Problems with multiple domains x subdomains

[danielburrell]

The code below consistently produces the following valid certs:
www.hatf2.com
hatf2.com
schema.tf

but fails to generate a valid certificate for
www.schema.tf

It doesn't seem to give any errors, and unfortunately the only logs provided in /var/log/letsencrypt/letsencrypt.log are for the hatf2.com entry. No sign of schema.tf or www.schema.tf anywhere in this log file, almost as if the logs are being overwritten... The only evidence of activity is in the separate puppet provisioning logs:

2016-12-01 02:16:46 +0000 /Stage[main]/Main/Letsencrypt::Certonly[schema.tf]/Exec[letsencrypt certonly schema.tf]/returns (notice): executed successfully
2016-12-01 02:16:46 +0000 /Stage[main]/Main/Letsencrypt::Certonly[schema.tf]/Cron[letsencrypt renew cron schema.tf]/ensure (notice): created
2016-12-01 02:16:53 +0000 /Stage[main]/Main/Letsencrypt::Certonly[hatf2.com]/Exec[letsencrypt certonly hatf2.com]/returns (notice): executed successfully
2016-12-01 02:16:53 +0000 /Stage[main]/Main/Letsencrypt::Certonly[hatf2.com]/Cron[letsencrypt renew cron hatf2.com]/ensure (notice): created

Just at a glance, is this usage incorrect?

class { ::letsencrypt:
  email => '[email protected]',
}->

letsencrypt::certonly { 'schema.tf': 
  domains => ['schema.tf','www.schema.tf'],
  manage_cron => true,
} ->
letsencrypt::certonly { 'hatf2.com':
  domains => ['hatf2.com','www.hatf2.com'],
  manage_cron => true,
} ->

class { 'nginx': }

[saimonn]

you shoud also have the cron command present (crontab -l), what happens if you copy-paste the one for schema.tf ?

puppet agent --debug shoud also provide more details on the exec calls.