There is this cleanup procedure (now with my comments added):
/**
* Remove a stale certificate file from the server.
*/
function unlink() {
parent::unlink();
if ($this->ssl_enabled) {
// XXX: to be tested, not sure the data structure is sound
//
// ACHTUNG! This deletes even perfectly good certificate and key.
// There is no check in place to determine if the cert is "stale".
// Not sure what the idea was behind this cleanup, but it looks like
// an unfinished work, aggressively deleting existing cert/key pair,
// even if there is absolutely no reason to do so -- like when the site
// is simply migrated to another platform, while its name didn't change.
//
Provision_Service_http_ssl::free_certificate_site($this->ssl_key, $this);
}
}
The only good reason to delete existing certificate is, I think, when you rename the site, so its certificate needs to be recreated from scratch.
But this procedure doesn't care, it always deletes existing certificate when you migrate the site.
I'm not sure about other implications, but at least we have to avoid this when using hosting_le in the immutable mode, which is used when you replace LE certs with your own. Also, it shouldn't touch anything if it detects hosting_le specific, symlinked directory structure.
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | 0001-Do-not-delete-cert-key-if-hosting_le-is-detected.patch | 2.35 KB | memtkmcc |
Comments
Comment #2
memtkmcc commentedAttached patch should fix the problem for hosting_le.
Comment #4
helmo commentedgood catch :)