum": "00c1ed0c8a31c155d172c7af657c386b969c2ed3",
    "dest": "/etc/letsencrypt/san.cnf",
    "diff": {
        "after": {
            "path": "/etc/letsencrypt/san.cnf"
        },
        "before": {
            "path": "/etc/letsencrypt/san.cnf"
        }
    },
    "gid": 0,
    "group": "root",
    "invocation": {
        "module_args": {
            "_diff_peek": null,
            "_original_basename": "san.cnf.j2",
            "access_time": null,
            "access_time_format": "%Y%m%d%H%M.%S",
            "attributes": null,
            "dest": "/etc/letsencrypt/san.cnf",
            "follow": true,
            "force": false,
            "group": null,
            "mode": null,
            "modification_time": null,
            "modification_time_format": "%Y%m%d%H%M.%S",
            "owner": null,
            "path": "/etc/letsencrypt/san.cnf",
            "recurse": false,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "state": "file",
            "unsafe_writes": false
        }
    },
    "mode": "0644",
    "owner": "root",
    "path": "/etc/letsencrypt/san.cnf",
    "secontext": "system_u:object_r:etc_t:s0",
    "size": 574,
    "state": "file",
    "uid": 0
}

TASK [echo csr command] ***********************************************************************************************
task path: /Users/me/project/ansible/letsencrypt-issue.yml:40
ok: [my-ip] => {
    "changed": false,
    "msg": "openssl req -new -sha256 -key /etc/letsencrypt/keys/monkinetic.blog.key -subj \"/CN=monkinetic.blog\" -reqexts SAN -config /etc/letsencrypt/san.cnf > /etc/letsencrypt/csrs/monkinetic.blog.csr"
}

TASK [Generate Let's Encrypt CSR] *************************************************************************************
task path: /Users/me/project/ansible/letsencrypt-issue.yml:44
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<my-ip> (0, b'/root\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1610752743.4147332-3727-91061605750135 `" && echo ansible-tmp-1610752743.4147332-3727-91061605750135="` echo /root/.ansible/tmp/ansible-tmp-1610752743.4147332-3727-91061605750135 `" ) && sleep 0'"'"''
<my-ip> (0, b'ansible-tmp-1610752743.4147332-3727-91061605750135=/root/.ansible/tmp/ansible-tmp-1610752743.4147332-3727-91061605750135\n', b'')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible/modules/command.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpeuw7k0s5 TO /root/.ansible/tmp/ansible-tmp-1610752743.4147332-3727-91061605750135/AnsiballZ_command.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpeuw7k0s5 /root/.ansible/tmp/ansible-tmp-1610752743.4147332-3727-91061605750135/AnsiballZ_command.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752743.4147332-3727-91061605750135/ /root/.ansible/tmp/ansible-tmp-1610752743.4147332-3727-91061605750135/AnsiballZ_command.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752743.4147332-3727-91061605750135/AnsiballZ_command.py && sleep 0'"'"''
<my-ip> (0, b'\r\n{"cmd": "openssl req -new -sha256 -key /etc/letsencrypt/keys/monkinetic.blog.key -subj \\"/CN=monkinetic.blog\\" -reqexts SAN -config /etc/letsencrypt/san.cnf > /etc/letsencrypt/csrs/monkinetic.blog.csr", "stdout": "skipped, since /etc/letsencrypt/csrs/monkinetic.blog.csr exists", "changed": false, "rc": 0, "invocation": {"module_args": {"creates": "/etc/letsencrypt/csrs/monkinetic.blog.csr", "executable": "/bin/bash", "_raw_params": "openssl req -new -sha256 -key /etc/letsencrypt/keys/monkinetic.blog.key -subj \\"/CN=monkinetic.blog\\" -reqexts SAN -config /etc/letsencrypt/san.cnf > /etc/letsencrypt/csrs/monkinetic.blog.csr", "_uses_shell": true, "warn": true, "stdin_add_newline": true, "strip_empty_ends": true, "argv": null, "chdir": null, "removes": null, "stdin": null}}}\r\n', b'Shared connection to my-ip closed.\r\n')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1610752743.4147332-3727-91061605750135/ > /dev/null 2>&1 && sleep 0'"'"''
<my-ip> (0, b'', b'')
ok: [my-ip] => {
    "changed": false,
    "cmd": "openssl req -new -sha256 -key /etc/letsencrypt/keys/monkinetic.blog.key -subj \"/CN=monkinetic.blog\" -reqexts SAN -config /etc/letsencrypt/san.cnf > /etc/letsencrypt/csrs/monkinetic.blog.csr",
    "invocation": {
        "module_args": {
            "_raw_params": "openssl req -new -sha256 -key /etc/letsencrypt/keys/monkinetic.blog.key -subj \"/CN=monkinetic.blog\" -reqexts SAN -config /etc/letsencrypt/san.cnf > /etc/letsencrypt/csrs/monkinetic.blog.csr",
            "_uses_shell": true,
            "argv": null,
            "chdir": null,
            "creates": "/etc/letsencrypt/csrs/monkinetic.blog.csr",
            "executable": "/bin/bash",
            "removes": null,
            "stdin": null,
            "stdin_add_newline": true,
            "strip_empty_ends": true,
            "warn": true
        }
    },
    "rc": 0,
    "stdout": "skipped, since /etc/letsencrypt/csrs/monkinetic.blog.csr exists",
    "stdout_lines": [
        "skipped, since /etc/letsencrypt/csrs/monkinetic.blog.csr exists"
    ]
}

