The problem when installed in Nginx SSL Certificates

Hello.

The problem arises when choosing a design, and tried to Apache for nginh. The log a lot of mistakes. Putting on this documentation https://letsencrypt.readthedocs.org/en/latest/using.html#debian for Debian.

OS GNU\Linux Debian 7.9 (Wheezy)

Log file:

File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/parser.py", line 39, in __init__
    self.update_runtime_variables(ctl)
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/parser.py", line 97, in update_runtime_variables
    stdout = self._get_runtime_cfg(ctl)
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/parser.py", line 139, in _get_runtime_cfg
    "Apache is unable to check whether or not the module is "
MisconfigurationError: Apache is unable to check whether or not the module is loaded because Apache is misconfigured.
2015-10-04 13:04:54,718:DEBUG:letsencrypt_nginx.parser:Could not parse file: /etc/nginx/mime.types
2015-10-04 13:04:54,734:DEBUG:letsencrypt.display.ops:Multiple candidate plugins: * apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = letsencrypt_apache.configurator:ApacheConfigurator
Initialized: <letsencrypt_apache.configurator.ApacheConfigurator object at 0x419fb50>
Prep: Apache is unable to check whether or not the module is loaded because Apache is misconfigured.

* nginx
Description: Nginx Web Server - currently doesn't work
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = letsencrypt_nginx.configurator:NginxConfigurator
Initialized: <letsencrypt_nginx.configurator.NginxConfigurator object at 0x419f150>
Prep: True
2015-10-04 13:04:55,956:DEBUG:letsencrypt.cli:Picked account: <Account(4b52004097593f9bf1a80a1d78c1724f)>
2015-10-04 13:04:55,956:DEBUG:root:Sending GET request to https://acme-staging.api.letsencrypt.org/directory. args: (), kwargs: {}
2015-10-04 13:04:55,963:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2015-10-04 13:04:57,242:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory HTTP/1.1" 200 279
2015-10-04 13:04:57,244:DEBUG:root:Received <Response [200]>. Headers: {'content-length': '279', 'expires': 'Sun, 04 Oct 2015 13:04:57 GMT', 'strict-transport-security': 'max-age=604800', 'server': 'nginx', 'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Sun, 04 Oct 2015 13:04:57 GMT', 'x-frame-options': 'DENY', 'content-type': 'application/json', 'access-control-allow-origin': '*, *', 'replay-nonce': 'Vb_IFg-9d10OtwZRFRm_H_URtl0aYSRSzxrauvs9P_0'}. Content: '{"new-authz":"https://acme-staging.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-staging.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-staging.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-staging.api.letsencrypt.org/acme/revoke-cert"}'
2015-10-04 13:04:57,244:DEBUG:acme.client:Received response <Response [200]> (headers: {'content-length': '279', 'expires': 'Sun, 04 Oct 2015 13:04:57 GMT', 'strict-transport-security': 'max-age=604800', 'server': 'nginx', 'connection': 'keep-alive', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Sun, 04 Oct 2015 13:04:57 GMT', 'x-frame-options': 'DENY', 'content-type': 'application/json', 'access-control-allow-origin': '*, *', 'replay-nonce': 'Vb_IFg-9d10OtwZRFRm_H_URtl0aYSRSzxrauvs9P_0'}): '{"new-authz":"https://acme-staging.api.letsencrypt.org/acme/new-authz","new-cert":"https://acme-staging.api.letsencrypt.org/acme/new-cert","new-reg":"https://acme-staging.api.letsencrypt.org/acme/new-reg","revoke-cert":"https://acme-staging.api.letsencrypt.org/acme/revoke-cert"}'
2015-10-04 13:04:57,316:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0009_key-letsencrypt.pem
2015-10-04 13:04:57,318:INFO:letsencrypt.crypto_util:Creating CSR: /etc/letsencrypt/csr/0009_csr-letsencrypt.pem
