These Provision commits for hosting_le make it impossible to override the behavior for other Let's Encrypt solutions:

This limits what we can do in the long run, which should only be implemented in a contrib module.

I may have missed some commits, the point is we can't hardcode a path like this.

Comments

gboudrias created an issue. See original summary.

bgm’s picture

For Nginx:

(or just remove the well-known block in provision/http/Provision/Config/Nginx/Inc/vhost_include.tpl.php)

omega8cc’s picture

It had to be hardcoded because we don't have proper frontend integration in hosting_le, so it was not possible to make the path configurable.

This can be solved via proper implementation, like hosting_certificate

Once it is configurable (either in hosting_certificate and/or in hosting_le), we can safely replace the hardcoded paths with something like d('@server_master')->http_le_path, etc.

It is not set in stone, after all, and it was a quick shot to make the first integration option working.

ergonlogic’s picture

The path to the 'well-known' directory doesn't have to be configurable from the front-end, nor generally should it be. But it shouldn't be hard-coded into the vhost templates either. hosting_le should just implement drush_hook_provision_nginx_vhost_config() and drush_hook_provision_apache_vhost_config() to write these configs into the vhosts.

ergonlogic’s picture

Another issue with this implementation is that the directory containing the challenges won't get sync'd to remote servers, thus limiting use of Letsencrypt to single-server deployments.

omega8cc’s picture

Status: Active » Fixed

Good points! Removed. We can add this with hooks.

omega8cc’s picture

Project: Hostmaster (Aegir) » Provision
Component: Code » HTTP Service

Moving to the correct queue.

omega8cc’s picture

Related commit.

omega8cc’s picture

We have implemented this in hosting_le, as suggested.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.