Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Sometimes, if something is wrong with the SSL configuration, apache can break because the configuration is pointing to a file that doesn't exist.
This will happen if you try to enable letsencrypt locally, for example. Provision will still write the config even if the task fails, and apache will not start because the files don't exist.
In platforms.tpl.php, we check if .htaccess is readable before writing it to the template. I think we should do the same thing with the certs.
Comment | File | Size | Author |
---|---|---|---|
#16 | 3020747-https-check-cert-readable-provision.patch | 4.33 KB | Jon Pugh |
#14 | 3020747-https-check-cert-readable-https.patch | 1.98 KB | Jon Pugh |
Comments
Comment #3
Jon PughComment #4
Jon PughComment #5
colanComment #7
helmo CreditAttribution: helmo as a volunteer commentedMerged
Comment #8
bgm CreditAttribution: bgm commentedThis caused a regression for me. The tpl $this->https_enabled was set to false, but the LE cert had been correctly generated.
Comment #9
Jon PughMy fault.
I'll be able to get this fixed in the next hour.
Comment #10
bgm CreditAttribution: bgm commentedFor those looking for a quickfix, edit:
/var/aegir/hostmaster-7.x-3.170/profiles/hostmaster/modules/aegir/hosting_https/drush/Provision/Service/http/https.php
find and comment out this code starting at line 74:
Comment #11
Jon PughOk. The file doesn't even exist at this point.
I think I have an alternative. Stand by.
Comment #12
Jon PughFrustrated to discover #2955062: Do not let nginx configuration reference missing cert files. This was dealt with in NGINIX back in March.
Please lets make sure to apply changes like this to all of the hosting plugins? This whole thing would have been avoided.
Comment #14
Jon PughComment #15
bgm CreditAttribution: bgm commentedI tested creating a site, then enabled https = required, and it worked as expected.
However, I don't have Apache servers for testing the behaviour when the LE cert failed.
Comment #16
Jon PughPatch for Provision SSL attached.
I fully tested this one.
Comment #17
Jon Pughbgm: I do and it worked, so I'm marking it RTBC.
Comment #19
Jon PughMerged