2015-10-04 13:04:57,318:DEBUG:letsencrypt.client:CSR: CSR(file='/etc/letsencrypt/csr/0009_csr-letsencrypt.pem', data='0\x82\x02\x810\x82\x01i\x02\x000\x151\x130\x11\x06\x03U\x04\x03\x0c\ncodyor.com0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xcc\x00\xd4M\xeaVdTc\xe1\xe1\x83\xb3\x833\xf3\x7f-\x8aJ1\xbf7h\xf8\xa5E\xeb1\xe5p\x9e\xce\xcd"\x0cg\x16/\x86\x86\xe6tlv\xb3\x01\x84\xd5X\xf4$f\xc5R)\x9e\xaf\x04\x19\x1c\xfd\x9c\xcf\xbb\xef\x830Jj\x05\xca%\x10\x94\xf4\x86\xc5\x9d\x18\xffj\xc425i\xdf&\x99\xf4Y\x99\xf9\x1a\x0bE\x97\x06\xc9\xc0\xd7\x03\xed\xe7.h/\xec\xcc\xd0\x13f\xae\t/\xceZ\xa2d\x17\x84\x9e\xd9\xa3]\xdf\x05\xca\x8f\xc5x\x9dr\x91*\xa5\xf7\xb6y\xf2\xde\xdfV\xc4)\x9d\xe5\xc0\x95\x87G\xf2\xafzm\xc0\x9d\'\xe9\xces9c/d\xa57\x98*\x14\xd9\x97\xed@\xf9\x1f\xa6\xbebJ\xf7i\xa3\xcd\x90M\x14\xf9qOS7\xff\x1d\xf7\x19\x87\x1f\x80\xfe~\x8fV\xd4\xee\xf4O_2\x1f\x7fplY\xc4R|\xdf\x8b\xda\x1dB[D\x89\x8c\xeb\x1a\xc16Y\xcb\x8cW\xc8\x7f\x93\x17N\x8f\xa0\x03"\x0e+\xb3\xe5\x8d0\xa0b\xc4\x12\xfb\xcc\x03\x02\x03\x01\x00\x01\xa0(0&\x06\t*\x86H\x86\xf7\r\x01\t\x0e1\x190\x170\x15\x06\x03U\x1d\x11\x04\x0e0\x0c\x82\ncodyor.com0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x1dp\x03,\x01\x07\xef)\x9dS\xe5\xcb\xfe \x19\xdd\x16\xa2\x98\x04\xfcWG\xd0\x13Q\xd4{\xbf\xee\xfd\xad\x85\x12\xcexY\x0c6\x19\xad\x96\x1d\xcf\x8b\xc1\x0b\x1dtP\xfcr@\xbdN\x7fZ@m5T\n\xef-\n\x13]\x1e\xda\x86\xf0b\xe0\xc8z\x144"\rvE\xc1\x1c"d\xf3\xf6&?\x03b\x18\r\xa0\xa6\x88\xcfL\x1b\xe7*%O\x8e\x90\x0fcV\xc5\xe8\x07\x9b\xae\xaf\xce\xc5\xd3\xa9\x11\x13\t\x00\xbf\xdeR\xc8\xed\nH\xbb\xce*\x94\x15\x1dt]\xcf\xf4\xfd\x9c\xcc\x9b\x14\x86\x94gH\x00Olb[S\xf7\xdc_\x16n\xb4kR\xda@\xbb\x18\x96\x1a\x89\xf9A\x19T\xaaa+N\x95?\xa0\xeaF\xad\x9d\x98\x084\xee\xcb3\xc1\xec\xfcK\x9e\xfar\xf9%\xe4\x84\x8e\xc6\xa7\xa7\xf0hl\xaa\x89z\x03\xdfy\xeb\xb8\xb0p\xd5\xa63F-\x03\xa1\x0cR\xb2\xee\xe7\x8e\x02o%\x15K\x9e\xd2\xea\x1e\xbd\xa1\xb4\xda\x8e\x00\xaa\xe4^2\xb0H\x11$\x1a\x1f', form='der'), domains: ['codyor.com']
2015-10-04 13:04:57,318:DEBUG:root:Requesting fresh nonce
2015-10-04 13:04:57,318:DEBUG:root:Sending HEAD request to https://acme-staging.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2015-10-04 13:04:57,319:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2015-10-04 13:04:57,635:DEBUG:requests.packages.urllib3.connectionpool:"HEAD /acme/new-authz HTTP/1.1" 405 0
2015-10-04 13:04:57,637:DEBUG:root:Received <Response [405]>. Headers: {'content-length': '0', 'pragma': 'no-cache', 'expires': 'Sun, 04 Oct 2015 13:04:57 GMT', 'server': 'nginx', 'connection': 'keep-alive', 'allow': 'POST', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Sun, 04 Oct 2015 13:04:57 GMT', 'access-control-allow-origin': '*', 'content-type': 'application/problem+json', 'replay-nonce': 'YM2zX9VmcpaaLxdDB1JBqEGCEybGrtIkQLbxJzB5WtI'}. Content: ''
2015-10-04 13:04:57,637:DEBUG:acme.client:Storing nonce: "`\xcd\xb3_\xd5fr\x96\x9a/\x17C\x07RA\xa8A\x82\x13&\xc6\xae\xd2$@\xb6\xf1'0yZ\xd2"
2015-10-04 13:04:57,637:DEBUG:acme.jose.json_util:Omitted empty fields: combinations=None, challenges=None, expires=None, status=None
2015-10-04 13:04:57,637:DEBUG:acme.client:Serialized JSON: {"identifier": {"type": "dns", "value": "codyor.com"}, "resource": "new-authz"}
2015-10-04 13:04:57,638:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jwk=None, alg=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None
2015-10-04 13:04:57,640:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonce=None
2015-10-04 13:04:57,640:DEBUG:root:Sending POST request to https://acme-staging.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {'data': '{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "wE4plwDKXiTz-96WwowG2pbNIUtaKvlBFtCXtyntLtO7dON91rB6IeP8MFesUbYyNvYkZ7e4KNLBYbFLNcZ7rIdvrPBM_8EhLLl3YogPDGRWBolJIOh0YPdQCy2HDSlwkM6ikXVHixB--yT0mimFab4ENndnus6ZirJdYovo1tkjMnDeRSHLkV22WUN2hqUyyLB4NHwzf2pHo7rIU2KnCtk1m7AYo_OC8YtlHtnqkkW5ZEgnuetzWRLxJ7XQhBT2GtQN_lj94WpnyJcr_QZYja--a88NaVwwMdmUDMOeDRhWB5tTMV2dB0QgEIS89ETL8wzOXEa4_xFsz9q1pi0hdw"}}, "protected": "eyJub25jZSI6ICJZTTJ6WDlWbWNwYWFMeGREQjFKQnFFR0NFeWJHcnRJa1FMYnhKekI1V3RJIn0", "payload": "eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJjb2R5b3IuY29tIn0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ", "signature": "nBX_PnosomW6_SUmzXY3zPRTJcxGGP6rz8q3Zd2UTC3BbNO3sEY8IB10Jerz8ZV92khciJ0Sgw2ha3CFDA4rZn9pfAGOo0qOi97hj6LUxZvfgFj-DkDe-mCmlO1n4iGHVU-fgnpICX2nXzJPI7O5EWDlDwWDUj54KB9J1tHikIDp0CT7kamkivcYX-FEnyB23NsQNC1-qf4edgbw6yHi5IuTdCgefcsc49BCBGM9nsn73Q5zPI_6QJhdINGicx1OnA2Wmn64YqfZCb9EBGMZLUrmmfUPxFszlgZ1OiLrIWTBhQMrVRZkkjoFdTOX7frADY9MSwZTpuObKNHQmYmZgg"}'}
