Certbot misconfiguration error: "duplicate extension "wasm"" and "no "ssl_certificate"" errors

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: caviomorpha.dev

I ran this command: certbot --nginx -d matrix.caviomorpha.dev

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.

2024/03/17 16:50:54 [warn] 15616#15616: duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/sites-enabled/meet.caviomorpha.dev.conf:5
2024/03/17 16:50:54 [emerg] 15616#15616: no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/matrix:1
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\n2024/03/17 16:50:54 [warn] 15616#15616: duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/sites-enabled/meet.caviomorpha.dev.conf:5\n2024/03/17 16:50:54 [emerg] 15616#15616: no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/matrix:1\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')

My web server is (include version): nginx 1.22.1-9

The operating system my web server runs on is (include version): Debian 12

My hosting provider, if applicable, is: Vultr

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.1.0

Welcome @AKM4096

Can you post the contents of that file

The above is just a warning but points to something wrong with your config. I don't believe that interferes with Certbot but you should review and correct that.

2 Likes
server_names_hash_bucket_size 64;

types {
# nginx's default mime.types doesn't include a mapping for wasm or wav.
    application/wasm     wasm;
    audio/wav            wav;
}
upstream prosody {
    zone upstreams 64K;
    server 127.0.0.1:5280;
    keepalive 2;
}
upstream jvb1 {
    zone upstreams 64K;
    server 127.0.0.1:9090;
    keepalive 2;
}
map $arg_vnode $prosody_node {
    default prosody;
    v1 v1;
    v2 v2;
    v3 v3;
    v4 v4;
    v5 v5;
    v6 v6;
    v7 v7;
    v8 v8;
}
server {
    listen 80;
    listen [::]:80;
    server_name meet.caviomorpha.dev;

    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root         /usr/share/jitsi-meet;
    }
    location = /.well-known/acme-challenge/ {
        return 404;
    }
    location / {
        return 301 https://$host$request_uri;
    }
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name meet.caviomorpha.dev;

    # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:$
    ssl_prefer_server_ciphers off;

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    add_header Strict-Transport-Security "max-age=63072000" always;
    set $prefix "";
    set $custom_index "";
    set $config_js_location /etc/jitsi/meet/meet.caviomorpha.dev-config.js;

    ssl_certificate /etc/jitsi/meet/meet.caviomorpha.dev.crt;
    ssl_certificate_key /etc/jitsi/meet/meet.caviomorpha.dev.key;

    root /usr/share/jitsi-meet;

    # ssi on with javascript for multidomain variables in config.js
    ssi on;
    ssi_types application/x-javascript application/javascript;
        
    index index.html index.htm;
    error_page 404 /static/404.html;
        
    gzip on;
    gzip_types text/plain text/css application/javascript application/json image/x-icon application/octet-stream application/wasm;
    gzip_vary on;
    gzip_proxied no-cache no-store private expired auth;
    gzip_min_length 512;
    
    include /etc/jitsi/meet/jaas/*.conf;
        
    location = /config.js {
        alias $config_js_location;
    }
        
    location = /external_api.js {
        alias /usr/share/jitsi-meet/libs/external_api.min.js;
    }
    
    location = /_api/room-info {
        proxy_pass http://prosody/room-info?prefix=$prefix&$args;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
    }
     
    location ~ ^/_api/public/(.*)$ {
        autoindex off;
        alias /etc/jitsi/meet/public/$1;
    }
        
    # ensure all static content can always be found first
   location ~ ^/(libs|css|static|images|fonts|lang|sounds|.well-known)/(.*)$
    {
        add_header 'Access-Control-Allow-Origin' '*';
        alias /usr/share/jitsi-meet/$1/$2;
    
        # cache all versioned files
        if ($arg_v) {
            expires 1y;
        }
    }
    
    # BOSH
    location = /http-bind {
        proxy_pass http://$prosody_node/http-bind?prefix=$prefix&$args;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $http_host;
        proxy_set_header Connection "";
    }
        
    # xmpp websockets
    location = /xmpp-websocket {
        proxy_pass http://$prosody_node/xmpp-websocket?prefix=$prefix&$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;
        tcp_nodelay on;
    }
    
    # colibri (JVB) websockets for jvb1
    location ~ ^/colibri-ws/default-id/(.*) {
        proxy_pass http://jvb1/colibri-ws/default-id/$1$is_args$args;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        tcp_nodelay on;  
    }
        
    # load test minimal client, uncomment when used
    #location ~ ^/_load-test/([^/?&:'"]+)$ {
    #    rewrite ^/_load-test/(.*)$ /load-test/index.html break;
    #}
    #location ~ ^/_load-test/libs/(.*)$ {
    #    add_header 'Access-Control-Allow-Origin' '*';
    #    alias /usr/share/jitsi-meet/load-test/libs/$1;
    #}
        
    location ~ ^/([^/?&:'"]+)$ {
        set $roomname "$1";
        try_files $uri @root_path;
    }
     
    location @root_path {
        rewrite ^/(.*)$ /$custom_index break; 
    }
        
    location ~ ^/([^/?&:'"]+)/config.js$
    {
        set $subdomain "$1.";
        set $subdir "$1/";

        alias $config_js_location;
    }
        
    # Matches /(TENANT)/pwa-worker.js or /(TENANT)/manifest.json to rewrite to / and look for file
    location ~ ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)$ {                                                             set $subdomain "$1.";
        set $subdir "$1/";
        rewrite ^/([^/?&:'"]+)/(pwa-worker.js|manifest.json)$ /$2;
    }
        
    # BOSH for subdomains
    location ~ ^/([^/?&:'"]+)/http-bind {   
        set $subdomain "$1.";
        set $subdir "$1/";
        set $prefix "$1";
    
        rewrite ^/(.*)$ /http-bind;
    } 
        
    # websockets for subdomains 
    location ~ ^/([^/?&:'"]+)/xmpp-websocket {
        set $subdomain "$1.";
        set $subdir "$1/";
        set $prefix "$1";
    
        rewrite ^/(.*)$ /xmpp-websocket;
    }
        
    location ~ ^/([^/?&:'"]+)/_api/room-info {
        set $subdomain "$1.";
        set $subdir "$1/";   
        set $prefix "$1"; 

        rewrite ^/(.*)$ /_api/room-info;
    }
        
    # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
    location ~ ^/([^/?&:'"]+)/(.*)$ {
        set $subdomain "$1.";
        set $subdir "$1/";                                                                                                           
        rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
    }
    
    # Anything that didn't match above, and isn't a real file, assume it's a room name and redirect to /
    location ~ ^/([^/?&:'"]+)/(.*)$ {
        set $subdomain "$1.";
        set $subdir "$1/";
        rewrite ^/([^/?&:'"]+)/(.*)$ /$2;
    }
}

Contents of /etc/nginx/meet.caviomorpha.dev.conf

And what about matrix can you post that. It has the emerg error in it

2 Likes

This section is also defined twice.

I'd suggest updating your global nginx config to include tha wasm content type, then remove it from your individual sites.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.