getlab-ctl reconfigure fails with error trying update Letsencrypt certificate.
Error executing action create on resource ‘acme_certificate[production]’

The certificate is actually downloaded though, and I am able to manually install it (fullchain.pem). However, reconfigure fails. I do have many other servers using Letsencrypt, and I have no problem with them.

This is the full message from getlab-ctl.

Recipe: letsencrypt::http_authorization

• letsencrypt_certificate[gitlab.aquilatech.com] action create

  • acme_certificate[staging] action create

    • file[gitlab.aquilatech.com SSL key] action create_if_missing (up to date)
    • file[gitlab.aquilatech.com SSL key] action nothing (skipped due to action :nothing)
      (up to date)

  • ruby_block[reset private key] action run

    • execute the ruby block reset private key

  • acme_certificate[production] action create

    • file[gitlab.aquilatech.com SSL key] action create_if_missing (up to date)
    • directory[/var/opt/gitlab/nginx/www/.well-known/acme-challenge] action create (up to date)
    • file[/var/opt/gitlab/nginx/www/.well-known/acme-challenge/JGloe_wOYIrY17Z2-JdtvFzDzyuLjqTTCERll0qo] action create
      • create new file /var/opt/gitlab/nginx/www/.well-known/acme-challenge/JGloe_wOYIrY17Z2-JdtvFzDzyuLjqTTCERll0qo
      • update content in file /var/opt/gitlab/nginx/www/.well-known/acme-challenge/JGloe_wOYIrY17Z2-JdtvFzDzyuLjqTTCERll0qo from none to 85c10d
        — /var/opt/gitlab/nginx/www/.well-known/acme-challenge/JGloe_wOYIrY17Z2-JdtvFzDzyuLjqTTCERll0qo 2018-11-26 12:39:40.650410247 -0500
        +++ /var/opt/gitlab/nginx/www/.well-known/acme-challenge/.chef-JGloe_wOYIrY17Z2-JdtvFzDzyuLjqTTCERll0qo20181126-6158-1uqer1b 2018-11-26 12:39:40.650410247 -0500
        @@ -1 +1,2 @@
        +JGloe_wOYIrY17Z2-JdtvFzDzyuLjqTTCERll0qo.[redacted]BD5fGWA-XP8w
      • change mode from ‘’ to ‘0644’
      • change owner from ‘’ to ‘root’
      • change group from ‘’ to ‘root’

    ================================================================================
    Error executing action create on resource ‘acme_certificate[production]’

    RuntimeError

    [gitlab.aquilatech.com] Validation failed for domain gitlab.aquilatech.com

    Cookbook Trace:

    /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:93:in block (2 levels) in class_from_file' /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in map’
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `block in class_from_file’

    Resource Declaration:

    suppressed sensitive resource output

    Compiled Resource:

    suppressed sensitive resource output

    System Info:

    chef_version=13.6.4
    platform=ubuntu
    platform_version=18.04
    ruby=ruby 2.4.5p335 (2018-10-18 revision 65137) [x86_64-linux]
    program_name=/opt/gitlab/embedded/bin/chef-client
    executable=/opt/gitlab/embedded/bin/chef-client

  ================================================================================
  Error executing action create on resource ‘letsencrypt_certificate[gitlab.aquilatech.com]’