More than 1 year has passed since last update.

MattermostをOmnibusでデプロイする際にはドメインを設定しておく

Posted at 2023-04-05

概要

公式リファレンスのOmnibusを見ながらデプロイした
一旦ドメイン設定を後回しにしてデプロイしようとした
ドメインは設定して、DNSが反映されている状態で行うべきだった

詳細

何をしようとしたか

インスタンスにSSH接続し、公式リファレンスの下記コマンドを試した。

curl -o- https://deb.packages.mattermost.com/repo-setup.sh | sudo bash
sudo apt install mattermost-omnibus -y # <-ここでエラー
```

### 何が起きたか

```:エラー文
PLAY [localhost] **********************************************************************

TASK [Gathering Facts] ****************************************************************
ok: [localhost]

TASK [Update debconf variables with json file values] *********************************
ok: [localhost] => (item={'key': 'mattermost-omnibus/domain', 'value': 'chat.mydomain.jp'})
ok: [localhost] => (item={'key': 'mattermost-omnibus/email', 'value': 'mail@gmail.com'})

TASK [Ensure that NGINX is running] ***************************************************
changed: [localhost]

TASK [Check if certificate already exists] ********************************************
ok: [localhost]

TASK [Generate SSL Certificate] *******************************************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["certbot", "certonly", "--nginx", "-d", "chat.mydomain.jp", "-n", "--agree-tos", "--email", "mail@gmail.com"], "delta": "0:00:06.402508", "end": "2023-04-05 05:37:42.081128", "msg": "non-zero return code", "rc": 1, "start": "2023-04-05 05:37:35.678620", "stderr": "Saving debug log to /var/log/letsencrypt/letsencrypt.log\nSome challenges have failed.\nAsk for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.", "stderr_lines": ["Saving debug log to /var/log/letsencrypt/letsencrypt.log", "Some challenges have failed.", "Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details."], "stdout": "Account registered.\nRequesting a certificate for chat.mydomain.jp\n\nCertbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:\n  Domain: chat.mydomain.jp\n  Type:   dns\n  Detail: DNS problem: NXDOMAIN looking up A for chat.mydomain.jp - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for chat.mydomain.jp - check that a DNS record exists for this domain\n\nHint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.", "stdout_lines": ["Account registered.", "Requesting a certificate for chat.mydomain.jp", "", "Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:", "  Domain: chat.mydomain.jp", "  Type:   dns", "  Detail: DNS problem: NXDOMAIN looking up A for chat.mydomain.jp - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for chat.mydomain.jp - check that a DNS record exists for this domain", "", "Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet."]}

PLAY RECAP ****************************************************************************
localhost                  : ok=4    changed=1    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   

ERROR: error running reconfigure: exit status 2


###############################################################
# Omnibus configuration failed.                               #
#                                                             #
# Please run "dpkg-reconfigure mattermost-omnibus" to         #
# try again or join the Mattermost Community for help at      #
# https://mattermost.com/pl/default-ask-mattermost-community/ #
###############################################################


Processing triggers for man-db (2.10.2-1) ...
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
Scanning processes...                                                                  
Scanning linux images...                                                               

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.

let's encryptの処理でエラーが起きている。

エラーメッセージのJSONは下記の通り

{
    "changed": true,
    "cmd": [
        "certbot",
        "certonly",
        "--nginx",
        "-d",
        "chat.mydomain.jp",
        "-n",
        "--agree-tos",
        "--email",
        ".mail@gmail.com"
    ],
    "delta": "0:00:06.402508",
    "end": "2023-04-05 05:37:42.081128",
    "msg": "non-zero return code",
    "rc": 1,
    "start": "2023-04-05 05:37:35.678620",
    "stderr": "Saving debug log to /var/log/letsencrypt/letsencrypt.log\nSome challenges have failed.\nAsk for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.",
    "stderr_lines": [
        "Saving debug log to /var/log/letsencrypt/letsencrypt.log",
        "Some challenges have failed.",
        "Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details."
    ],
    "stdout": "Account registered.\nRequesting a certificate for chat.mydomain.jp\n\nCertbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:\n  Domain: chat.mydomain.jp\n  Type:   dns\n  Detail: DNS problem: NXDOMAIN looking up A for chat.mydomain.jp - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for chat.mydomain.jp - check that a DNS record exists for this domain\n\nHint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.",
    "stdout_lines": [
        "Account registered.",
        "Requesting a certificate for chat.mydomain.jp",
        "",
        "Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:",
        "  Domain: chat.mydomain.jp",
        "  Type:   dns",
        "  Detail: DNS problem: NXDOMAIN looking up A for chat.mydomain.jp - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for chat.mydomain.jp - check that a DNS record exists for this domain",
        "",
        "Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet."
    ]
}

原因と対策

Omnibusのコマンドで、ドメインを設定しなければならない。
そのドメインは後ほどDNS設定を行おうとしたが、それではLet's Encryptに弾かれた。
DNS設定を行い、設定されたことをdigコマンド等で確認してから再度行う。

その他

Let's Encryptは、レート制限があるらしく5回失敗すると1週間検証できないらしい。¹間違えて何度もリスタートするところだったので、危なかった。

https://letsencrypt.org/ja/docs/rate-limits/ ↩

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up