[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#62642] [PATCH] services: certbot: Fix nginx crash when certbot is u
|
From: |
Bruno Victal |
|
Subject: |
[bug#62642] [PATCH] services: certbot: Fix nginx crash when certbot is used without domains |
|
Date: |
Tue, 4 Apr 2023 14:21:27 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.1 |
On 2023-04-03 19:06, Saku Laesvuori wrote:
> Hi,
>
>> Is there a use-case for certbot without any certificate configurations
>> provided?
>
> I was writing a service that extends certbot if a configuration option
> for it is set to #t. To me it seems that it is currently impossible to
> view the configuration in the service type definition, so I worked
> around it by extending certbot-service-type with an empty list if the
> option is set to #f.
Right, that's a valid use case.
>
>> IMO it looks to me that the 'certificates' field shouldn't have a default
>> value
>> configured instead?
>
> Wouldn't that mean that users who use certbot only via services that
> extend it would have to configure 'certificates' to () manually and have
> their nginx configuration crash if they remove the extending services
> and forget to remove the certbot service?
You're correct, having the default value set is not a problem here.
IMO, certbot should be extending the nginx service only when the 'challenge'
field
is #f (ideally this should be made into a “enumerated” type, where the values
range from
'http-01, 'dns-01, 'custom (as an escape hatch), ...)
Perhaps you could partition 'certificates' by whether 'challenge' is #f or not
and use the
results to craft the nginx extension value instead?
Cheers,
Bruno