[BlueOnyx:21216] Re: Let's Encrypt and Open Basedir *** fixed ***

[Martin Potestas]

Hi Michael,

That's awesome!

Thank you for a quick fix for it. I will be looking forward to no longer 
having to "save" the site efter next Let's Encrypt.
Have a great day, and a great summer.

--
Best regards,
Martin Potestas

On 26-07-2017 04:56, Michael Stauber wrote:
> Hi Martin,
>
>> Whenever my Virtual Site is updated with a new Let's Encrypt
>> certificate, my PHP Open Basedir (Vsite) settings seems to be forgotten.
> I just identified the cause for this and published a fixed base-apache
> and base-vsite for 5207R, 5208R and 5209R.
>
> It was indeed the case that the extended PHP settings did vanish from
> the VirtualHost container(s) whenever the Let's Encrypt cronjob
> performed an automated renewal of an LE SSL certificate for a Vsite.
>
> Additionally this caused two failed httpd restarts at the end of this
> process, as the field "ServerAdmin" was left blank in the VirtualHost
> container until a cleanup run at the final stage of the VirtualHost
> container edit added that missing bit in.
>
> I'm currently working on a related task that deals with Web Server
> Aliases being omitted from the VirtualHost container, even though they
> are defined in the GUI and are shown there (but are in fact missing from
> the Apache VirtualHost container of that Vsite).
>
> This has been a persistent problem during the last couple of years and
> this was fixed repeatedly, making it a much rarer problem now than it
> once used to be.
>
> However: There seems to be a certain fringe case where these Web Aliases
> still go walking, but none of the usage cases that I can suck out of my
> fingers seem to trigger it. To get to the bottom of this once and for
> all I've written a test-suite that (during each Sausalito-initiated
> Apache restart) checks if the aliases (and also the extended PHP
> settings) are still there. If they go missing, then this mechanism
> sounds the fogorn via Email. That should help to identify the cause so
> that it can be addressed. However, as this problem seems to happen only
> every couple of weeks or months, it may take some time until the laid
> out mouse-trap snaps shut on that one.
>