From 671ebc985b4187b011e8ec31b6fdf1d93846acf2 Mon Sep 17 00:00:00 2001
From: Pieter <pieter@kolabnow.com>
Date: Mon, 12 Jan 2026 07:07:55 +0100
Subject: [PATCH] fix: Remove blocking HTTPS check from Authentik bootstrap
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The HTTPS readiness check was causing deployment timeouts because:
- DNS propagation can take up to 5 minutes
- Let's Encrypt certificate issuance takes 30-60 seconds
- Deployment would timeout waiting for HTTPS to work

This check was unnecessary because:
- Authentik health is already verified via Docker health check
- OIDC provider creation uses internal localhost API (doesn't need HTTPS)
- HTTPS will work automatically once DNS/SSL is ready

Changes:
- Removed uri check for https://{{ authentik_domain }}/
- Removed 60 retries × 15 second delay (15 minute timeout)
- Added informational note about DNS/SSL timing
- Deployment now continues immediately after Docker health check

Result: Deployment completes in ~5 minutes instead of timing out.
DNS and SSL still propagate normally in the background.

Fixes: Deployment timeout issue during fresh builds

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 ansible/roles/authentik/tasks/bootstrap.yml | 29 +++------------------
 1 file changed, 4 insertions(+), 25 deletions(-)

diff --git a/ansible/roles/authentik/tasks/bootstrap.yml b/ansible/roles/authentik/tasks/bootstrap.yml
index 2c29ae3..18541e8 100644
--- a/ansible/roles/authentik/tasks/bootstrap.yml
+++ b/ansible/roles/authentik/tasks/bootstrap.yml
@@ -1,31 +1,6 @@
 ---
 # Bootstrap tasks for initial Authentik configuration
 
-- name: Wait for Authentik to be fully ready
-  uri:
-    url: "https://{{ authentik_domain }}/"
-    validate_certs: yes
-    status_code: [200, 302]
-  register: authentik_ready
-  until: authentik_ready.status in [200, 302]
-  retries: 60
-  delay: 15
-  failed_when: false
-
-- name: Display warning if HTTPS access not yet available
-  debug:
-    msg: |
-      ⚠ WARNING: Authentik not yet accessible via HTTPS
-
-      This is normal during initial deployment when:
-      - DNS records are still propagating
-      - Let's Encrypt certificates are being issued
-      - Traefik is still configuring routes
-
-      Authentik is running internally and will be accessible soon.
-      The deployment will continue with internal checks.
-  when: authentik_ready.status not in [200, 302]
-
 - name: Display bootstrap status
   debug:
     msg: |
@@ -43,4 +18,8 @@
       The admin account and API token are automatically configured
       via AUTHENTIK_BOOTSTRAP_* environment variables.
 
+      Note: HTTPS access requires DNS propagation and SSL certificate
+      issuance. This typically takes 1-5 minutes after deployment.
+      Authentik is accessible internally and the deployment will continue.
+
       Documentation: https://docs.goauthentik.io