Recently I have switched webserver from nginx to OpenResty, the latter being an NGINX "flavour" with integrated Lua scripting support. This was needed in order to provide a framework over which my demo canvas application can work.

Being basically an enhancement of the standard NGINX, switching the webserver has been a quite painless experience, a matter of moving and/or symlinking the various configuration files to the places where OpenResty expect them. The major problem has been updating the infrastructure that renews the https certificates.

I am using certbot (specifically the nginx plugin) and some custom systemd unit file to automatically renew a bunch of Let's encrypt certificates. The renew script was failing with the following error:

certbot.errors.MisconfigurationError: nginx restart failed:

After some research, I discovered certbot was failing because it was trying to stop /usr/bin/nginx, i.e. the original NGINX executable no more running on my system. But after the relevant pull request has been merged, certbot should support OpenResty, alghough a warning is saying the opposite (NGINX derivative openresty is not officially supported by certbot). At the end, you just specify the new binary location and the new server root, and everything should work as expected. Specifically, you should add --nginx-server-root and --nginx-ctl to every certbot call or append something similar to the following to your /etc/letsencrypt/cli.ini file:

# OpenResty specific settings
nginx-server-root = /usr/local/openresty/nginx/conf
nginx-ctl = /usr/local/openresty/nginx/sbin/nginx

Post your comment


No one has commented on this page yet.

RSS feed for comments on this page RSS feed for all comments