All Activity
- Last week
-
Ericlex884 joined the community
-
ssl Enable Let's Encrypt SSL certificate on a domain
Rômulo Pereira replied to Rômulo Pereira's question in General Discussion
I really appreciate your help. I managed to place the certificate on a domain. In the end, all that was left was to adjust the access on the firewall. -
ssl Enable Let's Encrypt SSL certificate on a domain
Rômulo Pereira replied to Rômulo Pereira's question in General Discussion
- does /root/.acme.sh/teste3.my-domain.com/ exist? Yes, it does. - Disable let's encrypt for the domain, let the cronjob run (or run manually) Done - run "/root/.acme.sh/acme.sh remove -d teste3.my-domain.com" Log: "[Thu May 8 10:51:53 -03 2025] -d is not an issued domain, skipping." - delete the directory "rm -rf /root/.acme.sh/teste3.my-domain.com/" Done - enable let's encrypt for the domain and let the cronjob run / manually run it Log: [Thu May 8 10:53:28 -03 2025] ===Starting cron=== [Thu May 8 10:53:28 -03 2025] Renewing: 'teste3.my-domain.com' [Thu May 8 10:53:28 -03 2025] Renewing using Le_API=https://acme-v02.api.letsencrypt.org/directory [Thu May 8 10:53:28 -03 2025] Skipping invalid cert for: teste3.my-domain.com [Thu May 8 10:53:28 -03 2025] Skipped teste3.my-domain.com [Thu May 8 10:53:28 -03 2025] Renewing: 'teste3.my-domain.com' [Thu May 8 10:53:28 -03 2025] Renewing using Le_API=https://acme-v02.api.letsencrypt.org/directory [Thu May 8 10:53:28 -03 2025] Skipping invalid cert for: teste3.my-domain.com [Thu May 8 10:53:28 -03 2025] Skipped teste3.my-domain.com_ecc [Thu May 8 10:53:28 -03 2025] Renewing: 'teste3.my-domain.com' [Thu May 8 10:53:28 -03 2025] 'teste3.my-domain.com' is not an issued domain, skipping. [Thu May 8 10:53:28 -03 2025] Skipped teste3.my-domain.com_ecc [Thu May 8 10:53:28 -03 2025] ===End cron=== -
ssl Enable Let's Encrypt SSL certificate on a domain
d00p replied to Rômulo Pereira's question in General Discussion
- does /root/.acme.sh/teste3.my-domain.com/ exist? - Disable let's encrypt for the domain, let the cronjob run (or run manually) - run "/root/.acme.sh/acme.sh remove -d teste3.my-domain.com" - delete the directory "rm -rf /root/.acme.sh/teste3.my-domain.com/" - enable let's encrypt for the domain and let the cronjob run / manually run it -
ssl Enable Let's Encrypt SSL certificate on a domain
Rômulo Pereira replied to Rômulo Pereira's question in General Discussion
Thank you very much for your help. I followed the procedures as suggested and the following errors were returned: [debug] Successful exit-code returned - storing certificate [error] Could not find file 'teste3.my-domain.com.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not find file 'ca.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not find file 'fullchain.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not get Let's Encrypt certificate for teste3.my-domain.com:_https://github.com/acmesh-official/acme.sh_v3.1.1_[Thu May 8 10:10:39 -03 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory_[Thu May 8 10:10:40 -03 2025] Creating domain key_[Thu May 8 10:10:43 -03 2025] The domain key is here: /root/.acme.sh/teste3.my-domain.com/teste3.my-domain.com.key_[Thu May 8 10:10:43 -03 2025] Generating next pre-generate key._[Thu May 8 10:10:43 -03 2025] Single domain_'teste3.my-domain.com'_[Thu May 8 10:10:46 -03 2025] Getting webroot for domain_'teste3.my-domain.com'_[Thu May 8 10:10:46 -03 2025] Verifying: teste3.my-domain.com_[Thu May 8 10:10:47 -03 2025] Pending. The CA is processing your order, please wait. (1/30)_[Thu May 8 10:10:50 -03 2025] Pending. The CA is processing your order, please wait. (2/30)_[Thu May 8 10:10:53 -03 2025] Pending. The CA is processing your order, please wait. (3/30)_[Thu May 8 10:10:55 -03 2025] Pending. The CA is processing your order, please wait. (4/30)_[Thu May 8 10:10:58 -03 2025] Pending. The CA is processing your order, please wait. (5/30) [error] Could not find file 'teste3.my-domain.com.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not find file 'ca.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not find file 'fullchain.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not get Let's Encrypt certificate for teste3.my-domain.com:_ [information] Let's Encrypt certificates have been updated -
