Skip to content

fix(ssl): skip le renewal on alias-domain change for non-le sites#488

Open
mrrobot47 wants to merge 1 commit into
EasyEngine:developfrom
mrrobot47:fix/alias-domains-skip-non-le-renew
Open

fix(ssl): skip le renewal on alias-domain change for non-le sites#488
mrrobot47 wants to merge 1 commit into
EasyEngine:developfrom
mrrobot47:fix/alias-domains-skip-non-le-renew

Conversation

@mrrobot47

Copy link
Copy Markdown
Member

Problem

Adding/removing alias domains on a non-LE SSL site (custom / self / inherit) hard-errored. update_alias_domains() unconditionally calls ssl_renew() for any SSL-enabled site, and renew_ssl_cert() does EE::error('Only Letsencrypt certificate renewal is supported.'). Because EE::error() exits, the operation aborted after docker-compose was regenerated and containers restarted with the new alias config, but before the DB was updated — leaving container and DB state inconsistent (and with no revert, since EE::error doesn't throw).

Fix

Only call ssl_renew() when site_ssl === 'le' (the LE path is unchanged, byte-for-byte). For custom, warn that the user must supply a cert covering the new alias set; for self/inherit, log that no cert action is needed. The alias-domain update now completes for all SSL types.

Note

With the hard error gone, execution now reaches the existing revokeCertificates($old_certs) for non-LE sites. $old_certs is loaded from the ACME repository, so it is empty (a no-op) for a normal custom site; in the edge case where stale LE artifacts exist for the same domains, those unused certs are revoked — consistent with the line's "revoke old certificate which will not be used" intent.

Testing

Manual: create a --ssl=custom site, run ee site update <site> --add-alias-domains=foo.test → completes with the custom-cert warning (previously: hard error). LE sites still force-renew exactly as before.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants