Skip to content

fix(migration): don't reclassify custom ssl sites as letsencrypt#490

Open
mrrobot47 wants to merge 1 commit into
EasyEngine:developfrom
mrrobot47:fix/migration-no-custom-to-le
Open

fix(migration): don't reclassify custom ssl sites as letsencrypt#490
mrrobot47 wants to merge 1 commit into
EasyEngine:developfrom
mrrobot47:fix/migration-no-custom-to-le

Conversation

@mrrobot47

Copy link
Copy Markdown
Member

Problem

The 20250927101545_..._fix_ssl_flag_for_existing_le_certs migration auto-sets site_ssl = 'le' for sites that have LE-looking cert files on disk and a Let's Encrypt issuer. Its gate empty( $db_ssl ) || $db_ssl !== 'le' matches any non-le site — including ones explicitly created with --ssl=custom (also self/inherit). A custom site using a Let's Encrypt-issued cert (with a .chain.pem present) would be silently reclassified to le and pulled into automatic LE renewal that can overwrite or break the user's certificate.

Fix

Narrow the gate to empty( $db_ssl ) — repair only sites whose SSL flag is genuinely unset (the migration's intent). Explicit custom/self/inherit (and le) choices are never overridden. down() remains a no-op (forward-only). The boolean change preserves the un-flagged-LE repair case and removes only the unwanted override (the old || $db_ssl !== 'le' half was already redundant for the le case).

Note

A site whose flag was explicitly set to a wrong non-empty value will no longer be auto-corrected — an intentional, conservative trade-off: a data migration should not override an explicit user choice.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants