GNU bug report logs - #62642
[PATCH] services: certbot: Fix nginx crash when certbot is used without domains

Previous Next

Full log

View this message in rfc822 format

From: Bruno Victal <mirai <at> makinata.eu>
To: Saku Laesvuori <saku <at> laesvuori.fi>
Cc: 62642 <at> debbugs.gnu.org
Subject: [bug#62642] [PATCH] services: certbot: Fix nginx crash when certbot is used without domains
Date: Tue, 4 Apr 2023 14:21:27 +0100

On 2023-04-03 19:06, Saku Laesvuori wrote:
> Hi,
> 
>> Is there a use-case for certbot without any certificate configurations provided?
> 
> I was writing a service that extends certbot if a configuration option
> for it is set to #t. To me it seems that it is currently impossible to
> view the configuration in the service type definition, so I worked
> around it by extending certbot-service-type with an empty list if the
> option is set to #f.

Right, that's a valid use case.

> 
>> IMO it looks to me that the 'certificates' field shouldn't have a default value
>> configured instead?
> 
> Wouldn't that mean that users who use certbot only via services that
> extend it would have to configure 'certificates' to () manually and have
> their nginx configuration crash if they remove the extending services
> and forget to remove the certbot service?

You're correct, having the default value set is not a problem here.

IMO, certbot should be extending the nginx service only when the 'challenge' field
is #f (ideally this should be made into a “enumerated” type, where the values range from
'http-01, 'dns-01, 'custom (as an escape hatch), ...)

Perhaps you could partition 'certificates' by whether 'challenge' is #f or not and use the
results to craft the nginx extension value instead?


Cheers,
Bruno

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.