Commit e55ab48f authored by memtkmcc's avatar memtkmcc Committed by memtkmcc

Issue #2847422 by memtkmcc: Perfectly good certificate/key is deleted without good reason

parent 028721c4
......@@ -60,6 +60,14 @@ class Provision_Config_Http_Ssl_Site extends Provision_Config_Http_Site {
if ($this->ssl_enabled) {
// XXX: to be tested, not sure the data structure is sound
// ACHTUNG! This deletes even perfectly good certificate and key.
// There is no check in place to determine if the cert is "stale".
// Not sure what the idea was behind this cleanup, but it looks like
// an unfinished work, aggressively deleting existing cert/key pair,
// even if there is absolutely no reason to do so -- like when the site
// is simply migrated to another platform, while its name doesn't change.
Provision_Service_http_ssl::free_certificate_site($this->ssl_key, $this);
......@@ -192,6 +192,11 @@ class Provision_Service_http_ssl extends Provision_Service_http_public {
static function free_certificate_site($ssl_key, $site) {
if (empty($ssl_key)) return FALSE;
$ssl_dir = $site->platform->server->http_ssld_path . "/" . $ssl_key . "/";
// Respect hosting_le configuration, if detected -- start
$le_ctrl = d('@server_master')->aegir_root . "/tools/le/.ctrl";
$immutable = $le_ctrl . "/dont-overwrite-" . $site->uri . ".pid";
if (is_link($ssl_dir) || is_file($immutable)) return FALSE;
// Respect hosting_le configuration, if detected -- fin
// Remove the file system reciept we left for this file
if (provision_file()->unlink($ssl_dir . $site->uri . ".receipt")->
succeed(dt("Deleted SSL Certificate association receipt for %site on %server", array(
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment