Nginx Perl module related to restart failure upon renewal (segmentation fault)

This is less of a "help" topic and more just me documenting a problem I ran into and how I fixed it. Mods, please feel free to move this to another category, but I think it should be kept somewhere. May not even be a problem with Certbot but something users of Certbot should be aware of.

My system details

Symptom

On certbot renew (I was running it with --dry-run) renewal succeeds but Nginx fails to restart/reload. systemctl status nginx shows:

Starting A high performance web server and a reverse proxy server...
Started A high performance web server and a reverse proxy server.
nginx.service: Main process exited, code=dumped, status=11/SEGV
nginx.service: Killing process 11747 (nginx) with signal SIGKILL.
nginx.service: Killing process 11747 (nginx) with signal SIGKILL.
nginx.service: Failed with result 'core-dump'.

The 'Solution'

This isn't a solution if you need the Perl module but if you don't then it works: disable the Perl module. On my system, that means removing the symlink:

rm /etc/nginx/modules-enabled/50-mod-http-perl.conf

That removes the symlink that was pointed to /usr/share/nginx/modules-available/mod-http-perl.conf and thus disables the Perl module.

Certbot renewal works normally after that.

3 Likes

Thanks for the tip!

I'm wondering: did your nginx work with the Perl module enabled before you used certbot?

1 Like

I'm not sure I could really say. I don't use the Perl module and of course Certbot is one of the first things I set up, before I add any site content. So I don't know how I'd properly test that the Perl module was working, and didn't perform any such test.

Adding these notes for clarity:

  • This is Nginx as installed using apt's nginx-extras with no modifications
  • Nginx restart and reload behaved normally with Perl module enabled, prior to doing anything with Certbot
  • With the Perl module enabled, Nginx could be restarted after it died (or was killed) on renewal by manually using systemctl

Edit:

Perhaps I overthought the answer. Everything was working normally with Nginx with the Perl module enabled prior to testing Certbot renewal, as far as I could tell.

3 Likes

Ooh, curious. We had another user run into problem with the nginx perl module as well. I posted my thoughts at the time here with pretty much the same workaround.

That may have been the post I saw that prompted me to try disabling the Perl module. I had previously got Nginx working with Certbot by disabling all modules (not ideal). It was either that thread or one on Github.

Seems like it would most likely be an issue with the Perl module rather than Certbot. Does anyone happen to know if there's an appropriate place to let whoever runs that project know about this problem?

Anyway, just posting it here so hopefully it shows up in a Google search result and saves someone else the headache it caused me. :persevere:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.