Certbot nginx issue

If there's a file in /etc/nginx/sites-enabled with non conf extensions like .bak files, certbot will add its well-known acme challenge configs to them. Which one it chooses seems to be random but because nginx only uses the files with .conf extensions, it causes certbot to fail with 403 errors.

This issue occurs running on ubuntu server 20.04 LTS using the apt installed certbot
certbot --version
certbot 0.40.0

This version of certbot is about 4 years old, unsupported, and significant changes have occured since then. For a bug report, it would be helpful if you could reproduce this issue on a more recent version.

The EFF recommends to install certbot via snap, which will get you a much more recent version to test with.

6 Likes

Please show the include line in your nginx configuration that covers that path.
Sadly, the nginx default config shows:
include /etc/nginx/sites-enabled/*;
[which would include ALL files in that folder - including the *.bak file(s)]

5 Likes

it makes sense. sites-enabled should only contain symlinks to sites-available. bak files should be in the latter.

6 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.