ssl Enable Let's Encrypt SSL certificate on a domain
d00p replied to Rômulo Pereira's question in General Discussion
deactivate and reactivate let's encrypt for the domain, then run `froxlor-cli froxlor:cron -fd` twice - post errors here if any. Double check that the domain you are obtaining a certificate for resolves correctly to the server IP -
ssl Enable Let's Encrypt SSL certificate on a domain
Rômulo Pereira replied to Rômulo Pereira's question in General Discussion
Here follows the Virtual host config for the domain. How do I change the self signed certificate for a let's encrypt certificate? Do I have to do it manually on the server? Regarding the log, it is exactly what I showed. I do appreciate any help. <VirtualHost [Server-IP-Here]:443> ServerName teste3.my-domain.com ServerAdmin teste3@email.com SSLEngine On SSLProtocol -ALL +TLSv1.2 SSLCompression Off SSLSessionTickets on SSLHonorCipherOrder off SSLCipherSuite [CipherSuite-Here] SSLVerifyDepth 10 SSLCertificateFile /etc/ssl/froxlor_selfsigned.pem SSLCertificateKeyFile /etc/ssl/froxlor_selfsigned.key <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=0" </IfModule> DocumentRoot "/var/customers/webs/teste3" <Directory "/var/customers/webs/teste3/"> <FilesMatch \.(php)$> <If "-f %{SCRIPT_FILENAME}"> SetHandler proxy:unix:/var/lib/apache2/fastcgi/1-teste3-teste3.my-domain.com-php-fpm.socket|fcgi://localhost </If> </FilesMatch> CGIPassAuth On Require all granted AllowOverride All </Directory> Alias /webalizer "/var/customers/webs/teste3/webalizer" LogLevel warn ErrorLog "/var/customers/logs/teste3-error.log" CustomLog "/var/customers/logs/teste3-access.log" combined </VirtualHost> -
ssl Enable Let's Encrypt SSL certificate on a domain
d00p replied to Rômulo Pereira's question in General Discussion
no idea, share the generated virtual-host config of that domain, show your configs, show logs....can't help with "it doesnt work"... -
ssl Enable Let's Encrypt SSL certificate on a domain
Rômulo Pereira replied to Rômulo Pereira's question in General Discussion
Thanks for the reply. Unfortunately, the insecure connection continues to appear, without the let's encrypt ssl certificate. Even opening explicitly with https the connection remains insecure. -
ssl Enable Let's Encrypt SSL certificate on a domain
d00p replied to Rômulo Pereira's question in General Discussion
it's just a warning...it you open my-domain-here in your browser with https and everything works it's just fine -
ssl Enable Let's Encrypt SSL certificate on a domain
Rômulo Pereira replied to Rômulo Pereira's question in General Discussion
Here it is: [Wed May 07 12:15:20.487180 2025] [ssl:warn] [pid 1022:tid 1022] AH01906: [my-domain-here]:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed May 07 12:15:20.487208 2025] [ssl:warn] [pid 1022:tid 1022] AH01909: [my-domain-here]:443:0 server certificate does NOT include an ID which matches the server name -
ssl Enable Let's Encrypt SSL certificate on a domain
d00p replied to Rômulo Pereira's question in General Discussion
that issue is 6 years old....please specify the complete log-entries, not just parts. -
ssl Enable Let's Encrypt SSL certificate on a domain
Rômulo Pereira replied to Rômulo Pereira's question in General Discussion
Î found this issue related to it: https://github.com/Froxlor/Froxlor/issues/767 -
ssl Enable Let's Encrypt SSL certificate on a domain
Rômulo Pereira replied to Rômulo Pereira's question in General Discussion
I get these messages on log for the domain: "server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)" "server certificate does NOT include an ID which matches the server name" How do I fix it? -
ssl Enable Let's Encrypt SSL certificate on a domain
Rômulo Pereira replied to Rômulo Pereira's question in General Discussion
Thanks for the reply. I added the domain to DNS pointing to the froxlor server IP and checked with ping that the domain is being properly resolved, but I still get an insecure connection when I access the domain. What should I do next? -
d00p started following Enable Let's Encrypt SSL certificate on a domain
-
ssl Enable Let's Encrypt SSL certificate on a domain
