letsencrypt symlink

Discussion in 'Installation/Configuration' started by Steffan, Jan 30, 2017.

  1. Steffan

    Steffan Member

    Hello,

    Why is letsencrypt linkt to the archive chain ?
    ls -ls /var/www/XXXXX/ssl
    4 lrwxrwxrwx 1 root root 67 Oct 28 09:10 xxx-le.bundle -> ../../../../../../etc/letsencrypt/archive/xxx/chain1.pem
    4 lrwxrwxrwx 1 root root 66 Oct 28 09:10 xxxl-le.crt -> ../../../../../../etc/letsencrypt/archive/xxx/cert1.pem
    4 lrwxrwxrwx 1 root root 69 Oct 28 09:10 xxx-le.key -> ../../../../../../etc/letsencrypt/archive/xxx/privkey1.pem

    I dont know if it is my old script that i uses before the integration in the panel.
    But i now had a few time the certificated is renewed but the link is not updated.

    ls -sl /etc/letsencrypt/archive/xxx/
    4 -rw-r--r-- 1 root root 2167 Oct 28 09:10 cert1.pem
    4 -rw-r--r-- 1 root root 2167 Dec 28 03:00 cert2.pem
    4 -rw-r--r-- 1 root root 1647 Oct 28 09:10 chain1.pem
    4 -rw-r--r-- 1 root root 1647 Dec 28 03:00 chain2.pem
    4 -rw-r--r-- 1 root root 3814 Oct 28 09:10 fullchain1.pem
    4 -rw-r--r-- 1 root root 3814 Dec 28 03:00 fullchain2.pem
    4 -rw-r--r-- 1 root root 3272 Oct 28 09:10 privkey1.pem
    4 -rw-r--r-- 1 root root 3272 Dec 28 03:00 privkey2.pem

    But /live is updated:
    ls -sl /etc/letsencrypt/live/paulhoffman.nl/
    0 lrwxrwxrwx 1 root root 38 Dec 28 03:00 cert.pem -> ../../archive/xxx/cert2.pem
    0 lrwxrwxrwx 1 root root 39 Dec 28 03:00 chain.pem -> ../../archive/xxx/chain2.pem
    0 lrwxrwxrwx 1 root root 43 Dec 28 03:00 fullchain.pem -> ../../archive/xxx/fullchain2.pem
    0 lrwxrwxrwx 1 root root 41 Dec 28 03:00 privkey.pem -> ../../archive/xxxprivkey2.pem
     
  2. chico11mbit

    chico11mbit Member HowtoForge Supporter

    disable /config/web/"make relative symlinks". perhaps you must setup the paths manually.
    The devs are aware of this issue.
     
  3. Steffan

    Steffan Member

    oke but disabeling that has no site effect on other scripts?
     
  4. chico11mbit

    chico11mbit Member HowtoForge Supporter

  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Or you try to add this in line 3424 of the file /usr/local/ispconfig/server/plugins-available/apache2_plugin.inc.php

    if(strstr($to,'/etc/letsencrypt/archive/')) $to = str_replace('/etc/letsencrypt/archive/','/etc/letsencrypt/live/',$to);
     
  6. chico11mbit

    chico11mbit Member HowtoForge Supporter

    Till,
    do you think this will find its way to the official code or is this just a bypass?
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    This will probably go into the official code base. The problem with the relative symlinks is that LE uses a symlink itself to point from live to archive and the relative symlinks features resolves the final file, which is always the archive. The above workaround is needed to replace the path back to the symlink.
     
  8. Steffan

    Steffan Member

    thanxs.
    i searched the rchive. but looks like i didnt did a good job :)

    resync fixed the job for now.

    @till do you recomend to let relative symlinks stay on?


    I now have this.
    // Add ($cnt_to-1) number of "../" elements to left side of $cfrom
    for ($c = 0; $c < (count($a2)-1); $c++) { $cfrom = '../'.$cfrom; }
    if(strstr($to,'/etc/letsencrypt/archive/')) $to = str_replace('/etc/letsencrypt/archive/','/etc/letsencrypt/live/',$to); ## manualy added 30-01-2017
    return symlink($cfrom, $to);
    }
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    You can leve it on if it works now. Personally, I never needed the relative symlinks feature on a server, it had been implemented by someone who used a special network drive setup for /var/www, that's why it is off by default. But if you used it till now, then better keep it on.
     

Share This Page