[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#62642] [PATCH] services: certbot: Fix nginx crash when certbot is u

From: Saku Laesvuori
Subject: [bug#62642] [PATCH] services: certbot: Fix nginx crash when certbot is used without domains
Date: Thu, 13 Apr 2023 12:00:51 +0300

> IMO, certbot should be extending the nginx service only when the 'challenge' 
> field
> is #f (ideally this should be made into a “enumerated” type, where the values 
> range from
> 'http-01, 'dns-01, 'custom (as an escape hatch), ...)
> Perhaps you could partition 'certificates' by whether 'challenge' is #f or 
> not and use the
> results to craft the nginx extension value instead?

Certbot extends nginx for two reasons:

1. serving the challenge files
2. enforcing HTTPS by redirecting requests to domains with a certificate

The v2 patch adds a separate nginx server block for each certificate and
only servers challenge files if 'challenge' is #f. This also causes an
empty list of certificates to return an empty list of nginx server
blocks and thus fixes the original issue.

- Saku Laesvuori

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]