Inside generate_certificates in Provision_Service_Certificate_LetsEncrypt some of the properties are accessed using d()->server but they are empty. The properties in question are letsencrypt_script_path, letsencrypt_config_path and letsencrypt_ca. This caused two problems:

  • The certificate generation fails because it tries to run /script instead of /var/aegir/config/letsencrypt/script because d()->server->letsencrypt_script_path is empty.
  • After fixing the script path, certificates were generated using the staging ca, even when set to use production because d()->server->letsencrypt_ca is empty (both in the server alias file and the UI the CA was right).

I see that everywhere else in the code those properties are accessed directly in the service instance using $this->server instead of d()->server.

Old description

I can't generate certificates with letsencrypt. I have enabled the LetsEncrypt certificate service for the webserver and everything worked OK. I then enabled encryption for a site hosted in that webserver and the verify task fails.

The certificate generation fails because it tries to run /script instead of /var/aegir/config/letsencrypt/script because d()->server->letsencrypt_script_path is empty. In other parts of the submodules/letsencrypt/drush/Provision/Service/Certificate/LetsEncrypt.php file we are using $this->server->letsencrypt_script_path, would it be OK to change that?

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

mpv created an issue. See original summary.

mpv’s picture

Here's a patch that changes from d()->server->letsencrypt_script_path to $this->server->letsencrypt_script_path.

mpv’s picture

Assigned: mpv » Unassigned
Status: Active » Needs review
mpv’s picture

Title: Wrong path for dehydrated script » Some context properties are empty when generating a letsencrypt certificate
Issue summary: View changes
FileSize
994 bytes

After fixing the script paths I found that d()->server->letsencrypt_ca was also empty so it always uses the staging ca. I've updated the issue title and description and here's a new patch. With this patch applied against 7.x-3.150 I have succesfully generated certificates.

helmo’s picture

Your patch looks ok and an improvement... but I'm not sure why it's failing for you and not for all those other installations.

mpv’s picture

Yes, that's why I was unsure about this in the first place, but I couldn't find the reason that was empty. If you have any pointers on how to test it or need more information please let me know.

I am using aegir 3.151 installed from the debian packages.

helmo’s picture

Status: Needs review » Fixed

Committed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

mpv’s picture

Hi @helmo. Despite your comment in #7 I don't see this patch committed, can you please commit it? Or do you think it needs more work?

helmo’s picture