我已经在 Ubuntu Server 17.10 上使用 NGINX 运行 Let's Encrypt 的 certbot 实用程序一段时间了,虽然它运行良好,但我更喜欢 FreeBSD。直到最近(2018 年 2 月),FreeBSD 上的 certbot 才可以使用 nginx 插件,但现在可以使用了,是时候迁移到 FreeBSD 了。
Nginx 很简单,复制/粘贴配置就可以启动并运行(只需对路径进行一些调整)。
Certbot 和/etc/letsencrypt层次结构也不算太难,直到我尝试运行certbot renew --dry-run以测试一切是否正常。整个层次结构被完整复制,符号链接完好无损(使用tar),更新配置文件中的路径被更改为反映新位置(/usr/local/etc/letsencrypt而不是/etc/letsencrypt)。Nginx 配置位于/usr/local/etc/nginx/nginx.conf。
我运行时得到的错误信息certbot如下:
# certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
Certbot doesn't know how to automatically configure the web server on
this system. However, it can still get a certificate for you. Please run
"certbot certonly" to do so. You'll need to manually configure your web
server to use the resulting certificate.
内容/var/log/letsencrypt/letsencrypt.log:
# cat /var/log/letsencrypt/letsencrypt.log
2018-04-04 18:52:42,032:DEBUG:certbot.main:certbot version: 0.22.2
2018-04-04 18:52:42,033:DEBUG:certbot.main:Arguments: []
2018-04-04 18:52:42,033:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-04-04 18:52:42,051:DEBUG:certbot.log:Root logging level set at 20
2018-04-04 18:52:42,052:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-04-04 18:52:42,052:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2018-04-04 18:52:42,065:ERROR:certbot.util:Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
2018-04-04 18:52:42,065:DEBUG:certbot.plugins.disco:Misconfigured PluginEntryPoint#nginx: Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/certbot/plugins/disco.py", line 126, in prepare
self._initialized.prepare()
File "/usr/local/lib/python2.7/site-packages/certbot_nginx/configurator.py", line 134, in prepare
self.config_test()
File "/usr/local/lib/python2.7/site-packages/certbot_nginx/configurator.py", line 798, in config_test
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
2018-04-04 18:52:42,066:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x80217c0d0>
Prep: Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)
nginx: configuration file /etc/nginx/nginx.conf test failed
2018-04-04 18:52:42,067:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
最令人沮丧的是,如果我创建一个从/usr/local/etc/nginx到的符号链接/etc/nginx,一切都会正常。
我还想指出,nginx 运行良好,证书也是如此。当上述符号链接到位时,证书更新也有效。
我知道我可以向 certbot 发出标志来指示它在配置的默认值以外的其他地方查找 nginx 文件或将这些标志放在配置文件中,但如果可能的话,我宁愿让它在没有这些标志的情况下工作。
我认为这一切都源于我从 Linux 服务器复制了 letsencrypt 目录树,所以我的问题很简单,是否有办法“重新配置” certbot 来查找下面的 nginx 配置,/usr/local/etc/nginx而不是/etc/nginx。
系统信息:
FreeBSD 11.1-RELEASE-p9 amd64,标准内核
Nginx:www/nginx-devel来自 ports,版本 1.13.10
Certbot:security/py-certbot来自 ports,py27-certbot-0.22.2,1
Certbot-nginx:security/py-certbot-nginx来自 ports,py27-certbot-nginx-0.22.2
提前致谢。
答案1
我解决了!
在系统内搜索了一番,运行了certbot -vvvvvv大量调试输出后,我终于找到了/usr/local/lib/python2.7/site-packages/certbot_nginx/constants.py设置 nginx 配置路径的方法。我将其从 改为/etc/nginx,/usr/local/etc/nginx重新编译了 .pyc ( python -m py_compile constants.py) 和 .pyo ( python -O -m py_compile constants.py) 文件,从 /etc/nginx 中删除了符号链接,然后,瞧,它成功了!
不确定该路径是在编译/安装时设置的,还是从 Linux 系统复制的配置文件中获取的,但至少它现在在正确的位置查找配置文件。
还不确定这些变化是否会在升级过程中持续下去;时间会证明一切。
编辑:我启动了虚拟机并安装了 nginx、py-certbot-nginx 和依赖项,它确实/etc/nginx在安装时设置为 nginx 配置的基本目录。我将向 py-certbot-nginx 的端口维护者提交 PR。