GNU bug report logs - #62642
[PATCH] services: certbot: Fix nginx crash when certbot is used without domains

Previous Next

Package: guix-patches;

Reported by: Saku Laesvuori <saku <at> laesvuori.fi>

Date: Mon, 3 Apr 2023 13:34:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Saku Laesvuori <saku <at> laesvuori.fi>
To: Bruno Victal <mirai <at> makinata.eu>
Cc: 62642 <at> debbugs.gnu.org
Subject: [bug#62642] [PATCH] services: certbot: Fix nginx crash when certbot is used without domains
Date: Thu, 13 Apr 2023 12:00:51 +0300

[Message part 1 (text/plain, inline)]

> IMO, certbot should be extending the nginx service only when the 'challenge' field
> is #f (ideally this should be made into a “enumerated” type, where the values range from
> 'http-01, 'dns-01, 'custom (as an escape hatch), ...)
> 
> Perhaps you could partition 'certificates' by whether 'challenge' is #f or not and use the
> results to craft the nginx extension value instead?

Certbot extends nginx for two reasons:

1. serving the challenge files
2. enforcing HTTPS by redirecting requests to domains with a certificate

The v2 patch adds a separate nginx server block for each certificate and
only servers challenge files if 'challenge' is #f. This also causes an
empty list of certificates to return an empty list of nginx server
blocks and thus fixes the original issue.

- Saku Laesvuori

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 1 year and 338 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #62642 [PATCH] services: certbot: Fix nginx crash when certbot is used without domains

GNU bug report logs - #62642
[PATCH] services: certbot: Fix nginx crash when certbot is used without domains