symbiosis-ssl can generate SSL config for sites that have no certificate

[patch0]

symbiosis-ssl can generate SSL config for sites that have no certificate returned by Lets Encrypt. This can lead to invalid configuration, and Apache being unable to re-start.

This has been observed both in terms of missing certs that were never returned successfully from Lets Encrypt, or where symbiosis-ssl didn't have permission to write the certificate, but still wrote the SSL config.

Originally reported on Bytemark's Gitlab by @dedwards on 2016-08-10T11:32:30.849Z

[patch0]

Not sure how this can happen. I'll need more info to investigate further.

At the time LetsEncrypt issues the cert, it is parsed as an X509 certificate. If LetsEncrypt returns a zero-length or otherwise corrupt cert, then this stage will fail.

When reading the certificates from disc, symbiosis-ssl assesses each one for validity, and if the file is empty at this point it should be ignored as an invalid set.

Originally posted by @patch0 on 2016-05-16T12:27:55.000Z

[patch0]

Having spoken to @dedwards he's not seen this for a while, so I'll close this as invalid.