d00p replied to Rômulo Pereira's question in General Discussion
locally being the keyword....you cannot change the /etc/hosts on letsencrypt.org-servers or for everyone else,...that's what DNS is for...set correct dns entries in the domains zone and it should work as expected -
Rômulo Pereira started following Enable Let's Encrypt SSL certificate on a domain
-
ssl Enable Let's Encrypt SSL certificate on a domain
Rômulo Pereira posted a question in General Discussion
I want to enable Let's Encrypt SSL certificate for a domain. I already checked in "System > Settings > SSL Settings" the options "Enable SSL usage" and "Enable Let's Encrypt". Under "Resources > Domains > Edit a domain", the options related to "Webserver SSL settings" are selected, including "Use Let's Encrypt". I already reloaded apache after doing these selections. Unfortunately, when I point a domain to froxlor server IP in /etc/hosts to access the domain locally, I get unsecured connection. What should I do next in order to enable Let's Encrypt SSL certificate on a domain? -
Rômulo Pereira joined the community
-
xipoyof830 joined the community
- Earlier
-
release froxlor 2.2 - New Antispam feature, API enhancements and SSL improvements
d00p replied to d00p's topic in Announcements
Update: froxlor 2.2.7 Security: Bump vite from 6.2.0 to 6.2.4 (#1320) Bump axios from 1.8.1 to 1.8.2 (#1321) Bump vite from 6.2.4 to 6.2.5 (#1322) Bump vite from 6.2.5 to 6.2.6 (#1323) Bump vite from 6.2.6 to 6.3.4 (#1327) Fixes: PHP-8.4 compatibility (#1313) issues with creating databases in certain cases, #1312 #1324 #1326 unable to set url with umlaut domain as path for (sub) domain redirection #1325 -
1410 You are not allowed to create a user with GRANT
rickstinson replied to bastcom's question in General Discussion
perfect - its working now! thanks a lot! -
1410 You are not allowed to create a user with GRANT
Thorsten Weihs replied to bastcom's question in General Discussion
Thanks. 👍 -
1410 You are not allowed to create a user with GRANT
d00p replied to bastcom's question in General Discussion
See GitHub, it's identified and fixed. A release will follow soon -
rickstinson started following 1410 You are not allowed to create a user with GRANT
-
1410 You are not allowed to create a user with GRANT
rickstinson replied to bastcom's question in General Discussion
Same here. Since upgrading to the latest froxlor version, our customers cant create new DBs. MySQL 8 / Ubuntu 22.04 Before the upgrade everything runs smooth. What i see is that: - DB has been created - a User blasql1@127.0.0.1 is also created - but normally our froxlor creates 3 User: blasql1@127.0.0.1, blasql1@localhost, blasql1@ourservername Maybe thats helps... -
Auro Hana joined the community
-
biceb93146 joined the community
-
Schau doch hierfür am besten einfach mal in den Mailheader der entsprechenden Mail, da sollten ja Scan-Ergebnisse von rspamd in jedem Fall drinstehen
-
nicht bei weiterleitung...aber bei ANKUNFT DER MAIL, das ist doch VORHER und wenn du nicht weiterleiten willst, musst du halt entsprechend die punktzahl für "discard" anpassen (Ablehnungs Level) - dann wird da auch nix zugestellt oder weitergeleitet, rspamd ist ja als milter in postfix eingerichtet, das sollte greifen bevor irgendwas lokal mit der mail passiert (also bevor postfix aufgrund der virtual_alias_maps entscheidet, wohin die mail geht)
-
Durch die mysql-virtual_alias_maps.cf und der Konfiguration in der main.cf vom Postfix virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf wird die Nachricht doch ohne Spam-Prüfung weitergeleitet, oder verstehe ich das falsch? Ansonsten habe ich scheinbar einen Konfigurationsfehler, denn bei mir findet keine Spam-Prüfung statt. Mein Zielbild wäre, dass Mails, die eindeutig als Spam identifiziert werden, gar nicht weitergeleitet werden. Ist das realisierbar?
-
d00p started following SPAM-Filter bei Weiterleitungen
-
Eine Weiterleitung leitet eingehende Mails an ein Konto weiter...diese wurden doch schon bei Empfang durch den rspamd geprüft und gescannt...beachte bitte das eine E-Mail Weiterleitung nach EXTERN meist keine gute Idee ist, da hier SPF und Co ausgehebelt werden und die Mail nicht mehr authentifiziert ist