TASK [echo request] ***************************************************************************************************
task path: /Users/me/project/ansible/letsencrypt-issue.yml:50
ok: [my-ip] => {
    "changed": false,
    "msg": "/etc/letsencrypt/csrs/monkinetic.blog.csr"
}

TASK [Begin Let's Encrypt challenges] *********************************************************************************
task path: /Users/me/project/ansible/letsencrypt-issue.yml:54
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<my-ip> (0, b'/root\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1610752744.707447-3736-32209314115324 `" && echo ansible-tmp-1610752744.707447-3736-32209314115324="` echo /root/.ansible/tmp/ansible-tmp-1610752744.707447-3736-32209314115324 `" ) && sleep 0'"'"''
<my-ip> (0, b'ansible-tmp-1610752744.707447-3736-32209314115324=/root/.ansible/tmp/ansible-tmp-1610752744.707447-3736-32209314115324\n', b'')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible_collections/community/crypto/plugins/modules/acme_certificate.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpeuvanojg TO /root/.ansible/tmp/ansible-tmp-1610752744.707447-3736-32209314115324/AnsiballZ_acme_certificate.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpeuvanojg /root/.ansible/tmp/ansible-tmp-1610752744.707447-3736-32209314115324/AnsiballZ_acme_certificate.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752744.707447-3736-32209314115324/ /root/.ansible/tmp/ansible-tmp-1610752744.707447-3736-32209314115324/AnsiballZ_acme_certificate.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752744.707447-3736-32209314115324/AnsiballZ_acme_certificate.py && sleep 0'"'"''
<my-ip> (0, b'\r\n{"changed": true, "authorizations": {"*.monkinetic.blog": {"identifier": {"type": "dns", "value": "monkinetic.blog"}, "status": "pending", "expires": "2021-01-21T02:35:41Z", "challenges": [{"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398877/MKXOdw", "token": "s_7bxfbRZlTNoPqzLGnXanboCZfnUTSOCP6RW7cKwDc"}], "wildcard": true, "uri": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/10061398877"}, "monkinetic.blog": {"identifier": {"type": "dns", "value": "monkinetic.blog"}, "status": "pending", "expires": "2021-01-21T02:35:41Z", "challenges": [{"type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398879/41CCRg", "token": "rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU"}, {"type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398879/c39sTA", "token": "rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU"}, {"type": "tls-alpn-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398879/CIlMgQ", "token": "rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU"}], "uri": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/10061398879"}}, "finalize_uri": "https://acme-v02.api.letsencrypt.org/acme/finalize/109424095/7300623208", "order_uri": "https://acme-v02.api.letsencrypt.org/acme/order/109424095/7300623208", "account_uri": "https://acme-v02.api.letsencrypt.org/acme/acct/109424095", "challenge_data": {"*.monkinetic.blog": {"dns-01": {"resource": "_acme-challenge", "resource_value": "LJycI1ouX26JlBM6mLBotZ-rouoeg36kDn5yzI1CbiQ", "record": "_acme-challenge.monkinetic.blog"}}, "monkinetic.blog": {"http-01": {"resource": ".well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU", "resource_value": "rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU.pH059uPD320LjP1gPu3XUEt_1SMq8aZBVYEtb2eSDN0"}, "dns-01": {"resource": "_acme-challenge", "resource_value": "vQgjU14f_rcRWwYe_1fAgazXPepdei5VuQASvMEohT4", "record": "_acme-challenge.monkinetic.blog"}, "tls-alpn-01": {"resource": "monkinetic.blog", "resource_original": "dns:monkinetic.blog", "resource_value": "vQgjU14f/rcRWwYe/1fAgazXPepdei5VuQASvMEohT4="}}}, "challenge_data_dns": {}, "cert_days": -1, "invocation": {"module_args": {"acme_directory": "https://acme-v02.api.letsencrypt.org/directory", "acme_version": 2, "account_key_src": "/etc/letsencrypt/account/account.key", "account_email": "[email protected]", "terms_agreed": true, "challenge": "http-01", "csr": "/etc/letsencrypt/csrs/monkinetic.blog.csr", "dest": "/etc/letsencrypt/certs/monkinetic.blog.crt", "fullchain_dest": "/etc/letsencrypt/certs/fullchain_monkinetic.blog.crt", "remaining_days": 91, "validate_certs": true, "select_crypto_backend": "auto", "modify_account": true, "deactivate_authzs": false, "force": false, "retrieve_all_alternates": false, "account_key_content": null, "account_uri": null, "agreement": null, "csr_content": null, "data": null, "chain_dest": null, "select_chain": null}}}\r\n', b'Shared connection to my-ip closed.\r\n')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1610752744.707447-3736-32209314115324/ > /dev/null 2>&1 && sleep 0'"'"''
