hesco/0010-certbot-output Secret

## 0010-certbot-output
+ docker run -i --rm --name certcont --publish 209.195.11.75:8888:8888 --volume letsencrypt-etc:/etc/letsencrypt --volume letsencrypt-var-lib:/var/lib/letsencrypt --volume letsencrypt-var-log:
/var/log/letsencrypt certbot/certbot:latest certonly --standalone -d jenkins.yourmessagedelivered.com --non-interactive --preferred-challenges http --agree-tos --email hesco@yourmessagedeliver
ed.com --staging --http-01-port=8888
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jenkins.yourmessagedelivered.com
Waiting for verification...
Challenge failed for domain jenkins.yourmessagedelivered.com
http-01 challenge for jenkins.yourmessagedelivered.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: jenkins.yourmessagedelivered.com
   Type:   unauthorized
   Detail: Invalid response from
   http://jenkins.yourmessagedelivered.com/.well-known/acme-challenge/uP-FXuSI5sYdRm5gLiEtjtq5Uag7XRP2-qDRyT_IfeM
   [209.195.11.75]: "<html><head><meta http-equiv='refresh'
   content='1;url=/login?from=%!F(MISSING).well-known%!F(MISSING)acme-challenge%!F(MISSING)uP-FXuSI5sYdRm5gLiEtjtq5Uag7"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
+ cat /exports/data/letsencrypt/etc/letsencrypt/live/jenkins.yourmessagedelivered.com/fullchain.pem /exports/data/letsencrypt/etc/letsencrypt/live/jenkins.yourmessagedelivered.com/privkey.pem
cat: /exports/data/letsencrypt/etc/letsencrypt/live/jenkins.yourmessagedelivered.com/fullchain.pem: No such file or directory
cat: /exports/data/letsencrypt/etc/letsencrypt/live/jenkins.yourmessagedelivered.com/privkey.pem: No such file or directory

## 0020-ownership-on-result-path
root@dessalines021:/exports/data/letsencrypt# ls -alht /exports/data/letsencrypt/etc/letsencrypt | grep live
drwx------ 5 root root 4.0K Aug 25  2019 live

but no new path for this domain.  And the resultant written for the haproxy certificate
winds up 0 length, and it must be removed to restart the haproxy.

## 0030-haproxy.cfg


global
  maxconn 4000
  tune.ssl.default-dh-param 2048
  log  127.0.0.1 local0
  stats socket ipv4@127.0.0.1:9999 level admin
  stats socket /var/run/haproxy/haproxy.sock mode 666 level admin
  stats timeout 10m

defaults
  log  global
  maxconn  8000
  option  redispatch
  retries  3
  stats  enable
  timeout  http-request 10s
  timeout  queue 1m
  timeout  connect 10s
  timeout  client 1m
  timeout  server 1m
  timeout  check 10s

frontend http_proxy
  bind 172.17.0.2:80
  acl letsencrypt-acl path_beg -i /.well-known\/acme-challenge/

<snip>

  mode http
  option httplog
  option forwardfor
  use_backend letsencrypt if letsencrypt-acl

  backend letsencrypt
  mode http
  # server letsencrypt_node_01 192.168.51.121:8888
  server letsencrypt_node_02 209.195.11.75:8888
  timeout connect 1h
  timeout server 1h
	+ docker run -i --rm --name certcont --publish 209.195.11.75:8888:8888 --volume letsencrypt-etc:/etc/letsencrypt --volume letsencrypt-var-lib:/var/lib/letsencrypt --volume letsencrypt-var-log:
	/var/log/letsencrypt certbot/certbot:latest certonly --standalone -d jenkins.yourmessagedelivered.com --non-interactive --preferred-challenges http --agree-tos --email hesco@yourmessagedeliver
	ed.com --staging --http-01-port=8888
	Saving debug log to /var/log/letsencrypt/letsencrypt.log
	Plugins selected: Authenticator standalone, Installer None
	Obtaining a new certificate
	Performing the following challenges:
	http-01 challenge for jenkins.yourmessagedelivered.com
	Waiting for verification...
	Challenge failed for domain jenkins.yourmessagedelivered.com
	http-01 challenge for jenkins.yourmessagedelivered.com
	Cleaning up challenges
	Some challenges have failed.
	IMPORTANT NOTES:
	- The following errors were reported by the server:

	Domain: jenkins.yourmessagedelivered.com
	Type: unauthorized
	Detail: Invalid response from
	http://jenkins.yourmessagedelivered.com/.well-known/acme-challenge/uP-FXuSI5sYdRm5gLiEtjtq5Uag7XRP2-qDRyT_IfeM
	[209.195.11.75]: "<html><head><meta http-equiv='refresh'
	content='1;url=/login?from=%!F(MISSING).well-known%!F(MISSING)acme-challenge%!F(MISSING)uP-FXuSI5sYdRm5gLiEtjtq5Uag7"

	To fix these errors, please make sure that your domain name was
	entered correctly and the DNS A/AAAA record(s) for that domain
	contain(s) the right IP address.
	+ cat /exports/data/letsencrypt/etc/letsencrypt/live/jenkins.yourmessagedelivered.com/fullchain.pem /exports/data/letsencrypt/etc/letsencrypt/live/jenkins.yourmessagedelivered.com/privkey.pem
	cat: /exports/data/letsencrypt/etc/letsencrypt/live/jenkins.yourmessagedelivered.com/fullchain.pem: No such file or directory
	cat: /exports/data/letsencrypt/etc/letsencrypt/live/jenkins.yourmessagedelivered.com/privkey.pem: No such file or directory
	root@dessalines021:/exports/data/letsencrypt# ls -alht /exports/data/letsencrypt/etc/letsencrypt \| grep live
	drwx------ 5 root root 4.0K Aug 25 2019 live

	but no new path for this domain. And the resultant written for the haproxy certificate
	winds up 0 length, and it must be removed to restart the haproxy.


	global
	maxconn 4000
	tune.ssl.default-dh-param 2048
	log 127.0.0.1 local0
	stats socket ipv4@127.0.0.1:9999 level admin
	stats socket /var/run/haproxy/haproxy.sock mode 666 level admin
	stats timeout 10m

	defaults
	log global
	maxconn 8000
	option redispatch
	retries 3
	stats enable
	timeout http-request 10s
	timeout queue 1m
	timeout connect 10s
	timeout client 1m
	timeout server 1m
	timeout check 10s

	frontend http_proxy
	bind 172.17.0.2:80
	acl letsencrypt-acl path_beg -i /.well-known\/acme-challenge/

	<snip>

	mode http
	option httplog
	option forwardfor
	use_backend letsencrypt if letsencrypt-acl

	backend letsencrypt
	mode http
	# server letsencrypt_node_01 192.168.51.121:8888
	server letsencrypt_node_02 209.195.11.75:8888
	timeout connect 1h
	timeout server 1h