[BlueOnyx:27334] Re: Lets Encrypt - Virtual Site and/or the Web Owner of the Virtual Site are close to or over their allowed disk quota limits

f.kaegi at fairtalk.com f.kaegi at fairtalk.com
Wed Nov 13 04:41:24 -05 2024 

Thanks, dear Michael

I did the yum clean all and yum update.

Next I did an autorenew /usr/sausalito/sbin/letsencrypt_autorenew.pl --force
and one of the Vsites renewed perfectly (has no users)
two others (with admin users) generated the error: 
Renewing SSL certificate for 'www......' (expiration date:
2024-12-10T11:44:59)
WARNING: SSL certificate for 'www......' still has bad expiration date:
2024-12-10T11:44:59

Next, I tried to renew these two Vsites in the GUI and got the error:
The Virtual Site and/or the Web Owner of the Virtual Site are close to or
over their allowed disk quota limits. For that reason the SSL certificate of
this Virtual Site could not be created or renewed. Please make sure that
this Virtual Site and its Web Owner have sufficient free disk space
available for this transaction.

Both the Vsite and the admin user have plenty of disk quota.

What could cause the issue for these Vsites?

With my very best wishes
Felix

-----Original Message-----
From: Michael Stauber <mstauber at blueonyx.it> 
Sent: Tuesday, 12 November 2024 19:52
To: f.kaegi at fairtalk.com
Subject: Re: [BlueOnyx:27327] Re: Lets Encrypt - Virtual Site and/or the Web
Owner of the Virtual Site are close to or over their allowed disk quota
limits

Hi Felix,

> For many of our sites we do not have users. The sites simply redirect 
> to another URL. In the past this was not an issue with LetsEncrypt.
> We didn't set user "admin" as "SiteAdmin that owns /web".


Yeah, I recently published an updated base-ssl to fix the quota-checks. 
We need to make sure that both the Vsite and the "SiteAdmin that owns /web"
have enough free disk space to store the new or changed SSL certificate
information.

Otherwise these files might get written with 0-bytes and that will cause
Apache to fail to restart.

We did have checks built in already and the ones for the Vsite quota worked.
But the check for the quota for "SiteAdmin that owns /web" was faulty and
depended on deprecated methods.

However: When I fixed that I overlooked that we indeed MAY have Vsites where
"SiteAdmin that owns /web" is set to "nobody" or "apache" - which don't have
disk quota to begin with.

That caused the error you've seen in your case.

I just published updated base-ssl RPMs for 5210R/5211R which fix this. 
To get these RPMs installed right away, you can run this as "root" from the
shell:

yum clean all
yum update

Many thanks for bringing this to my attention.

--
With best regards

Michael Stauber

More information about the Blueonyx mailing list