It sure looks like deleting a site doesn't delete the SSL certificate. I understand we may not want to delete a private key in certain circumstances, but it seems to me that creating a site and then deleting it should remove any trace of that site from the backend.

More importantly, the IP should be available again.

Comments

anarcat’s picture

To work around this:

mysql> delete from hosting_ip_addresses where nid=10481;
mysql> select * from hosting_ssl_cert where ssl_key like 'example.com';

deleting the node from the frontend *may* do this.

you will still have to remove those manually from the backend if the frontend delete task fails:

rm -rf config/ssl.d/example.com/ config/server_master/ssl.d/example.com*

And the failed install may even have left vhosts lying around (ouch!):

ceres:~/config/ssl.d$ rm -f /var/aegir/config/server_master/apache/vhost.d/example.com
anarcat’s picture

Title: deleting a site doesn't delete its SSL certificate or IP address » deleting a site doesn't delete its SSL certificate
Priority: Major » Normal
Status: Active » Needs work

Actually, that is incorrect - this happens when a site fails to be created, and when the delete fails (for example with #1603702: allows creation of SSL site even if there are no IPs available).

If the site was installed correctly, the delete runs fine and the "receipt", the certificate and vhost are all deleted correctly. The master copy of the certificate remains in ssl.d however, and maybe that one should be destroyed once all sites attached to that certificate are destroyed. In that case, the SSL entry in the hosting_ssl_cert table should also be removed.

Steven Jones’s picture

Status: Needs work » Closed (duplicate)

I think that automatically deleting the SSL cert would be a bad move, because sometimes when you're building a site you will repeatedly destroy and recreate a site, however if we had a UI for managing certs then I think this issue would be covered, so marking this issue a duplicate of #1612608: Add interface to manage SSL certificates