After an letsencrypt update the sso login was not possible anymore. Metadata could not be downloaded via https but via http.
curl https://ucs-sso.schein.me/simplesamlphp/saml2/idp/metadata.php or via http
Letsencrypt update to version 1.2.2-6 comes with a new configuration concept:
Modified templates for /etc/apache2/sites-enabled/default-ssl.conf
Configured redirect for the portal url to use saml. The portal is configured on a slave server.
The redirect must be configured at a different location so that it can be included via the vhost configuration of letsencrypt.
cat /etc/apache2/ucs-sites.conf.d/saml-redirect.conf ProxyPass /simplesamlphp/ https://master.schein.me/simplesamlphp/ retry=0