How can I set lets encrypt certificates with Ansible?

I'm trying to get a let's encrypt certificate for my domain with Ansible. I have been reading this tutorial which is a bit outdated and the Ansible documentation.

My playbook is a mix of what I have found in the tutorial mentioned and the documentation.

When I run the playbook, I'm getting this error:

fatal: [web_server]: FAILED! =>

Command UFW status gives:

The nginx configuration is :

Could you help me understand where the problem is coming from and how to solve it?

I'm not sure if my mistakes are coming from the playbook, Nginx settings, or somewhere else, so apologize if the question isn't perfectly targeted. It's my first time doing this, so please include details and explanations to help me understand.

Thank you.

Answer

You are redirecting every singlle call on http to its https counterpart. A bit of a shortcut here but in a common default setup this basically can't work as let's encrypts needs access over unencrypted http to get the challenge files. Moreover, I don't see any configuration in nginx to allow acessing /.well-known/acme-challenge/\* files (unless you already tested this works from you app folder....). In a typical let's encrypt setup, you allow accessing the /.well-known path (and all its subdirs) over http and redirect the rest to https. @Zeitounator yes, I was missing the /.well-known/acme-challenge/ and there were a couple of mistakes in my task.