[BlueOnyx:21215] Re: Let's Encrypt and Open Basedir *** fixed ***

[Michael Stauber]

Hi Martin,

> Whenever my Virtual Site is updated with a new Let's Encrypt
> certificate, my PHP Open Basedir (Vsite) settings seems to be forgotten.

I just identified the cause for this and published a fixed base-apache
and base-vsite for 5207R, 5208R and 5209R.

It was indeed the case that the extended PHP settings did vanish from
the VirtualHost container(s) whenever the Let's Encrypt cronjob
performed an automated renewal of an LE SSL certificate for a Vsite.

Additionally this caused two failed httpd restarts at the end of this
process, as the field "ServerAdmin" was left blank in the VirtualHost
container until a cleanup run at the final stage of the VirtualHost
container edit added that missing bit in.

I'm currently working on a related task that deals with Web Server
Aliases being omitted from the VirtualHost container, even though they
are defined in the GUI and are shown there (but are in fact missing from
the Apache VirtualHost container of that Vsite).

This has been a persistent problem during the last couple of years and
this was fixed repeatedly, making it a much rarer problem now than it
once used to be.

However: There seems to be a certain fringe case where these Web Aliases
still go walking, but none of the usage cases that I can suck out of my
fingers seem to trigger it. To get to the bottom of this once and for
all I've written a test-suite that (during each Sausalito-initiated
Apache restart) checks if the aliases (and also the extended PHP
settings) are still there. If they go missing, then this mechanism
sounds the fogorn via Email. That should help to identify the cause so
that it can be addressed. However, as this problem seems to happen only
every couple of weeks or months, it may take some time until the laid
out mouse-trap snaps shut on that one.

-- 
With best regards

Michael Stauber