BUG! init_by_lua_block and certbot

Using GitHub - openresty/lua-nginx-module: Embed the Power of Lua into NGINX HTTP servers I can't use certbot.

sudo certbot --nginx

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not parse file: /etc/nginx/nginx.conf due to Expected stringEnd, found 'h' (at char 79), (line:9, col:1)
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): ^CExiting due to user request.

lua_package_path "./lua/?.lua;/etc/nginx/lua/?.lua;/path/to/lua-resty-core/lib/?.lua;;";

	init_by_lua_block {
		require "resty.core"
		collectgarbage("collect")  -- just to collect any garbage
	}

Due to the script can't parse 'lua code'.
What should I do? This module is popular.

Hi @slava1 and welcome to the LE community forum :slight_smile:

Let's start with:

of file:


error_log stderr notice;
#daemon off;

events {
  worker_connections 1024;
}

http { # line9
	
	include mime.types;

	lua_code_cache off;
	lua_package_path "./lua/?.lua;/etc/nginx/lua/?.lua;/path/to/nginx/lua-resty-core/lib/?.lua;;";

	init_by_lua_block {
		require "resty.core" # certbot crashes when I add this line and the next line
		collectgarbage("collect")  -- just to collect any garbage # these lines can be written in lua code
	}
server { ..... } # no problem here

}

line 9 is http


error_log stderr notice;
#daemon off;

events {
  worker_connections 1024;
}

http { # line9
	
	include mime.types;

	lua_code_cache off;
	lua_package_path "./lua/?.lua;/etc/nginx/lua/?.lua;/path/to/nginx/lua-resty-core/lib/?.lua;;";

	init_by_lua_block {
	}
server { ..... } # no problem here

}

looks like it certbot parser is broken: @certbot-devs could you look at this?
while, could you use webroot auth to get at certificate, skiping certbot's nginx parser?

2 Likes

Yes, I think @slava1 will need to use certbot certonly --webroot and to manually configure the resulting certificate.

Certbot's nginx plugin doesn't understand that *_by_lua_block directives are expected to contain Lua code rather than nginx directives. It's probably unlikely that this will be addressed any time soon, but I opened nginx: support *_by_lua_block directives · Issue #9066 · certbot/certbot · GitHub in case anybody wants to give it a thumbs up or propose a PR.

4 Likes

Thank you.

1 Like