<my-ip> (0, b'', b'')
changed: [my-ip] => {
    "account_uri": "https://acme-v02.api.letsencrypt.org/acme/acct/109424095",
    "authorizations": {
        "*.monkinetic.blog": {
            "challenges": [
                {
                    "status": "pending",
                    "token": "s_7bxfbRZlTNoPqzLGnXanboCZfnUTSOCP6RW7cKwDc",
                    "type": "dns-01",
                    "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398877/MKXOdw"
                }
            ],
            "expires": "2021-01-21T02:35:41Z",
            "identifier": {
                "type": "dns",
                "value": "monkinetic.blog"
            },
            "status": "pending",
            "uri": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/10061398877",
            "wildcard": true
        },
        "monkinetic.blog": {
            "challenges": [
                {
                    "status": "pending",
                    "token": "rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU",
                    "type": "http-01",
                    "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398879/41CCRg"
                },
                {
                    "status": "pending",
                    "token": "rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU",
                    "type": "dns-01",
                    "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398879/c39sTA"
                },
                {
                    "status": "pending",
                    "token": "rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU",
                    "type": "tls-alpn-01",
                    "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398879/CIlMgQ"
                }
            ],
            "expires": "2021-01-21T02:35:41Z",
            "identifier": {
                "type": "dns",
                "value": "monkinetic.blog"
            },
            "status": "pending",
            "uri": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/10061398879"
        }
    },
    "cert_days": -1,
    "challenge_data": {
        "*.monkinetic.blog": {
            "dns-01": {
                "record": "_acme-challenge.monkinetic.blog",
                "resource": "_acme-challenge",
                "resource_value": "LJycI1ouX26JlBM6mLBotZ-rouoeg36kDn5yzI1CbiQ"
            }
        },
        "monkinetic.blog": {
            "dns-01": {
                "record": "_acme-challenge.monkinetic.blog",
                "resource": "_acme-challenge",
                "resource_value": "vQgjU14f_rcRWwYe_1fAgazXPepdei5VuQASvMEohT4"
            },
            "http-01": {
                "resource": ".well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU",
                "resource_value": "rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU.pH059uPD320LjP1gPu3XUEt_1SMq8aZBVYEtb2eSDN0"
            },
            "tls-alpn-01": {
                "resource": "monkinetic.blog",
                "resource_original": "dns:monkinetic.blog",
                "resource_value": "vQgjU14f/rcRWwYe/1fAgazXPepdei5VuQASvMEohT4="
            }
        }
    },
    "challenge_data_dns": {},
    "changed": true,
    "finalize_uri": "https://acme-v02.api.letsencrypt.org/acme/finalize/109424095/7300623208",
    "invocation": {
        "module_args": {
            "account_email": "[email protected]",
            "account_key_content": null,
            "account_key_src": "/etc/letsencrypt/account/account.key",
            "account_uri": null,
            "acme_directory": "https://acme-v02.api.letsencrypt.org/directory",
            "acme_version": 2,
            "agreement": null,
            "chain_dest": null,
            "challenge": "http-01",
            "csr": "/etc/letsencrypt/csrs/monkinetic.blog.csr",
            "csr_content": null,
            "data": null,
            "deactivate_authzs": false,
            "dest": "/etc/letsencrypt/certs/monkinetic.blog.crt",
            "force": false,
            "fullchain_dest": "/etc/letsencrypt/certs/fullchain_monkinetic.blog.crt",
            "modify_account": true,
            "remaining_days": 91,
            "retrieve_all_alternates": false,
            "select_chain": null,
            "select_crypto_backend": "auto",
            "terms_agreed": true,
            "validate_certs": true
        }
    },
    "order_uri": "https://acme-v02.api.letsencrypt.org/acme/order/109424095/7300623208"
}

