When a certificate generation fails, the verify task fails but the task still writes the certificate path to the virtualhost file.

This breaks apache, as the virtualhost config is broken, so apache can't reload or start.

We should:

  1. Only throw a warning if certificate generation fails. The site will still work in this situation, so a warning is more appropriate.
  2. Don't write the certificate file info to virtualhost configs if there isn't one. See #3020747: Don't add SSL config to configuration files if the crt files aren't there/aren't readable. (especially redirects)
CommentFileSizeAuthor
#11 3014468-graceful-fail.patch987 bytesJon Pugh
#5 3014468-graceful-fail.patch2.54 KBJon Pugh
#3 3014468-graceful-fail.patch1.72 KBJon Pugh
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Jon Pugh created an issue. See original summary.

  • Jon Pugh committed c99f857 on 3014468-graceful-fail 
    Issue #3014468: Gracefully handle LetsEncrypt certificate generation...
Jon Pugh’s picture

Jon Pugh
he/him
Primary language English
Location New Windsor NY
CreditAttribution: Jon Pugh at DevShop Support commented
Status: Active » Needs review
Issue tags: +NEDCamp2018
FileSize
3014468-graceful-fail.patch1.72 KB

  • Jon Pugh committed 4e8dd3c on 3014468-graceful-fail 
    Issue #3014468: Gracefully handle LetsEncrypt certificate generation...
Jon Pugh’s picture

Jon Pugh
he/him
Primary language English
Location New Windsor NY
CreditAttribution: Jon Pugh at DevShop Support commented
FileSize
3014468-graceful-fail.patch2.54 KB
colan’s picture

colan
he/him
Primary language English
Location Toronto 🇨🇦
CreditAttribution: colan at Consensus Enterprises, Colan Schwartz Consulting commented
Status: Needs review » Needs work

Typo?

hosting_https_fail_task_if_certificate_failes

Should be "fails"?

helmo’s picture

helmo CreditAttribution: helmo as a volunteer commented

I think this is a duplicate of #3020747: Don't add SSL config to configuration files if the crt files aren't there/aren't readable. (especially redirects)

Jon Pugh’s picture

Jon Pugh
he/him
Primary language English
Location New Windsor NY
CreditAttribution: Jon Pugh at DevShop Support commented
Assigned: Unassigned » Jon Pugh
Issue summary: View changes

  • Jon Pugh committed 68291e5 on 3014468-graceful-fail 
    Revert part of issue #3014468.

  • Jon Pugh committed 84afff9 on 3014468-graceful-fail 
    Revert "Issue #3014468: Gracefully handle LetsEncrypt certificate...
Jon Pugh’s picture

Jon Pugh
he/him
Primary language English
Location New Windsor NY
CreditAttribution: Jon Pugh at DevShop Support commented
Title: Gracefully handle LetsEncrypt certificate generation failures by settiing warnings and not modifying vhost config. » Gracefully handle LetsEncrypt certificate generation failures by throwing warnings instead of failing
Status: Needs work » Needs review
FileSize
3014468-graceful-fail.patch987 bytes
Jon Pugh’s picture

Jon Pugh
he/him
Primary language English
Location New Windsor NY
CreditAttribution: Jon Pugh at DevShop Support commented

Not quite a duplicate, but did have overlapping results. I removed the changes related to turning off HTTPS/SSL, since that is now handled in #3020747: Don't add SSL config to configuration files if the crt files aren't there/aren't readable. (especially redirects)

The warning option for LE certs is still a good idea, I think.

Jon Pugh’s picture

Jon Pugh
he/him
Primary language English
Location New Windsor NY
CreditAttribution: Jon Pugh at DevShop Support commented

Typos fixed. Ready for review.

  • Jon Pugh committed 4e8dd3c on 7.x-3.x 
    Issue #3014468: Gracefully handle LetsEncrypt certificate generation...
  • Jon Pugh committed 68291e5 on 7.x-3.x
    Revert part of issue #3014468.
  • Jon Pugh committed 84afff9 on 7.x-3.x
    Revert "Issue #3014468: Gracefully handle LetsEncrypt certificate...
  • Jon Pugh committed c99f857 on 7.x-3.x
    Issue #3014468: Gracefully handle LetsEncrypt certificate generation...

  • Jon Pugh committed f38bd32 on 7.x-3.x 
    Issue #3014468: Respect option for throwing error or warning.
Jon Pugh’s picture

Jon Pugh
he/him
Primary language English
Location New Windsor NY
CreditAttribution: Jon Pugh at DevShop Support commented
Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.