Closed (fixed)
Project:
Aegir HTTPS
Version:
7.x-3.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Reporter:
Created:
21 Mar 2018 at 21:27 UTC
Updated:
20 Dec 2018 at 15:27 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #2
bdragon commentedHere's a first stab at this. Will test it shortly to see if it works as intended.
Comment #3
bdragon commentedFix typo.
Comment #4
bdragon commentedOK, after fixing that typo, I was unable to break it again.
Comment #5
bdragon commentedForgot to convert the return value to a status check.
Comment #6
ergonlogicWe found ourselves in this situation after running a remote_import, but prior to DNS being cut-over. So the LE script was triggering a challenge against the old IP, failing, then generating vhosts pointing to non-existent certs.
We had to manually edit the vhosts to comment-out the SSL lines, so that NGINX would reload.
Comment #7
colanCode looks good to me, and applied to one of my Dev servers without any problems. Will report back if anything strange comes up.
Comment #9
helmo commentedcommitted, thanks.
Comment #11
jon pughI really wish this logic was applied to Apache at this time.
I did a lot of work on the apache side of this only just recently, caused a major regression in LetsEncrypt, despite being marked as RTBC. I wasn't even aware of this issue until just now, after debugging #3020747: Don't add SSL config to configuration files if the crt files aren't there/aren't readable. (especially redirects).
Please make sure to apply changes like this to both NGINX and Apache templates, and please don't forget Hosting SSL is still present, so it should receive these enhancements too.
Comment #12
jon pugh