TASK [echo challenge] *************************************************************************************************
task path: /Users/me/project/ansible/letsencrypt-issue.yml:68
ok: [my-ip] => {
    "changed": false,
    "msg": {
        "account_uri": "https://acme-v02.api.letsencrypt.org/acme/acct/109424095",
        "authorizations": {
            "*.monkinetic.blog": {
                "challenges": [
                    {
                        "status": "pending",
                        "token": "s_7bxfbRZlTNoPqzLGnXanboCZfnUTSOCP6RW7cKwDc",
                        "type": "dns-01",
                        "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398877/MKXOdw"
                    }
                ],
                "expires": "2021-01-21T02:35:41Z",
                "identifier": {
                    "type": "dns",
                    "value": "monkinetic.blog"
                },
                "status": "pending",
                "uri": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/10061398877",
                "wildcard": true
            },
            "monkinetic.blog": {
                "challenges": [
                    {
                        "status": "pending",
                        "token": "rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU",
                        "type": "http-01",
                        "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398879/41CCRg"
                    },
                    {
                        "status": "pending",
                        "token": "rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU",
                        "type": "dns-01",
                        "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398879/c39sTA"
                    },
                    {
                        "status": "pending",
                        "token": "rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU",
                        "type": "tls-alpn-01",
                        "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398879/CIlMgQ"
                    }
                ],
                "expires": "2021-01-21T02:35:41Z",
                "identifier": {
                    "type": "dns",
                    "value": "monkinetic.blog"
                },
                "status": "pending",
                "uri": "https://acme-v02.api.letsencrypt.org/acme/authz-v3/10061398879"
            }
        },
        "cert_days": -1,
        "challenge_data": {
            "*.monkinetic.blog": {
                "dns-01": {
                    "record": "_acme-challenge.monkinetic.blog",
                    "resource": "_acme-challenge",
                    "resource_value": "LJycI1ouX26JlBM6mLBotZ-rouoeg36kDn5yzI1CbiQ"
                }
            },
            "monkinetic.blog": {
                "dns-01": {
                    "record": "_acme-challenge.monkinetic.blog",
                    "resource": "_acme-challenge",
                    "resource_value": "vQgjU14f_rcRWwYe_1fAgazXPepdei5VuQASvMEohT4"
                },
                "http-01": {
                    "resource": ".well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU",
                    "resource_value": "rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU.pH059uPD320LjP1gPu3XUEt_1SMq8aZBVYEtb2eSDN0"
                },
                "tls-alpn-01": {
                    "resource": "monkinetic.blog",
                    "resource_original": "dns:monkinetic.blog",
                    "resource_value": "vQgjU14f/rcRWwYe/1fAgazXPepdei5VuQASvMEohT4="
                }
            }
        },
        "challenge_data_dns": {},
        "changed": true,
        "failed": false,
        "finalize_uri": "https://acme-v02.api.letsencrypt.org/acme/finalize/109424095/7300623208",
        "order_uri": "https://acme-v02.api.letsencrypt.org/acme/order/109424095/7300623208"
    }
}

