When ssl-enabled site gets disabled back to plain http only, its SSL receipt file should be removed also from /var/aegir/config/server_master/ssl.d directory and not only from /var/aegir/config/server_master/ssl.d/domain.com directory, or it will be impossible to enable SSL on another domain on the same IP.

Comments

omega8cc’s picture

omega8cc CreditAttribution: omega8cc commented

It still doesn't work.

Steps to reproduce:

1. Enable SSL on any site and choose "Generate a new encryption key".
2. After the site is verified and SSL works, disable SSL for this site.
3. Edit another site and choose existing key created for the first site - it will work.
4. Edit that second site again, but choose "Generate a new encryption key" - it fails on site verify.
5. Now manually remove the receipt file - rm -f /var/aegir/config/server_master/ssl.d/*.receipt
6. Edit the site again and choose its created already key - it verifies OK and https works.

adrian’s picture

adrian CreditAttribution: adrian commented
Status: Active » Needs review

ok. i found the issue, i think.

we don't have an ssl key property when we have disabled the ssl.

and it's trying to use $this->ssl_key to find the right file to delete.
I actually did account for it, but didn't change some of the $this->ssl_key references to the more
flexible $ssl_key value.

needs to be tested, is in master now.

omega8cc’s picture

omega8cc CreditAttribution: omega8cc commented
Status: Needs review » Fixed

Tested and works now - fixed in head. Thanks!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

  • Commit e883a3f on debian, dev-dns, dev-koumbit, dev-log_directory, dev-migrate_aliases, dev-multiserver-install, dev-simplerinstaller, prod-koumbit, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-subdir-multiserver, 6.x-2.x-backports, dev-helmo-3.x by adrian: 
    Leftover receipt with ssl being disabled on a site. #859120