Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Nginx installer not properly reloading configuration #7422
Detailed conversation could be found here:
My operating system is (include version):
Ubuntu 18.04.3 LTS
I installed Certbot with (certbot-auto, OS package manager, pip, etc):
I ran this command and it produced this output:
Certbot's behavior differed from what I expected because:
Certbot should have renewed the certificate.
Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:
I tried to reproduce this with Ubuntu 18.04.3, nginx 1.17.4 from nginx mainline, Certbot 0.31.0 from PPA, using the posted configuration (with the domain name substituted and chopped-off regex fixed). Everything worked OK.
Would you be able to zip up your entire
e.g. Certbot reloads nginx (indirectly) via SIGHUP, which is asynchronous. Your nginx takes a long time to reload its full configuration. So long that the challenge requests arrive before the new config is actually applied. The challenges fail.
I'd also like to see whether there are nginx packages from multiple locations installed:
And my nginx config files are here: nginx.tar.gz
I've faced similar issues on my deployment (16.04 LTS, NGINX PPA, Certbot PPA)
Since reporting that issue, I reviewed my certbot per-site configuration files. I removed some pre and post hooks for legacy certificates, and unified them to all use the nginx validation and installer plugins. However the impacted certificates, including my test-case in that thread, were already inline with the modern plugins and no special hooks.
I've been able to complete those outstanding renewals, but I had to rerun
In my test cases, I've been able to make renewals succeed just by running