TASK [Implement http-01 challenge files] ******************************************************************************
task path: /Users/me/project/ansible/letsencrypt-issue.yml:72
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<my-ip> (0, b'/root\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1610752748.5182898-3747-9959847085730 `" && echo ansible-tmp-1610752748.5182898-3747-9959847085730="` echo /root/.ansible/tmp/ansible-tmp-1610752748.5182898-3747-9959847085730 `" ) && sleep 0'"'"''
<my-ip> (0, b'ansible-tmp-1610752748.5182898-3747-9959847085730=/root/.ansible/tmp/ansible-tmp-1610752748.5182898-3747-9959847085730\n', b'')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible/modules/stat.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpr2l63d68 TO /root/.ansible/tmp/ansible-tmp-1610752748.5182898-3747-9959847085730/AnsiballZ_stat.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpr2l63d68 /root/.ansible/tmp/ansible-tmp-1610752748.5182898-3747-9959847085730/AnsiballZ_stat.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752748.5182898-3747-9959847085730/ /root/.ansible/tmp/ansible-tmp-1610752748.5182898-3747-9959847085730/AnsiballZ_stat.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752748.5182898-3747-9959847085730/AnsiballZ_stat.py && sleep 0'"'"''
<my-ip> (0, b'\r\n{"changed": false, "stat": {"exists": true, "path": "/var/www/html/.well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU", "mode": "0644", "isdir": false, "ischr": false, "isblk": false, "isreg": true, "isfifo": false, "islnk": false, "issock": false, "uid": 0, "gid": 0, "size": 87, "inode": 138849, "dev": 2048, "nlink": 1, "atime": 1610721443.088, "mtime": 1610591847.152, "ctime": 1610591848.417, "wusr": true, "rusr": true, "xusr": false, "wgrp": false, "rgrp": true, "xgrp": false, "woth": false, "roth": true, "xoth": false, "isuid": false, "isgid": false, "blocks": 8, "block_size": 4096, "device_type": 0, "readable": true, "writeable": true, "executable": false, "pw_name": "root", "gr_name": "root", "checksum": "332db028cc8d1dd5d5804ea125950bec115750c3", "mimetype": "text/plain", "charset": "us-ascii", "version": "502083875", "attributes": ["extents"], "attr_flags": "e"}, "invocation": {"module_args": {"path": "/var/www/html/.well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU", "follow": false, "get_checksum": true, "checksum_algorithm": "sha1", "get_md5": false, "get_mime": true, "get_attributes": true}}}\r\n', b'Shared connection to my-ip closed.\r\n')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible/modules/file.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpfkanjyn7 TO /root/.ansible/tmp/ansible-tmp-1610752748.5182898-3747-9959847085730/AnsiballZ_file.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpfkanjyn7 /root/.ansible/tmp/ansible-tmp-1610752748.5182898-3747-9959847085730/AnsiballZ_file.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752748.5182898-3747-9959847085730/ /root/.ansible/tmp/ansible-tmp-1610752748.5182898-3747-9959847085730/AnsiballZ_file.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752748.5182898-3747-9959847085730/AnsiballZ_file.py && sleep 0'"'"''
<my-ip> (0, b'\r\n{"path": "/var/www/html/.well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU", "changed": false, "diff": {"before": {"path": "/var/www/html/.well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU"}, "after": {"path": "/var/www/html/.well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU"}}, "uid": 0, "gid": 0, "owner": "root", "group": "root", "mode": "0644", "state": "file", "secontext": "system_u:object_r:httpd_sys_content_t:s0", "size": 87, "invocation": {"module_args": {"owner": "root", "group": "root", "mode": "u=rw,g=r,o=r", "dest": "/var/www/html/.well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU", "_original_basename": "tmpu14b5c8e", "recurse": false, "state": "file", "path": "/var/www/html/.well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU", "force": false, "follow": true, "modification_time_format": "%Y%m%d%H%M.%S", "access_time_format": "%Y%m%d%H%M.%S", "unsafe_writes": false, "_diff_peek": null, "src": null, "modification_time": null, "access_time": null, "seuser": null, "serole": null, "selevel": null, "setype": null, "attributes": null}}}\r\n', b'Shared connection to my-ip closed.\r\n')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1610752748.5182898-3747-9959847085730/ > /dev/null 2>&1 && sleep 0'"'"''
<my-ip> (0, b'', b'')
ok: [my-ip] => (item=monkinetic.blog) => {
    "ansible_loop_var": "item",
    "changed": false,
    "checksum": "332db028cc8d1dd5d5804ea125950bec115750c3",
    "dest": "/var/www/html/.well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU",
    "diff": {
        "after": {
            "path": "/var/www/html/.well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU"
        },
        "before": {
            "path": "/var/www/html/.well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU"
        }
    },
    "gid": 0,
    "group": "root",
    "invocation": {
        "module_args": {
            "_diff_peek": null,
            "_original_basename": "tmpu14b5c8e",
            "access_time": null,
            "access_time_format": "%Y%m%d%H%M.%S",
            "attributes": null,
            "dest": "/var/www/html/.well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU",
            "follow": true,
            "force": false,
            "group": "root",
            "mode": "u=rw,g=r,o=r",
            "modification_time": null,
            "modification_time_format": "%Y%m%d%H%M.%S",
            "owner": "root",
            "path": "/var/www/html/.well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU",
            "recurse": false,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": null,
            "state": "file",
            "unsafe_writes": false
        }
    },
    "item": "monkinetic.blog",
    "mode": "0644",
    "owner": "root",
    "path": "/var/www/html/.well-known/acme-challenge/rmRScploApYesyZWnwdcsyu-snip-eKB7KJCqwcLKZU",
    "secontext": "system_u:object_r:httpd_sys_content_t:s0",
    "size": 87,
    "state": "file",
    "uid": 0
}

