Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

If an SSL cert is automatically disabled, Symbiosis won't use automatically it again if it becomes valid #111

Open
pcammish opened this issue Nov 29, 2017 · 1 comment
Open

If an SSL cert is automatically disabled, Symbiosis won't use automatically it again if it becomes valid #111

pcammish opened this issue Nov 29, 2017 · 1 comment

Comments

@pcammish
Copy link

For example, if I have a site (https://under100words.com) and manually disable Let's Encrypt by placing false in /srv/under100words.com/config/ssl-provider and moving the config/ssl directory out of the way, symbiosis-httpd-configure will disable the specific SSL cert for the site, swapping it to self-signed.

This is fine, and to be expected, however it does this by removing the relevant symlink from /etc/apache2/sites-enabled, which has the effect of flagging the site as "manually disabled", dropping it back to mass hosting, if configured.

Restoring the SSL configuration (removing ssl-provider and restoring config/ssl) then re-running symbiosis-httpd-configure --verbose you get:

# symbiosis-httpd-configure --verbose
[ . . . ]
Domain: under100words.com
        Current SSL set 1: signed by /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3, expires 2018-02-20 13:36:22 UTC
        This site has SSL enabled, and is using the host's primary IPs -- continuing with SNI.
        SSL is enabled -- using SSL template
        Adding to configurations
[ . . . ]
Configuration: under100words.com.conf
        Configuration is up-to date.
        !! Configuration has been manually disabled.

So, it's still thinking that the site was manually disabled, so even if it managed to create the individual config as there are valid SSL certs, it's not being symlinked.

A manual workaround is to run symbiosis-httpd-configure for the specific site:

# symbiosis-httpd-configure --verbose under100words.com
Domain: under100words.com
        Current SSL set 1: signed by /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3, expires 2018-02-20 13:36:22 UTC
        This site has SSL enabled, and is using the host's primary IPs -- continuing with SNI.
        SSL is enabled -- using SSL template
        Adding to configurations
Configuration: under100words.com.conf
        Configuration is up-to date.
        Enabling configuration.
Reloading Apache

This instead enables the config anyway, and things work normally again.
@pcammish pcammish changed the title If an SSL cert is automatically disabled, Symbiosis won't enable use it again if it's valid. If an SSL cert is automatically disabled, Symbiosis won't use automatically it again if it becomes valid Nov 29, 2017
@Insti
Copy link

Insti commented Feb 6, 2018
edited
Loading

I had a similar issue when trying to transition from a "trusted authority" certificate to a letsencrypt certificate.
Running # symbiosis-httpd-configure --verbose my.site.name seemed to fix it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Insti @pcammish