Cant issue certification

fgolshani · March 18, 2019, 9:42pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.sansiran.com
I ran this command:certbot --nginx -d sansiran.com -d www.sansiran.com

It produced this output:
KeyError: ‘/etc/nginx/nginx.conf’
An unexpected error occurred:

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

and the result of certbot log is:
2019-03-19 01:02:14,054:DEBUG:certbot_nginx.parser:Could not parse file: /etc/nginx/nginx.conf due to Expected stringEnd (at char 139), (line:10, col:1)
2019-03-19 01:02:15,069:DEBUG:certbot.log:Exiting abnormally:

and line 10 of the nginx.conf file is :

6-events {
7- worker_connections 768;
8-}
9-
10-http {
11-
12- lua_shared_dict prometheus_metrics 20M;

thanks for your help.

mnordhoff · March 18, 2019, 9:50pm

Can you show the rest of the Certbot traceback and the rest of nginx.conf?

Does sudo nginx -t work?

fgolshani · March 19, 2019, 7:28am

Hi,

yes it works well:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

the Certbot traceback:
2019-03-19 10:57:01,145:DEBUG:acme.client:Storing nonce: bpL_V8v5GIsWEJFMh0bLXDfdyBYv11vDK4wtVaqtCWI
2019-03-19 10:57:01,145:INFO:certbot.auth_handler:Performing the following challenges:
2019-03-19 10:57:01,145:INFO:certbot.auth_handler:http-01 challenge for www.sansiran.com
2019-03-19 10:57:01,146:INFO:certbot.auth_handler:http-01 challenge for sansiran.com
2019-03-19 10:57:01,150:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 1068, in perform
http_response = http_doer.perform()
File “/usr/lib/python3/dist-packages/certbot_nginx/http_01.py”, line 57, in perform
self._mod_config()
File “/usr/lib/python3/dist-packages/certbot_nginx/http_01.py”, line 78, in _mod_config
main = self.configurator.parser.parsed[root]
KeyError: ‘/etc/nginx/nginx.conf’

2019-03-19 10:57:01,150:DEBUG:certbot.error_handler:Calling registered functions
2019-03-19 10:57:01,150:INFO:certbot.auth_handler:Cleaning up challenges
2019-03-19 10:57:01,161:DEBUG:certbot_nginx.parser:Could not parse file: /etc/nginx/nginx.conf due to Expected stringEnd (at char 139), (line:10, col:1)
2019-03-19 10:57:02,177:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1365, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1119, in run
certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 410, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File “/usr/lib/python3/dist-packages/certbot_nginx/configurator.py”, line 1068, in perform
http_response = http_doer.perform()
File “/usr/lib/python3/dist-packages/certbot_nginx/http_01.py”, line 57, in perform
self._mod_config()
File “/usr/lib/python3/dist-packages/certbot_nginx/http_01.py”, line 78, in _mod_config
main = self.configurator.parser.parsed[root]
KeyError: ‘/etc/nginx/nginx.conf’
2019-03-19 10:57:02,178:ERROR:certbot.log:An unexpected error occurred:

JuergenAuer · March 19, 2019, 8:16am

Hi @fgolshani

I don't understand your error message. But you have a new Letsencrypt certificate, created yesterday ( https://check-your-website.server-daten.de/?q=sansiran.com ):

CN=www.sansiran.com
	18.03.2019
	16.06.2019
expires in 89 days	sansiran.com, www.sansiran.com - 2 entries

And both connections are secure. But there is no redirect http -> https.

Looks like you have created a new certificate, then changed your config file manual, then something was wrong. But you don't need a new certificate.

What's the complete output of nginx.conf?

fgolshani · March 19, 2019, 8:30am

Hi,
Yes I fixed the certificate but I didnt use Certbot I generated the certificate and changed the config file manually.

the complete out of nginx.conf:

user www-data;

worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
}

http {

lua_shared_dict prometheus_metrics 20M;
lua_package_path '/home/farbod/lua/?.lua;;';

init_by_lua_block {
    prometheus = require("prometheus").init("prometheus_metrics")

    http_requests = prometheus:counter(
        "nginx_http_requests", "Number of HTTP requests", {"host", "status"})
    http_request_time = prometheus:histogram(
        "nginx_http_request_time", "HTTP request time", {"host"})
    http_connections = prometheus:gauge(
        "nginx_http_connections", "Number of HTTP connections", {"state"})
    http_upstream_cache_status = prometheus:counter(
        "nginx_http_upstream_cache_status", "Number of HTTP upstream cache status", {"host", "status"})
    http_upstream_requests = prometheus:counter(
        "nginx_http_upstream_requests", "Number of HTTP upstream requests", {"host", "addr", "status"})
    http_upstream_response_time = prometheus:histogram(
        "nginx_http_upstream_response_time", "HTTP upstream response time", {"host", "addr"})
    http_upstream_header_time = prometheus:histogram(
        "nginx_http_upstream_header_time", "HTTP upstream header time", {"host", "addr"})
    http_upstream_connect_time = prometheus:histogram(
        "nginx_http_upstream_connect_time", "HTTP upstream connect time", {"host", "addr"})
}
log_by_lua_block {
    local function split(str)
        local array = {}
        for mem in string.gmatch(str, '([^, ]+)') do
            table.insert(array, mem)
        end
        return array
    end
    local function getWithIndex(str, idx)
        if str == nil then
            return nil
        end
        return split(str)[idx]
    end
    local host = ngx.var.host
    local status = ngx.var.status
    http_requests:inc(1, {host, status})
    http_request_time:observe(ngx.now() - ngx.req.start_time(), {host})
    local upstream_cache_status = ngx.var.upstream_cache_status
    if upstream_cache_status ~= nil then
        http_upstream_cache_status:inc(1, {host, upstream_cache_status})
    end
    local upstream_addr = ngx.var.upstream_addr
    if upstream_addr ~= nil then
        local addrs = split(upstream_addr)

        local upstream_status = ngx.var.upstream_status
        local upstream_response_time = ngx.var.upstream_response_time
        local upstream_connect_time = ngx.var.upstream_connect_time
        local upstream_header_time = ngx.var.upstream_header_time
        -- compatible for nginx commas format
        for idx, addr in ipairs(addrs) do
            if table.getn(addrs) > 1 then
                upstream_status_code = getWithIndex(ngx.var.upstream_status, idx)
                upstream_response_time = getWithIndex(ngx.var.upstream_response_time, idx)
                upstream_connect_time = getWithIndex(ngx.var.upstream_connect_time, idx)
                upstream_header_time = getWithIndex(ngx.var.upstream_header_time, idx)
            end
            if upstream_status_code ~= nil then
                http_upstream_requests:inc(1, {host, addr, upstream_status_code})
            end
            if upstream_response_time ~= nil and tonumber(upstream_response_time) ~= nil then
                http_upstream_response_time:observe(tonumber(upstream_response_time), {host, addr})
                http_upstream_header_time:observe(tonumber(upstream_header_time), {host, addr})
                http_upstream_connect_time:observe(tonumber(upstream_connect_time), {host, addr})
            end
        end
    end
}

map $uri basename { ~/(?<captured_basename>[^/]*) $captured_basename;
}
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
sendfile on;
sendfile_max_chunk 512k;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

}

JuergenAuer · March 19, 2019, 9:02am

That

looks ~~.

Not really wrong, but perhaps Certbot doesn't understand it - too much ;.

Perhaps change ' -> " and try, what happens, if you remove the two ;;

system · April 18, 2019, 9:02am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.