TASK [Complete Let's Encrypt challenges] ******************************************************************************
task path: /Users/me/project/ansible/letsencrypt-issue.yml:97
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<my-ip> (0, b'/root\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1610752750.894188-3759-187952621519155 `" && echo ansible-tmp-1610752750.894188-3759-187952621519155="` echo /root/.ansible/tmp/ansible-tmp-1610752750.894188-3759-187952621519155 `" ) && sleep 0'"'"''
<my-ip> (0, b'ansible-tmp-1610752750.894188-3759-187952621519155=/root/.ansible/tmp/ansible-tmp-1610752750.894188-3759-187952621519155\n', b'')
Using module file /Users/me/project/ansible/.venv/lib/python3.8/site-packages/ansible_collections/community/crypto/plugins/modules/acme_certificate.py
<my-ip> PUT /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpgnv0ekod TO /root/.ansible/tmp/ansible-tmp-1610752750.894188-3759-187952621519155/AnsiballZ_acme_certificate.py
<my-ip> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 '[my-ip]'
<my-ip> (0, b'sftp> put /Users/sivy/.ansible/tmp/ansible-local-3603s_nxk83h/tmpgnv0ekod /root/.ansible/tmp/ansible-tmp-1610752750.894188-3759-187952621519155/AnsiballZ_acme_certificate.py\n', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 my-ip '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1610752750.894188-3759-187952621519155/ /root/.ansible/tmp/ansible-tmp-1610752750.894188-3759-187952621519155/AnsiballZ_acme_certificate.py && sleep 0'"'"''
<my-ip> (0, b'', b'')
<my-ip> ESTABLISH SSH CONNECTION FOR USER: root
<my-ip> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/sivy/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/Users/sivy/.ansible/cp/c4de06fa87 -tt my-ip '/bin/sh -c '"'"'/usr/libexec/platform-python /root/.ansible/tmp/ansible-tmp-1610752750.894188-3759-187952621519155/AnsiballZ_acme_certificate.py && sleep 0'"'"''
@felixfontein
Copy link
Contributor

Such "hanging" usually happens if for some reason the ACME server ended up in an invalid state (though I don't believe that should happen for Let's Encrypt's implementation), or because there's a bug in the module (state handling) which lets it assume the server is still needing some time, while the server already indicated that the order completed or failed.

