IRC logs for #aegir, 2018-12-20 (GMT)

2018-12-19
2018-12-21
TimeNickMessage
[17:39:16]* hefring has joined #aegir
[19:30:42]* Shwele has joined #aegir
[19:32:35]* anarcat has quit (Read error: Connection reset by peer)
[19:32:54]* anarcat has joined #aegir
[23:47:17]* Shwele has quit (Read error: Connection reset by peer)
[23:52:37]* Shwele has joined #aegir
[00:01:50]<bgm>hmm, I'm still debugging, but since the update from yesterday, anyone else having issues running 'verify' on a site with hosting_https ?
[00:08:52]<bgm>while debugging, it seems like $this->https_enabled is not set, when it gets to the vhost tpl.php (on nginx)
[00:09:24]<bgm>the LE cert gets generated, but it does not get copied over to config/server_master/ssl.d/
[00:25:31]<Shwele>same with apache https://pastebin.com/mT0x206i
[00:25:49]<Shwele>just tested it out since I did upgrade on one aegir instance we have in dev for now
[00:34:26]* shaneonabike1 has joined #aegir
[00:41:04]<bgm>Shwele: hmm, that might be different, because LE is responding "too many failed authorizations recently"
[00:42:03]<Shwele>bgm: huh, shouldn't be the issue. Unless... DNS. Let me do a quick check
[00:42:46]<jonpugh>Shwele bgm there is new logic
[00:42:58]<jonpugh>If the certs cannot be generated, https_enabled gets set to FALSE.
[00:43:09]<jonpugh>otherwise apache points to a file that does not exist and will not start or reload
[00:43:50]<jonpugh>But this sounds strange: the LE cert gets generated, but it does not get copied over to config/server_master/ssl.d/
[00:43:54]<jonpugh>Can you report this as an issue?
[00:44:12]<jonpugh>hmmm let me check
[00:44:48]<jonpugh>crap, perhaps the logic is not in a good place.
[00:44:56]<bgm>ok, yeah, that seems to be the bug
[00:45:03]<bgm>if I comment it out, it fixes the issue for me
[00:45:06]<bgm>I'll open an issue
[00:45:25]<jonpugh>thank you
[00:46:15]<jonpugh>wait bgm
[00:46:21]<jonpugh>Let's reopen the issue that created the bug
[00:46:27]<bgm>https://www.drupal.org/comment/reply/3014468 &?
[00:46:44]<bgm>https://www.drupal.org/project/hosting_https/issues/3014468 - rather
[00:46:46]<hefring>https://www.drupal.org/project/hosting_https/issues/3014468 => Gracefully handle LetsEncrypt certificate generation failures by throwing warnings instead of failing [#3014468] => 14 comments, 3 IRC mentions
[00:47:00]<jonpugh>https://www.drupal.org/project/hosting_https/issues/3020747
[00:47:01]<hefring>https://www.drupal.org/project/hosting_https/issues/3020747 => Don't add SSL config to configuration files if the crt files aren't there/aren't readable. (especially redirects) [#3020747] => 7 comments, 1 IRC mention
[00:47:16]<jonpugh>that one just changes error to warning
[00:47:19]<bgm>oh ok
[00:47:25]<jonpugh>302 changed https_enabled
[00:48:36]<jonpugh>yeah, please reopen https://www.drupal.org/project/hosting_https/issues/3014468 with a description of what happened
[00:48:36]<hefring>https://www.drupal.org/project/hosting_https/issues/3014468 => Gracefully handle LetsEncrypt certificate generation failures by throwing warnings instead of failing [#3014468] => 14 comments, 4 IRC mentions
[00:52:45]<bgm>I'm not too sure what's happening when I run verify, but it helps to reproduce the bug if I delete the ssl key in server_master/ssl.d/
[00:53:34]<bgm>I think it's because the chmod/chown happen afterwards.
[01:09:01]<jonpugh>bgm: can you paste that info into a comment?
[01:09:16]<jonpugh>and the instructions for a hotfix:
[01:09:17]<jonpugh>> if I comment it out, it fixes the issue for me
[01:09:29]<jonpugh>in case there are any angry aegir users out there :|
[01:10:45]<bgm>sure
[01:11:26]<Shwele>ARRRGGGGHH... jk, seems like my issue is different in the end, or perhaps caused by that issue with my rough tests
[03:00:06]* Shwele has quit (Quit: Leaving)
[03:18:33]<jonpugh>colan[m]: helmo42[m] ergonlogic[m] bgm can I get an RTBC? We're going to have to do another release: https://www.drupal.org/project/hosting_https/issues/3020747#comment-1290...
