When a site with SSL enabled (or required) is deleted, we have a check to delete the certificate, if that was the last site to use a given cert, in hosting_ssl_clean_keys(). This appears to fail.

CommentFileSizeAuthor
#5 hosting-ssl_cert_not_being_removed-2621576-5.patch1.36 KBcaptainack

Comments

ergonlogic created an issue. See original summary.

gboudrias’s picture

gboudrias commented
Related issues: +#2606700: Shared SSL cert deleted from {hosting_ssl_cert}

Likely related to #2606700: Shared SSL cert deleted from {hosting_ssl_cert}, since the patch directly ties into the logic of it.

ergonlogic’s picture

ergonlogic
he/him
Primary language English
Location Montréal, Québec 🇨🇦
commented

There's a check in hosting_ssl_clean_keys() that ignores deleted sites, which might be part of the issue... When a certificate was used on a site that has since been deleted, it appears to block the removal of the certificate from an active site. This, in turn, blocks the removal of IP addresses from the associated server.

ergonlogic’s picture

ergonlogic
he/him
Primary language English
Location Montréal, Québec 🇨🇦
commented

Yes, #2606700: Shared SSL cert deleted from {hosting_ssl_cert} is definitely related.

captainack’s picture

captainack commented
StatusFileSize
new hosting-ssl_cert_not_being_removed-2621576-5.patch1.36 KB
captainack’s picture

captainack commented
Status: Active » Needs review

  • helmo committed 55e1931 on 7.x-3.x authored by captainack 
    Issue #2621576 by captainack: Unused SSL certificates not being removed
  • helmo committed f314778 on 7.x-3.x authored by captainack
    Issue #2621576 by captainack: Code cleanup
helmo’s picture

helmo commented
Status: Needs review » Fixed
Issue tags: +Aegir 3.3

I separated the code clean up from the functional change, and did 2 separate commits.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.