Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Nginx] Server Block Not Found in External Nginx Config Files with External global HTTP Block #9928

Open
vanviethieuanh opened this issue Apr 6, 2024 · 0 comments
Open

[Nginx] Server Block Not Found in External Nginx Config Files with External global HTTP Block #9928

vanviethieuanh opened this issue Apr 6, 2024 · 0 comments

Comments

@vanviethieuanh
Copy link

My operating system is (include version):

Linux - Debian 5.10.209-2 (2024-01-31) x86_64 GNU/Linux

I installed Certbot with:

snap

I ran this command:

sudo certbot --nginx -d example.com -d www.example.com # I replaced with my domain

and it produced this output:

Certbot could not find a block to include challenges in /etc/nginx/nginx.conf.

Certbot's behavior differed from what I expected because:

I expect it can find my include where I put by http block (in another file, not 'nginx.conf') and continue finding for the server block.

Here is a Certbot log showing the issue (if available):

DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot_nginx/_internal/configurator.py", line 1218, in perform
    http_response = http_doer.perform()
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot_nginx/_internal/http_01.py", line 64, in perform
    self._mod_config()
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot_nginx/_internal/http_01.py", line 131, in _mod_config
    raise errors.MisconfigurationError(
certbot.errors.MisconfigurationError: Certbot could not find a block to include challenges in /etc/nginx/nginx.conf.

DEBUG:certbot._internal.error_handler:Calling registered functions
INFO:certbot._internal.auth_handler:Cleaning up challenges
DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/3700/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/main.py", line 1450, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot_nginx/_internal/configurator.py", line 1218, in perform
    http_response = http_doer.perform()
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot_nginx/_internal/http_01.py", line 64, in perform
    self._mod_config()
  File "/snap/certbot/3700/lib/python3.8/site-packages/certbot_nginx/_internal/http_01.py", line 131, in _mod_config
    raise errors.MisconfigurationError(
certbot.errors.MisconfigurationError: Certbot could not find a block to include challenges in /etc/nginx/nginx.conf.

Here is the relevant nginx server block or Apache virtual host for the domain I am configuring:

worker_processes 1;

events {
    worker_connections 1024;
}

include /etc/nginx/conf.d/http.conf;

As I see:

In certbot/certbot-nginx/certbot_nginx/_internal/http_01.py:L87C1-L93C22 the code will try to find a http block in nginx.conf for start.

This will fail if I put my global http block in an external file like this case.

Admittedly, this scenario is somewhat uncommon, but it warrants consideration for enhancing the parsing and detection capabilities to handle all possible cases. Perhaps a gentle warning for users could be beneficial.

Thanks! You all are awesome!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vanviethieuanh