Inside generate_certificates
in Provision_Service_Certificate_LetsEncrypt
some of the properties are accessed using d()->server
but they are empty. The properties in question are letsencrypt_script_path
, letsencrypt_config_path
and letsencrypt_ca
. This caused two problems:
- The certificate generation fails because it tries to run
/script
instead of/var/aegir/config/letsencrypt/script
becaused()->server->letsencrypt_script_path
is empty. - After fixing the script path, certificates were generated using the staging ca, even when set to use production because
d()->server->letsencrypt_ca
is empty (both in the server alias file and the UI the CA was right).
I see that everywhere else in the code those properties are accessed directly in the service instance using $this->server
instead of d()->server
.
Old description
I can't generate certificates with letsencrypt. I have enabled the LetsEncrypt
certificate service for the webserver and everything worked OK. I then enabled encryption for a site hosted in that webserver and the verify task fails.
The certificate generation fails because it tries to run /script
instead of /var/aegir/config/letsencrypt/script
because d()->server->letsencrypt_script_path
is empty. In other parts of the submodules/letsencrypt/drush/Provision/Service/Certificate/LetsEncrypt.php
file we are using $this->server->letsencrypt_script_path
, would it be OK to change that?
Comment | File | Size | Author |
---|---|---|---|
#4 | wrong_letsencrypt_context_properties-2988639-4.patch | 994 bytes | mpv |
Comments
Comment #2
mpv CreditAttribution: mpv at gcoop Cooperativa de Software Libre commentedHere's a patch that changes from
d()->server->letsencrypt_script_path
to$this->server->letsencrypt_script_path
.Comment #3
mpv CreditAttribution: mpv at gcoop Cooperativa de Software Libre commentedComment #4
mpv CreditAttribution: mpv at gcoop Cooperativa de Software Libre commentedAfter fixing the script paths I found that
d()->server->letsencrypt_ca
was also empty so it always uses the staging ca. I've updated the issue title and description and here's a new patch. With this patch applied against 7.x-3.150 I have succesfully generated certificates.Comment #5
helmo CreditAttribution: helmo as a volunteer and at Initfour websolutions for Aegir Cooperative commentedYour patch looks ok and an improvement... but I'm not sure why it's failing for you and not for all those other installations.
Comment #6
mpv CreditAttribution: mpv at gcoop Cooperativa de Software Libre commentedYes, that's why I was unsure about this in the first place, but I couldn't find the reason that was empty. If you have any pointers on how to test it or need more information please let me know.
I am using aegir 3.151 installed from the debian packages.
Comment #7
helmo CreditAttribution: helmo as a volunteer and at Initfour websolutions for Aegir Cooperative commentedCommitted
Comment #9
mpv CreditAttribution: mpv at gcoop Cooperativa de Software Libre commentedHi @helmo. Despite your comment in #7 I don't see this patch committed, can you please commit it? Or do you think it needs more work?
Comment #10
helmo CreditAttribution: helmo as a volunteer and at Initfour websolutions for Aegir Cooperative commentedSorry, somehow I failed to push ... now it is: https://cgit.drupalcode.org/hosting_https/commit/?id=4eecca44134599fdf04...