[03:18:34]<hefring>https://www.drupal.org/project/hosting_https/issues/3020747 => Don't add SSL config to configuration files if the crt files aren't there/aren't readable. (especially redirects) [#3020747] => 14 comments, 2 IRC mentions
[03:25:10]* Yaazkal has joined #aegir
[03:28:28]<colan[m]>jonpugh: well, i haven't tested it, but the code looks like it makes sense.
[03:28:43]<colan[m]>and yes, you're right, we should keep nginx & apache in the same issue. sorry about that.
[03:29:06]<colan[m]>we did a better job of that on gitlab; let's do it on d.o as well.
[03:29:34]<colan[m]>anyway, thanks for fixing.
[03:29:44]<jonpugh>colan[m]: Please test, we didn't fully test this issue the first time
[03:29:57]<jonpugh>FWIW You were the one that marked it RTBC :P
[03:30:50]<colan[m]>jonpugh: i don't run apache anywhere, sorry. (and sorry for RTBCing it in the first place!)
[03:31:38]<jonpugh>ohhh
[03:31:40]<jonpugh>:D
[03:31:49]<colan[m]>I should have RBCed, not RTBCed it. That was really just a code review. oops.
[03:31:52]<jonpugh>riiiight
[03:32:19]<colan[m]>i figured CI would catch it, but we clearly don't have tests for this stuff.
[03:32:34]<jonpugh>that's ok, that's why we use this method, so everyone is to blame so no one is.
[03:32:55]<jonpugh>yeah, especially hard to test for LetsEncrypt stuff
[03:33:27]<colan[m]>yeah, web services testing stuff is tricky. haven't played around with that yet.
[03:36:45]<colan[m]>for d8, you can do stuff like https://www.webomelette.com/simple-guzzle-api-mocking-functional-testing...
[04:15:56]<bgm>jonpugh: thanks for the quick fix! :)
[04:16:17]<jonpugh>no problem, it was my fault
[04:16:18]<jonpugh>:D
[04:16:22]<jonpugh>is helmo42[m] online today?
[04:16:27]<jonpugh>Someone should put out a new release
[04:41:06]<helmo42[m]>not now but I'll be online later this evening
[06:24:33]<helmo42[m]>jonpugh: is it failing every renewal?
[06:40:49]<jonpugh>no, i think it's only for new sites?
[06:41:10]<jonpugh>bgm: is that right? If the cert file is already there https_enabled will be set to TRUE
[06:41:38]<jonpugh>the problem was the code I changed runs before the write() actually happens, so the file never exists, the code disabled https_enabled
[06:41:50]<jonpugh>helmo42[m]: -^
[06:42:16]<jonpugh>so existing sites were fine because the file was already there
[06:42:45]<bgm>right, I think it only affects new sites
[06:43:14]<jonpugh>or if you deleted the crt files
[06:44:43]<helmo42[m]>Would this be correct to add to the release notes? `[#3020747](https://www.drupal.org/node/3020747) broke the creation of new sites with a LetsEncrypt SSL cert, see the issue for a quick patch.`
[06:44:45]<hefring>https://www.drupal.org/node/3020747 => Don't add SSL config to configuration files if the crt files aren't there/aren't readable. (especially redirects) [#3020747] => 19 comments, 1 IRC mention
[06:53:44]* shaneonabike1 has left #aegir ()
[06:56:00]<jonpugh>helmo42[m]: Let's be more positive... and it affected any HTTPS or SSL site, not just LetsEncrypt I believe
[06:56:55]<helmo42[m]>jonpugh: Could You add the proper line?
[06:56:57]<jonpugh>Fixed bug preventing new sites from enabling HTTPS/SSL
[06:57:02]<jonpugh>yes
[06:58:15]<jonpugh>Wait, where?
[06:58:18]<jonpugh>::
[06:58:29]<helmo42[m]>docs/release-notes/3.17.md
[07:00:39]<jonpugh>helmo42[m]: 3.17.1 should get it's own file, yeah?
[07:01:10]<helmo42[m]>no, we've kept it in one file
[07:01:22]<jonpugh>gotcha
[07:08:33]<jonpugh>Ok helmo42[m] release notes for 3.17.1 added
[07:17:46]<helmo42[m]>Not sure when I'll be able to do that release though... my friday is already packed with things that need doing before the holiday weeks (
[07:56:11]<viashimo>did the hosting_https letsencrypt issue affect sites that are migrated from one platform to another?
[08:06:24]<jonpugh>probably not
[08:06:45]<jonpugh>If the site already had crt files in /var/aegir/config/server_master/ss.d/domain.com
[08:06:48]<jonpugh>then it should have been fine
[08:06:51]<viashimo>k
[08:06:53]<viashimo>thx!
[08:33:42]* Yaazkal has quit (Quit: Connection closed for inactivity)