marathon-lb can't pick up cert generated by letsencrypt-dcos

[bgyss]

When letsencrypt-dcos attempts to deploy the new certificate, marathon-lb hangs on the "Getting Private key" message in the error log.

The error log from my marathon-lb instance appears like this:

Generating RSA private key, 2048 bit long modulus
.+++
..............+++
e is 65537 (0x10001)
Signature ok
subject=/CN=*
Getting Private key

Is there anything else I might have to change in config besides LETSENCRYPT_EMAIL and HAPROXY_0_VHOST?

[wilso]

Hi @bgyss, I was having the same problem you've reported here. I was trying this on a DC/OS cluster deployed on AWS through CloudFormation with a single public slave node. I updated my CloudFormation template to deploy a second public slave node and once I scaled my marathon-lb service to run on both public slave nodes it started working for me. I'm not sure if this is something to do with some sort of HA setup, since it was hung on getting the private key I'm not sure if that makes sense. Hopefully this helps.

[brndnmtthws]

If you only have 1 public agent, it won't deploy because you don't have adequate capacity.

[mattj-io]

This was likely a timing issue, the old Docker image took a long time to start up properly and it wasn't obvious it was doing anything. The latest version of this project has now moved to https://github.com/dcos-labs/letsencrypt-dcos, and has major improvements in start up timing amongst other things.