All Activity

I really appreciate your help. I managed to place the certificate on a domain. In the end, all that was left was to adjust the access on the firewall.

- does /root/.acme.sh/teste3.my-domain.com/ exist? Yes, it does. - Disable let's encrypt for the domain, let the cronjob run (or run manually) Done - run "/root/.acme.sh/acme.sh remove -d teste3.my-domain.com" Log: "[Thu May 8 10:51:53 -03 2025] -d is not an issued domain, skipping." - delete the directory "rm -rf /root/.acme.sh/teste3.my-domain.com/" Done - enable let's encrypt for the domain and let the cronjob run / manually run it Log: [Thu May 8 10:53:28 -03 2025] ===Starting cron=== [Thu May 8 10:53:28 -03 2025] Renewing: 'teste3.my-domain.com' [Thu May 8 10:53:28 -03 2025] Renewing using Le_API=https://acme-v02.api.letsencrypt.org/directory [Thu May 8 10:53:28 -03 2025] Skipping invalid cert for: teste3.my-domain.com [Thu May 8 10:53:28 -03 2025] Skipped teste3.my-domain.com [Thu May 8 10:53:28 -03 2025] Renewing: 'teste3.my-domain.com' [Thu May 8 10:53:28 -03 2025] Renewing using Le_API=https://acme-v02.api.letsencrypt.org/directory [Thu May 8 10:53:28 -03 2025] Skipping invalid cert for: teste3.my-domain.com [Thu May 8 10:53:28 -03 2025] Skipped teste3.my-domain.com_ecc [Thu May 8 10:53:28 -03 2025] Renewing: 'teste3.my-domain.com' [Thu May 8 10:53:28 -03 2025] 'teste3.my-domain.com' is not an issued domain, skipping. [Thu May 8 10:53:28 -03 2025] Skipped teste3.my-domain.com_ecc [Thu May 8 10:53:28 -03 2025] ===End cron===

- does /root/.acme.sh/teste3.my-domain.com/ exist? - Disable let's encrypt for the domain, let the cronjob run (or run manually) - run "/root/.acme.sh/acme.sh remove -d teste3.my-domain.com" - delete the directory "rm -rf /root/.acme.sh/teste3.my-domain.com/" - enable let's encrypt for the domain and let the cronjob run / manually run it

Thank you very much for your help. I followed the procedures as suggested and the following errors were returned: [debug] Successful exit-code returned - storing certificate [error] Could not find file 'teste3.my-domain.com.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not find file 'ca.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not find file 'fullchain.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not get Let's Encrypt certificate for teste3.my-domain.com:_https://github.com/acmesh-official/acme.sh_v3.1.1_[Thu May 8 10:10:39 -03 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory_[Thu May 8 10:10:40 -03 2025] Creating domain key_[Thu May 8 10:10:43 -03 2025] The domain key is here: /root/.acme.sh/teste3.my-domain.com/teste3.my-domain.com.key_[Thu May 8 10:10:43 -03 2025] Generating next pre-generate key._[Thu May 8 10:10:43 -03 2025] Single domain_'teste3.my-domain.com'_[Thu May 8 10:10:46 -03 2025] Getting webroot for domain_'teste3.my-domain.com'_[Thu May 8 10:10:46 -03 2025] Verifying: teste3.my-domain.com_[Thu May 8 10:10:47 -03 2025] Pending. The CA is processing your order, please wait. (1/30)_[Thu May 8 10:10:50 -03 2025] Pending. The CA is processing your order, please wait. (2/30)_[Thu May 8 10:10:53 -03 2025] Pending. The CA is processing your order, please wait. (3/30)_[Thu May 8 10:10:55 -03 2025] Pending. The CA is processing your order, please wait. (4/30)_[Thu May 8 10:10:58 -03 2025] Pending. The CA is processing your order, please wait. (5/30) [error] Could not find file 'teste3.my-domain.com.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not find file 'ca.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not find file 'fullchain.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not get Let's Encrypt certificate for teste3.my-domain.com:_ [information] Let's Encrypt certificates have been updated

deactivate and reactivate let's encrypt for the domain, then run `froxlor-cli froxlor:cron -fd` twice - post errors here if any. Double check that the domain you are obtaining a certificate for resolves correctly to the server IP

Here follows the Virtual host config for the domain. How do I change the self signed certificate for a let's encrypt certificate? Do I have to do it manually on the server? Regarding the log, it is exactly what I showed. I do appreciate any help. <VirtualHost [Server-IP-Here]:443> ServerName teste3.my-domain.com ServerAdmin teste3@email.com SSLEngine On SSLProtocol -ALL +TLSv1.2 SSLCompression Off SSLSessionTickets on SSLHonorCipherOrder off SSLCipherSuite [CipherSuite-Here] SSLVerifyDepth 10 SSLCertificateFile /etc/ssl/froxlor_selfsigned.pem SSLCertificateKeyFile /etc/ssl/froxlor_selfsigned.key <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=0" </IfModule> DocumentRoot "/var/customers/webs/teste3" <Directory "/var/customers/webs/teste3/"> <FilesMatch \.(php)$> <If "-f %{SCRIPT_FILENAME}"> SetHandler proxy:unix:/var/lib/apache2/fastcgi/1-teste3-teste3.my-domain.com-php-fpm.socket|fcgi://localhost </If> </FilesMatch> CGIPassAuth On Require all granted AllowOverride All </Directory> Alias /webalizer "/var/customers/webs/teste3/webalizer" LogLevel warn ErrorLog "/var/customers/logs/teste3-error.log" CustomLog "/var/customers/logs/teste3-access.log" combined </VirtualHost>

no idea, share the generated virtual-host config of that domain, show your configs, show logs....can't help with "it doesnt work"...

