[BlueOnyx:22656] 5209R: base-ssl, base-apache, base-vsite: PHP-FPM related updates released

Michael Stauber mstauber at blueonyx.it
Wed Jan 30 00:58:29 -05 2019 

Hi all,

I just rolled out ~40 YUM updates to the 5209R YUM repository. These
address the following issues:


1.) /web/.well-known/ directories:
===================================

These are now properly removed during Let's Encrypt cert requests/renewals.


2.) PHP-FPM issues:
====================

A failed LE cert request or renewal would remove the
/etc/php-fpm.*.d/siteX pool file that enables PHP-FPM for the given Vsite.

The problem is that on error of a handler CCEd does a rollback of all
changes that it has done so far. Unfortunately: The Apache handler
virtual_host.pl had already deleted the config file in order to write a
new one. The writing of the new file was rolled back, but the deletion
couldn't be undone.

In order to fix that a pretty complicated change had to be made to error
handling. The net result is worth it, though (see next point).


3.) Let's Encrypt GUI error messages:
======================================

The GUI for LE cert requests will now give a very detailed error message
of all the relevant responses that the ACME client ran into during the
failed attempt to create an Let's Encrypt certificate. The error
messages could still be a bit more verbose (I already cleaned out a lot
of junk), but they are now easier to read and don't cut of the more
relevant information towards the end of the display.


4.) Active Monitor component for PHP-FPM:
==========================================

If a certain PHP-FPM daemon is activated (because at least one Vsite
uses it), the an Active Monitor component that monitors this particular
PHP-FPM daemon is activated as well. If no Vsites at all use a certain
PHP-FPM daemon anymore, then this particular daemon is stopped, disabled
and the monitoring of it would be stopped.

This mostly worked, but sometimes Active Monitor lost track of things
and stopped monitoring one or more PHP-FPM daemons that needed to be
running. That has now been fixed.


5.) General improvements:
==========================

The amount of CCEd SET-transactions, PHP-FPM-, Apache- and
Nginx-restarts during and after Let's Encrypt cert requests/renewals has
been reduced to the bare minimum, making the process more efficient and
a bit faster.


5207R/5208R:
=============

The relevant parts of these improvements will be ported to 5207R/5208R
as well and should become available within the next 24-48 hours.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list