Crash on starting certbot-nginx with a clean nginx install UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 10453: ordinal not in range(128)

[Lillian-Violet]

My operating system is (include version):

4.15.6-1-ARCH

I installed Certbot with (certbot-auto, OS package manager, pip, etc):

pacman -S certbot-nginx

I ran this command and it produced this output:

sudo certbot --nginx

Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 10453: ordinal not in range(128)
Please see the logfiles in /var/log/letsencrypt for more details.

Certbot's behavior differed from what I expected because:

I would have expected a clean install of nginx and certbot to give me a certificate without problem, but for some reason it crashes, and I can't figure out why.

Here is a Certbot log showing the issue (if available):

Logs are stored in /var/log/letsencrypt by default. Feel free to redact domains, e-mail and IP addresses as you see fit.

2018-03-03 15:33:11,925:DEBUG:certbot.main:certbot version: 0.21.1
2018-03-03 15:33:11,926:DEBUG:certbot.main:Arguments: ['--nginx']
2018-03-03 15:33:11,927:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-03-03 15:33:11,947:DEBUG:certbot.log:Root logging level set at 20
2018-03-03 15:33:11,948:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-03-03 15:33:11,950:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2018-03-03 15:33:11,998:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.21.1', 'console_scripts', 'certbot')()
File "/usr/lib/python3.6/site-packages/certbot/main.py", line 1240, in main
return config.func(config, plugins)
File "/usr/lib/python3.6/site-packages/certbot/main.py", line 981, in run
installer, authenticator = plug_sel.choose_configurator_plugins(config, plugins, "run")
File "/usr/lib/python3.6/site-packages/certbot/plugins/selection.py", line 189, in choose_configurator_plugins
authenticator = installer = pick_configurator(config, req_inst, plugins)
File "/usr/lib/python3.6/site-packages/certbot/plugins/selection.py", line 25, in pick_configurator
(interfaces.IAuthenticator, interfaces.IInstaller))
File "/usr/lib/python3.6/site-packages/certbot/plugins/selection.py", line 77, in pick_plugin
verified.prepare()
File "/usr/lib/python3.6/site-packages/certbot/plugins/disco.py", line 248, in prepare
return [plugin_ep.prepare() for plugin_ep in six.itervalues(self._plugins)]
File "/usr/lib/python3.6/site-packages/certbot/plugins/disco.py", line 248, in
return [plugin_ep.prepare() for plugin_ep in six.itervalues(self._plugins)]
File "/usr/lib/python3.6/site-packages/certbot/plugins/disco.py", line 130, in prepare
self._initialized.prepare()
File "/usr/lib/python3.6/site-packages/certbot_nginx/configurator.py", line 131, in prepare
self.parser = parser.NginxParser(self.conf('server-root'))
File "/usr/lib/python3.6/site-packages/certbot_nginx/parser.py", line 38, in init
self.load()
File "/usr/lib/python3.6/site-packages/certbot_nginx/parser.py", line 45, in load
self._parse_recursively(self.config_root)
File "/usr/lib/python3.6/site-packages/certbot_nginx/parser.py", line 66, in _parse_recursively
self._parse_recursively(subentry[1])
File "/usr/lib/python3.6/site-packages/certbot_nginx/parser.py", line 56, in _parse_recursively
trees = self._parse_files(filepath)
File "/usr/lib/python3.6/site-packages/certbot_nginx/parser.py", line 206, in _parse_files
parsed = nginxparser.load(_file)
File "/usr/lib/python3.6/site-packages/certbot_nginx/nginxparser.py", line 123, in load
return loads(_file.read())
File "/usr/lib/python3.6/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 10453: ordinal not in range(128)
2018-03-03 15:33:12,000:ERROR:certbot.log:An unexpected error occurred:

Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:

I am using the standard configuration of nginx as a test environment right now, there is no change in configuration from the standard nginx or certbot package from the arch repositories.

[schoen]

Hi @GLaDTheresCake ,

I think this is a duplicate of #5646 or one of the other Unicode issues mentioned there. This is definitely a bug in Certbot.

A likely workaround is to remove non-ASCII Unicode characters such as ö or ñ from comments and/or filenames in your nginx configuration file. In the future, Certbot should be fixed so it doesn't crash when encountering these. Sorry for the inconvenience!

See also my comment related to this at

https://community.letsencrypt.org/t/certbot-unicodedecodeerror/52020/2

[Ariel-Rodriguez]

Hello there,
I've been running the same issue, and i found this tread by "googleing".
So, besides this issue is duplicated and closed already, i just want to share my solution that worked for me:

I could reproduce the issue because, LLC was not set on my remote server, so whenever i connected through SSH i saw this at console:

manpath: can't set the locale; make sure $LC_* and $LANG are correct

I followed stackoverflow's answer:
https://stackoverflow.com/questions/45995530/manpath-cant-set-the-locale-make-sure-lc-and-lang-are-correct

sudo locale-gen "en_US.UTF-8"
sudo dpkg-reconfigure locales
and in file /etc/default/locale add line LC_ALL="en_US.UTF-8" and relogin to you server

After this, finish and start your ssh session again. Ensure that warning log is gone.
Now sudo certbot --nginx is working fine form me.

I hope this does help to others as well.

[egberts]

Using the following command:

grep -r -P '[^\x00-\x7f]' /etc/apache2 /etc/letsencrypt /etc/nginx

Found mine in

/etc/letsencrypt/options-ssl-nginx.conf:        # The following CSP directives don't use default-src as 

Using shed, I found the offending sequence. It turned out to be an editor mistake.

00008099:     C2  194 302 11000010
00008100:     A0  160 240 10100000
00008101:  d  64  100 144 01100100
00008102:  e  65  101 145 01100101
00008103:  f  66  102 146 01100110
00008104:  a  61  097 141 01100001
00008105:  u  75  117 165 01110101
00008106:  l  6C  108 154 01101100
00008107:  t  74  116 164 01110100
00008108:  -  2D  045 055 00101101
00008109:  s  73  115 163 01110011
00008110:  r  72  114 162 01110010
00008111:  c  63  099 143 01100011
00008112:     C2  194 302 11000010
00008113:     A0  160 240 10100000

[adriennn]

The crazy thing i that certbot was failing for me due to a hidden char in a non-enabled site configuration file (not in sites-enabled) ...

[timsengit]

In my situation，the case is chinese character in nginx config file ,so remove them help me