Thanks for the reply. Unfortunately, the insecure connection continues to appear, without the let's encrypt ssl certificate. Even opening explicitly with https the connection remains insecure.

it's just a warning...it you open my-domain-here in your browser with https and everything works it's just fine

Here it is: [Wed May 07 12:15:20.487180 2025] [ssl:warn] [pid 1022:tid 1022] AH01906: [my-domain-here]:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed May 07 12:15:20.487208 2025] [ssl:warn] [pid 1022:tid 1022] AH01909: [my-domain-here]:443:0 server certificate does NOT include an ID which matches the server name

that issue is 6 years old....please specify the complete log-entries, not just parts.

Î found this issue related to it: https://github.com/Froxlor/Froxlor/issues/767

I get these messages on log for the domain: "server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)" "server certificate does NOT include an ID which matches the server name" How do I fix it?

Thanks for the reply. I added the domain to DNS pointing to the froxlor server IP and checked with ping that the domain is being properly resolved, but I still get an insecure connection when I access the domain. What should I do next?

locally being the keyword....you cannot change the /etc/hosts on letsencrypt.org-servers or for everyone else,...that's what DNS is for...set correct dns entries in the domains zone and it should work as expected

I want to enable Let's Encrypt SSL certificate for a domain. I already checked in "System > Settings > SSL Settings" the options "Enable SSL usage" and "Enable Let's Encrypt". Under "Resources > Domains > Edit a domain", the options related to "Webserver SSL settings" are selected, including "Use Let's Encrypt". I already reloaded apache after doing these selections. Unfortunately, when I point a domain to froxlor server IP in /etc/hosts to access the domain locally, I get unsecured connection. What should I do next in order to enable Let's Encrypt SSL certificate on a domain?

Update: froxlor 2.2.7 Security: Bump vite from 6.2.0 to 6.2.4 (#1320) Bump axios from 1.8.1 to 1.8.2 (#1321) Bump vite from 6.2.4 to 6.2.5 (#1322) Bump vite from 6.2.5 to 6.2.6 (#1323) Bump vite from 6.2.6 to 6.3.4 (#1327) Fixes: PHP-8.4 compatibility (#1313) issues with creating databases in certain cases, #1312 #1324 #1326 unable to set url with umlaut domain as path for (sub) domain redirection #1325

perfect - its working now! thanks a lot!

Thanks. 👍

See GitHub, it's identified and fixed. A release will follow soon

Same here. Since upgrading to the latest froxlor version, our customers cant create new DBs. MySQL 8 / Ubuntu 22.04 Before the upgrade everything runs smooth. What i see is that: - DB has been created - a User blasql1@127.0.0.1 is also created - but normally our froxlor creates 3 User: blasql1@127.0.0.1, blasql1@localhost, blasql1@ourservername Maybe thats helps...

Schau doch hierfür am besten einfach mal in den Mailheader der entsprechenden Mail, da sollten ja Scan-Ergebnisse von rspamd in jedem Fall drinstehen

nicht bei weiterleitung...aber bei ANKUNFT DER MAIL, das ist doch VORHER und wenn du nicht weiterleiten willst, musst du halt entsprechend die punktzahl für "discard" anpassen (Ablehnungs Level) - dann wird da auch nix zugestellt oder weitergeleitet, rspamd ist ja als milter in postfix eingerichtet, das sollte greifen bevor irgendwas lokal mit der mail passiert (also bevor postfix aufgrund der virtual_alias_maps entscheidet, wohin die mail geht)

Durch die mysql-virtual_alias_maps.cf und der Konfiguration in der main.cf vom Postfix virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf wird die Nachricht doch ohne Spam-Prüfung weitergeleitet, oder verstehe ich das falsch? Ansonsten habe ich scheinbar einen Konfigurationsfehler, denn bei mir findet keine Spam-Prüfung statt. Mein Zielbild wäre, dass Mails, die eindeutig als Spam identifiziert werden, gar nicht weitergeleitet werden. Ist das realisierbar?

Eine Weiterleitung leitet eingehende Mails an ein Konto weiter...diese wurden doch schon bei Empfang durch den rspamd geprüft und gescannt...beachte bitte das eine E-Mail Weiterleitung nach EXTERN meist keine gute Idee ist, da hier SPF und Co ausgehebelt werden und die Mail nicht mehr authentifiziert ist