From mboxrd@z Thu Jan 1 00:00:00 1970 From: Robert Vollmert Subject: bug#36389: nginx/certbot interaction doesn't work as documented Date: Wed, 26 Jun 2019 10:39:22 +0200 Message-ID: <249AC56B-BE05-4162-B65D-618490163CB0@vllmrt.net> Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:49418) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hg3TH-000057-3U for bug-guix@gnu.org; Wed, 26 Jun 2019 04:40:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hg3TG-0007W3-1J for bug-guix@gnu.org; Wed, 26 Jun 2019 04:40:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:48889) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hg3TF-0007Vu-UE for bug-guix@gnu.org; Wed, 26 Jun 2019 04:40:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hg3TF-00083R-PM for bug-guix@gnu.org; Wed, 26 Jun 2019 04:40:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:470:142:3::10]:49257) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hg3Sj-0008M0-Q1 for bug-guix@gnu.org; Wed, 26 Jun 2019 04:39:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hg3Si-0006zU-SK for bug-guix@gnu.org; Wed, 26 Jun 2019 04:39:29 -0400 Received: from mx2.mailbox.org ([80.241.60.215]:9438) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hg3Si-0006xR-Kp for bug-guix@gnu.org; Wed, 26 Jun 2019 04:39:28 -0400 Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:105:465:1:1:0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx2.mailbox.org (Postfix) with ESMTPS id 93155A0D15 for ; Wed, 26 Jun 2019 10:39:25 +0200 (CEST) Received: from smtp1.mailbox.org ([80.241.60.240]) by spamfilter01.heinlein-hosting.de (spamfilter01.heinlein-hosting.de [80.241.56.115]) (amavisd-new, port 10030) with ESMTP id h68mzkaAKJVp for ; Wed, 26 Jun 2019 10:39:23 +0200 (CEST) List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 36389@debbugs.gnu.org I=E2=80=99ve tried setting up nginx with certbot on guix. Two immediate = issues: - certbot extends the nginx service to serve challenge files. It appears that this nginx service extension conflicts (silently) with an = independently configured nginx service. I.e., I had nginx previously configured, and after adding certbot, my previous nginx kept running with the previous configuration (even after herd restart nginx), while there was an = additional nginx config in the gnu store with the certbot-specific fragments. = certbot activation called nginx to test that fragment, but apparently never = started nginx (successfully?). There were no errors. After removing the stand-alone nginx service and restarting nginx, it = started with the certbot configuration. - After this, /var/lib/certbot/renew worked successfully to register a certificate, but then failed when calling the nginx deploy hook that = I=E2=80=99d copied from the guix certbot documentation, because /var/run/nginx/pid doesn=E2=80=99t exist. That might be a bug in the nginx package, not = sure. I can=E2=80=99t find an nginx pid file anywhere, and no other errors related to it = either, even though the config file includes pid /var/run/nginx/pid;