Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add better messaging when SSL certs are not found #24

Open
pmgarman opened this issue Sep 18, 2023 · 2 comments
Open

Add better messaging when SSL certs are not found #24

pmgarman opened this issue Sep 18, 2023 · 2 comments

Comments

@pmgarman
Copy link

I have 18 domains mapped to this environment. I am attempting to deploy it, but it can't find a SSL cert. Well... I don't know which of the 18 domains it's having a fit about. This error message should be more clear about what is failing.

➜  garman git:(ymir) ✗ ymir deploy production
A new version of the Ymir CLI is available: 1.39.1 → 1.42.0
Project ymir.yml file is valid
Building project
  > Copying WordPress files
  > Downloading WP-CLI
  > Executing build commands
  > Ensuring Ymir plugin is installed
  > Copying Ymir must-use plugin
  > Extracting asset files
  > Compressing build files
Project built successfully
Uploading build (100%)
Processing assets
  > Getting signed asset URLs
  > Uploading new asset files (2954/2954)
Deployment starting
  > Ensuring cache table exists
  > Ensuring email domains exist
  > Ensuring environment role exists
  > Ensuring functions exist
  > Configuring environment image processing function
  > Configuring network
  > Preparing domain names
  > Assigning SSL certificate


  Deployment failed with error message:

  	No certificate found on cloud provider
@pmgarman
Copy link
Author

After debugging this further, I've found that it doesn't matter what the domains are or if the domains have

Note the below, in scenario 1, a wildcard domain.dev is added, and www.domain5.com is missing. In scenario 2, the wildcard was removed, and the www is added back. In scenario 3, both exist.

Based on this, there is some limit somewhere of 10 domains (9 + Ymir vanity) that causes an error that comes back during deploy as "no certificate found" - I don't believe that error to be accurate based on the 3 test scenarios.

Scenario 1: WORKS

      - domain.dev
      - '*.domain.dev'
      - domain2.com
      - www.domain2.com
      - domain3.com
      - www.domain3.com
      - domain4.com
      - www.domain4.com
      - domain5.com

Scenario 2: WORKS

      - domain.dev
      - domain2.com
      - www.domain2.com
      - domain3.com
      - www.domain3.com
      - domain4.com
      - www.domain4.com
      - domain5.com
      - www.domain5.com

Scenario 3: BROKE

      - domain.dev
      - '*.domain.dev'
      - domain2.com
      - www.domain2.com
      - domain3.com
      - www.domain3.com
      - domain4.com
      - www.domain4.com
      - domain5.com
      - www.domain5.com

@carlalexander
Copy link
Member

Congradulations @pmgarman, you've now found the most complex part of the Ymir codebase. 🥳😆

Ymir does a lot of work behind the scenes to manage SSL certificates and create the correct one covering all your domains. This is because CloudFront only supports one certificate so I need to manage all that.

The error is definitely not accurate. ACM supports 100 domains per certificate. Currently, Ymir limits domains to 99 items. But you can cover more domains with wildcards since they count as one.

I'll need to dig into this further and try to replicate your scenario.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pmgarman @carlalexander