From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 0LshNIiUjl9oVwAA0tVLHw (envelope-from ) for ; Tue, 20 Oct 2020 07:40:56 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id yCzbL4iUjl+kGgAAB5/wlQ (envelope-from ) for ; Tue, 20 Oct 2020 07:40:56 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 621AF9401DD for ; Tue, 20 Oct 2020 07:40:56 +0000 (UTC) Received: from localhost ([::1]:48590 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kUmGN-0002SQ-CZ for larch@yhetil.org; Tue, 20 Oct 2020 03:40:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34266) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kUmGF-0002SE-DY for help-guix@gnu.org; Tue, 20 Oct 2020 03:40:47 -0400 Received: from relay3-d.mail.gandi.net ([217.70.183.195]:33401) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kUmGC-0007Ok-Rf for help-guix@gnu.org; Tue, 20 Oct 2020 03:40:46 -0400 X-Originating-IP: 86.202.110.111 Received: from divoplade.home (lfbn-lyo-1-15-111.w86-202.abo.wanadoo.fr [86.202.110.111]) (Authenticated sender: d@divoplade.fr) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 21A0960002 for ; Tue, 20 Oct 2020 07:40:40 +0000 (UTC) Message-ID: <9b692ffdb5f2c36d1d180469b80d680a6124a30e.camel@divoplade.fr> Subject: Certbot service: no http -> https redirection From: divoplade To: help-guix@gnu.org Date: Tue, 20 Oct 2020 09:40:39 +0200 Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=217.70.183.195; envelope-from=d@divoplade.fr; helo=relay3-d.mail.gandi.net X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/20 03:40:41 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: kLf6pLrMhpOu Dear guix, I have a certbot service with a nginx service. If I understand correctly, certbot should hack the nginx configuration in order to register itself for all .well-known/acme-challenge (I'm not sure for the path syntax, but that's not the point) requests, and basically redirect all other HTTP requests to HTTPS. However, my system does not seem to do that. How does guix know that my web server configuration needs to be extended with certbot's anyway? Should I add a configuration entry? For now my web configuration is: https://code.divoplade.fr/divoplade-site.git/tree/divoplade/services/web.scm Notice that there's no configuration entry for certbot. My certbot configuration is: https://code.divoplade.fr/divoplade-site.git/tree/divoplade/services/certbot.scm Best regards, divoplade