2015-10-04 13:04:57,641:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2015-10-04 13:04:58,943:DEBUG:requests.packages.urllib3.connectionpool:"POST /acme/new-authz HTTP/1.1" 201 578
2015-10-04 13:04:58,945:DEBUG:root:Received <Response [201]>. Headers: {'content-length': '578', 'expires': 'Sun, 04 Oct 2015 13:04:58 GMT', 'strict-transport-security': 'max-age=604800', 'server': 'nginx', 'connection': 'keep-alive', 'link': '<https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"', 'location': 'https://acme-staging.api.letsencrypt.org/acme/authz/Kwjb0cGgUAkIoQnEAnj5fL9Pn1QKldjuTMKtZixwcN0', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Sun, 04 Oct 2015 13:04:58 GMT', 'access-control-allow-origin': '*, *', 'content-type': 'application/json', 'x-frame-options': 'DENY', 'replay-nonce': 'J39FLBfaij21SlYrQ_LpaQcD3fChiR82xjwiGbX28bA'}. Content: '{"identifier":{"type":"dns","value":"codyor.com"},"status":"pending","expires":"2016-07-30T13:04:57.791910441Z","challenges":[{"type":"simpleHttp","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/Kwjb0cGgUAkIoQnEAnj5fL9Pn1QKldjuTMKtZixwcN0/110301","token":"USTJUQo_NiV9DD4PfTHsSkoOcWfdvDbfGU001Vx9mlU","tls":true},{"type":"dvsni","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/Kwjb0cGgUAkIoQnEAnj5fL9Pn1QKldjuTMKtZixwcN0/110311","token":"wuX8cRK1_Wm7Yo-MFNSjdwmu5BRvmj7BUm66x0Bv7O4"}],"combinations":[[0],[1]]}'
2015-10-04 13:04:58,945:DEBUG:acme.client:Storing nonce: '\'\x7fE,\x17\xda\x8a=\xb5JV+C\xf2\xe9i\x07\x03\xdd\xf0\xa1\x89\x1f6\xc6<"\x19\xb5\xf6\xf1\xb0'
2015-10-04 13:04:58,945:DEBUG:acme.client:Received response <Response [201]> (headers: {'content-length': '578', 'expires': 'Sun, 04 Oct 2015 13:04:58 GMT', 'strict-transport-security': 'max-age=604800', 'server': 'nginx', 'connection': 'keep-alive', 'link': '<https://acme-staging.api.letsencrypt.org/acme/new-cert>;rel="next"', 'location': 'https://acme-staging.api.letsencrypt.org/acme/authz/Kwjb0cGgUAkIoQnEAnj5fL9Pn1QKldjuTMKtZixwcN0', 'pragma': 'no-cache', 'cache-control': 'max-age=0, no-cache, no-store', 'date': 'Sun, 04 Oct 2015 13:04:58 GMT', 'access-control-allow-origin': '*, *', 'content-type': 'application/json', 'x-frame-options': 'DENY', 'replay-nonce': 'J39FLBfaij21SlYrQ_LpaQcD3fChiR82xjwiGbX28bA'}): '{"identifier":{"type":"dns","value":"codyor.com"},"status":"pending","expires":"2016-07-30T13:04:57.791910441Z","challenges":[{"type":"simpleHttp","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/Kwjb0cGgUAkIoQnEAnj5fL9Pn1QKldjuTMKtZixwcN0/110301","token":"USTJUQo_NiV9DD4PfTHsSkoOcWfdvDbfGU001Vx9mlU","tls":true},{"type":"dvsni","status":"pending","uri":"https://acme-staging.api.letsencrypt.org/acme/challenge/Kwjb0cGgUAkIoQnEAnj5fL9Pn1QKldjuTMKtZixwcN0/110311","token":"wuX8cRK1_Wm7Yo-MFNSjdwmu5BRvmj7BUm66x0Bv7O4"}],"combinations":[[0],[1]]}'
2015-10-04 13:04:58,946:INFO:letsencrypt.auth_handler:Performing the following challenges:
2015-10-04 13:04:58,946:INFO:letsencrypt.auth_handler:dvsni challenge for codyor.com
2015-10-04 13:04:58,947:DEBUG:letsencrypt.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 115, in _solve_challenges
    dv_resp = self.dv_auth.perform(self.dv_c)
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/configurator.py", line 1137, in perform
    sni_response = apache_dvsni.perform()
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/dvsni.py", line 65, in perform
    str(self.configurator.config.dvsni_port), True)
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/configurator.py", line 498, in prepare_server_https
    if "ssl_module" not in self.parser.modules:
AttributeError: 'NoneType' object has no attribute 'modules'