Since Let's Encrypt doesn't require authentication for the order/challenge/authz URLs, I was able to look at what's the state of the above order is. Everything seems to be in a pending state, but I think I already know what the root cause for the problem is (the problem itself might still be a bug in the module): you seem to be using the http-01 challenge, despite you having a wildcard domain (*.monkinetic.blog) in the certificate. For wildcard certificates, Let's Encrypt requires the dns-01 challenge.

So either remove the wildcard domain, or switch to the dns-01 challenge.

@felixfontein
Copy link
Contributor

I think I also spotted the problem in the code. If you specify a challenge type that's not found for one of the challenges, it will not activate that challenge, but simply wait until the server indicates a status change for that challenge. Which will obviously not happen, since we didn't ask the server to check for it... (Well, eventually it will expire, but that might take a few days ;-) )

@felixfontein felixfontein mentioned this issue Jan 16, 2021
Merged
@felixfontein
Copy link
Contributor

resolved_by_pr #173

@sivy
Copy link
Author

sivy commented Jan 16, 2021

but I think I already know what the root cause for the problem is (the problem itself might still be a bug in the module): you seem to be using the http-01 challenge, despite you having a wildcard domain (*.monkinetic.blog) in the certificate. For wildcard certificates, Let's Encrypt requires the dns-01 challenge.

So either remove the wildcard domain, or switch to the dns-01 challenge.

Thanks @felixfontein! I've adapted my vars and SAN template and am testing it now.

@sivy
Copy link
Author

sivy commented Jan 16, 2021

@felixfontein do I need to also generate a challenge file in .well-known for each domain that's desired?

@sivy
Copy link
Author

sivy commented Jan 16, 2021

Also @felixfontein if you have time, how did you check the status of that order? I haven't been able to find it on the letsencrypt site. I updated the SAN config with individual domains to cover rather than the wildcard, but it's still hanging -- I'm wondering if I have to wait for the request to time out? Or is there a way to force it to redo the whole process...

@sivy
Copy link
Author

sivy commented Jan 16, 2021

@felixfontein apologies I found the order URI in the returned response. 🤦

@felixfontein
Copy link
Contributor

felixfontein commented Jan 16, 2021
edited
Loading

@sivy you can search for order_uri above, then you'll find https://acme-v02.api.letsencrypt.org/acme/order/109424095/7300623208 curling it yields

{
  "status": "pending",
  "expires": "2021-01-21T02:35:41Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.monkinetic.blog"
    },
    {
      "type": "dns",
      "value": "monkinetic.blog"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/10061398877",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/10061398879"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/109424095/7300623208"
}

This shows the identifiers for which the certificate is, as well as the authorization URLs. If you curl these, say the second one, you get

{
  "identifier": {
    "type": "dns",
    "value": "monkinetic.blog"
  },
  "status": "pending",
  "expires": "2021-01-21T02:35:41Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398879/41CCRg",
      "token": "rmRScploApYesyZWnwdcsyuW5rhQpeKB7KJCqwcLKZU"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398879/c39sTA",
      "token": "rmRScploApYesyZWnwdcsyuW5rhQpeKB7KJCqwcLKZU"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/10061398879/CIlMgQ",
      "token": "rmRScploApYesyZWnwdcsyuW5rhQpeKB7KJCqwcLKZU"
    }
  ]
}

(You can curl the authz URLs for more information on the individual challenges for every challenge type.)

@felixfontein
Copy link
Contributor

(If you're interested in what all these structures are, see https://tools.ietf.org/html/rfc8555 - see the sections Order Object, Authorization Objects, and Challenge Objects.)

@sivy
Copy link
Author

sivy commented Jan 16, 2021

thank you for your patience 😁

@felixfontein
Copy link
Contributor

@sivy you're welcome! I've just merged a PR which should prevent the hanging, and should also tell the user right in the first acme_certificate round that the challenge type chosen is not supported by all challenges posed by the CA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@sivy @felixfontein