Bug #12668

symbiosis-ssl can generate SSL config for sites that have no certificate

Added by dedwards dedwards over 3 years ago. Updated over 3 years ago.

Status:FeedbackStart date:2016-03-11
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:jessie

Description

symbiosis-ssl can generate SSL config for sites that have no certificate returned by Lets Encrypt. This can lead to invalid configuration, and Apache being unable to re-start.

This has been observed both in terms of missing certs that were never returned successfully from Lets Encrypt, or where symbiosis-ssl didn't have permission to write the certificate, but still wrote the SSL config.

History

#1 Updated by Patrick Cherry over 3 years ago

  • Status changed from New to Feedback
  • Target version set to jessie

Not sure how this can happen. I'll need more info to investigate further.

At the time LetsEncrypt issues the cert, it is parsed as an X509 certificate. If LetsEncrypt returns a zero-length or otherwise corrupt cert, then this stage will fail.

When reading the certificates from disc, symbiosis-ssl assesses each one for validity, and if the file is empty at this point it should be ignored as an invalid set.

Also available in: Atom PDF