[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#62642] [PATCH] services: certbot: Fix nginx crash when certbot is u
|
From: |
Saku Laesvuori |
|
Subject: |
[bug#62642] [PATCH] services: certbot: Fix nginx crash when certbot is used without domains |
|
Date: |
Thu, 13 Apr 2023 12:00:51 +0300 |
> IMO, certbot should be extending the nginx service only when the 'challenge'
> field
> is #f (ideally this should be made into a “enumerated” type, where the values
> range from
> 'http-01, 'dns-01, 'custom (as an escape hatch), ...)
>
> Perhaps you could partition 'certificates' by whether 'challenge' is #f or
> not and use the
> results to craft the nginx extension value instead?
Certbot extends nginx for two reasons:
1. serving the challenge files
2. enforcing HTTPS by redirecting requests to domains with a certificate
The v2 patch adds a separate nginx server block for each certificate and
only servers challenge files if 'challenge' is #f. This also causes an
empty list of certificates to return an empty list of nginx server
blocks and thus fixes the original issue.
- Saku Laesvuori
signature.asc
Description: PGP signature