Certbot-nginx: Expected string_end, found 'http'

I use certbot for multiple domains and subdomains, one with webroot, the rest with certbot-nginx.
Now i wanted to get additional certificates to add new subdomains for nginx, and i get the error:
"Could not parse file: /etc/nginx/nginx.conf due to Expected string_end, found 'http' (at char 224), (line:13, col:1)"

My nginx config is not faulty, it's working, nginx -t is good.
I found an github issue from 6 years ago where its about this problem, so i updated certbot to the current version on pip3. And i still get the same error. Which is extremely frustrating because i can not restart my server hundreds of times to somehow find it via try & error. And the error message is absolutely worthless.
I did go back to an older nginx config from a backup, thinking that it would solve it. No success.

How do i debug this?

My domain is: pixelplanet.fun (behind cloudflare)

I ran this command: certbot --nginx -d sce.pixelplanet.fun -d scf.pixelplanet.fun -d scg.pixelplanet.fun -d sch.pixelplanet.fun

It produced this output: Could not parse file: /etc/nginx/nginx.conf due to Expected string_end, found 'http' (at char 224), (line:13, col:1)

My web server is (include version): nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: idk why this would be relevant...

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.30.0

Hi @hf147,

Could you post your nginx.conf file?

The nginx configuration parser in Certbot is not perfect and doesn't understand every configuration file that nginx itself does, but this kind of error has become very rare over the past few years as most of the common unusual cases have been handled. It sounds like you have another one that has been missed.

You can browse it here:

A certbot renew --dry-run is also giving the nginx.conf parsing error, even thought that all those subdomains worked at some point.

Hi @hf147,

Thanks for sharing your configuration. I was able to reproduce the parsing problem and narrow it down to lines 46-48

which are commented-out portions of your multiline log_format definition. These cause Certbot's nginx parser to get confused and fail. (I'm guessing that perhaps some portion of the parser's handling of quotation marks doesn't realize that quotation marks should be ignored when they occur inside a line that's commented out?)

Certbot should work if you delete these three commented-out lines from your configuration, but we could also let the @certbot-devs know that there is yet another unusual case that may be worth handling in the nginx parser.

Amazing support.
Thank you for your effort!

Should i write a bugreport on certbot github?

Yes, I think that would be helpful! Thanks.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.