2015-10-04 13:04:58,947:DEBUG:letsencrypt.error_handler:Calling registered functions
2015-10-04 13:04:58,947:INFO:letsencrypt.auth_handler:Cleaning up challenges
2015-10-04 13:05:00,093:ERROR:letsencrypt.error_handler:Encountered exception during recovery
2015-10-04 13:05:00,098:ERROR:letsencrypt.error_handler:'NoneType' object has no attribute 'init_modules'
Traceback (most recent call last):
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/error_handler.py", line 69, in call_registered
    self.funcs[-1]()
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 282, in _cleanup_challenges
    self.dv_auth.cleanup(dv_c)
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/configurator.py", line 1160, in cleanup
    self.parser.init_modules()
AttributeError: 'NoneType' object has no attribute 'init_modules'
2015-10-04 13:05:00,103:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
  File "./venv/bin/letsencrypt", line 9, in <module>
    load_entry_point('letsencrypt==0.1', 'console_scripts', 'letsencrypt')()
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 982, in main
    return args.func(args, config, plugins)
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 338, in run
    lineage = _auth_from_domains(le_client, config, domains, plugins)
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/cli.py", line 299, in _auth_from_domains
    lineage = le_client.obtain_and_enroll_certificate(domains, plugins)
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/client.py", line 231, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/client.py", line 214, in obtain_certificate
    return self._obtain_certificate(domains, csr) + (key, csr)
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/client.py", line 172, in _obtain_certificate
    authzr = self.auth_handler.get_authorizations(domains)
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 80, in get_authorizations
    cont_resp, dv_resp = self._solve_challenges()
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 115, in _solve_challenges
    dv_resp = self.dv_auth.perform(self.dv_c)
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/configurator.py", line 1137, in perform
    sni_response = apache_dvsni.perform()
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/dvsni.py", line 65, in perform
    str(self.configurator.config.dvsni_port), True)
  File "/srv/letsencrypt/venv/local/lib/python2.7/site-packages/letsencrypt_apache/configurator.py", line 498, in prepare_server_https
    if "ssl_module" not in self.parser.modules:
AttributeError: 'NoneType' object has no attribute 'modules'

Help me, please.

Thank You.

Help , people, please. How to use letsencrypt for nginx virtualhost.

no sure if they have made such changes yet but they have or will temporarily disable nginx support from the client https://github.com/letsencrypt/letsencrypt/issues/866 during the beta phase

@MrConstantine, as @eva2000 says, the nginx plugin is currently broken and we are encouraging people not to use it right now.

Is the nginx plugin still broken? :thinking:

No, the nginx plugin is generally working great nowadays! If you do encounter a problem with it, please start a new topic here and we’ll try to help you work it out.

1 Like