Jump to content
Froxlor Forum

ajp

Members
  • Posts

    6
  • Joined

  • Last visited

Posts posted by ajp

  1. 15 minutes ago, d00p said:

    DNS service is not required for a domain to be added ...

    ...

    Yes, you are correct @d00p. Thank you for your response.

    The output was showing as pretty standard, except for the error

    /etc/init.d/bind9: No such file or directory

    In between my initial post and your response. I deleted the domain and recreated, Before doing this I went to settings and selected the default options (in bold) , saved the settings, rebuilt the config files and ran the cron job,

    This seemed to do the trick. I cannot say if was re-creation of the domain or the settings page update.

    Thank you for your willingness to assist. much appreciated.

     

  2. I have DNS services running on a service provider infrastructure, and therefore have no need for DNS server on the server where floxlor is installed.

    Now, after V2 was installed. creating a new domain is not creating the new domain. The cron job was complaining on a /etc/init.d/cron9. not found, so I disabled the name server in the settings and regenerated the config file and reran the cron.

    • The vhost file is not created
    • The directory space is not being created

    The rerun cron job is not giving me any errors, but is not actioning the domain either. I'm at a loss how to proceed, Please provide some guidance on what to do.

     

  3. 2 hours ago, d00p said:

    Even if its .com, then again 64.190.63.111 is not 102.37.45.140 and we are again at the point where I was asking "are you sure the DNS is correct"  :)

    Hi folks

    I am so sorry, I should have explained previously that the domain name I used in the logs was changed. My bad. I didn't want to use it without the permission of the domain owner. The actual domain name resolves correctly to the server.

     

    This was a domain with an existing LE SSL certificate, which expired. When trying to renew, the error came about, (pointing to the correct domain), saying the /.well-known/acme-challenge/file was returning a 404.

    The server does the same for a new domain. When trying to get the SSL certificate, the callback fetch returns a 404. The test file is also not accessible from the browser, which is why I said to me it looks like apache is having an issue loading the acme.conf, which exists and is correct.

    The apache config has not been manually modified in any and is as per the froxlor configuration instructions.

     

     

     

     

  4. 2 hours ago, d00p said:

    100% sure the domains DNS resolves to the server?

    The DNS is external to the server and resolves to the server. In the backup logs the content is showed. To verify this i created an .htaccess file that directs all traffic to the index.php file and the content showed in the backup cron output (I later removed the .htacess). I am testing on a site that is empty except for an index.html

    I have tried removing the acme.sh directory and setting the SSL one by one.

    - The renew worked for still valid domains

    - The rewew failed for expired domains

    - The rewew failed for new domains


    As I mentioned before, the one thing I did notice is that the site owner is not www-data, while the file owner of the directory /var/www/froxlor/.well-known/acme-challenge is www-data.  I have verified the access of the directory and that it has 'r' and 'x' permission for each component in the path,

    I have added a cleaned up version of the backup log below

    [information] Creating certificate for aeroweb.con
    [information] Adding common-name: aeroweb.con
    [Wed 22 Jun 2022 09:12:32 AM UTC] Lets find script dir.
    [Wed 22 Jun 2022 09:12:32 AM UTC] _SCRIPT_='/root/.acme.sh/acme.sh'
    [Wed 22 Jun 2022 09:12:32 AM UTC] _script='/root/.acme.sh/acme.sh'
    [Wed 22 Jun 2022 09:12:32 AM UTC] _script_home='/root/.acme.sh'
    [Wed 22 Jun 2022 09:12:32 AM UTC] Using config home:/root/.acme.sh
    [Wed 22 Jun 2022 09:12:32 AM UTC] Using server: https://acme-v02.api.letsencrypt.org/directory
    [Wed 22 Jun 2022 09:12:32 AM UTC] Running cmd: issue
    [Wed 22 Jun 2022 09:12:32 AM UTC] _main_domain='aeroweb.con'
    [Wed 22 Jun 2022 09:12:32 AM UTC] _alt_domains='no'
    [Wed 22 Jun 2022 09:12:32 AM UTC] Using config home:/root/.acme.sh
    [Wed 22 Jun 2022 09:12:32 AM UTC] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Wed 22 Jun 2022 09:12:32 AM UTC] DOMAIN_PATH='/root/.acme.sh/aeroweb.con'
    [Wed 22 Jun 2022 09:12:32 AM UTC] Le_NextRenewTime
    [Wed 22 Jun 2022 09:12:32 AM UTC] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
    [Wed 22 Jun 2022 09:12:32 AM UTC] _init api for server: https://acme-v02.api.letsencrypt.org/directory
    [Wed 22 Jun 2022 09:12:32 AM UTC] GET
    [Wed 22 Jun 2022 09:12:32 AM UTC] url='https://acme-v02.api.letsencrypt.org/directory'
    [Wed 22 Jun 2022 09:12:32 AM UTC] timeout=
    [Wed 22 Jun 2022 09:12:32 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Wed 22 Jun 2022 09:12:33 AM UTC] ret='0'
    [Wed 22 Jun 2022 09:12:33 AM UTC] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
    [Wed 22 Jun 2022 09:12:33 AM UTC] ACME_NEW_AUTHZ
    [Wed 22 Jun 2022 09:12:33 AM UTC] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Wed 22 Jun 2022 09:12:33 AM UTC] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
    [Wed 22 Jun 2022 09:12:33 AM UTC] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
    [Wed 22 Jun 2022 09:12:33 AM UTC] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
    [Wed 22 Jun 2022 09:12:33 AM UTC] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Wed 22 Jun 2022 09:12:33 AM UTC] _on_before_issue
    [Wed 22 Jun 2022 09:12:33 AM UTC] _chk_main_domain='aeroweb.con'
    [Wed 22 Jun 2022 09:12:33 AM UTC] _chk_alt_domains
    [Wed 22 Jun 2022 09:12:33 AM UTC] Le_LocalAddress
    [Wed 22 Jun 2022 09:12:33 AM UTC] d='aeroweb.con'
    [Wed 22 Jun 2022 09:12:33 AM UTC] Check for domain='aeroweb.con'
    [Wed 22 Jun 2022 09:12:33 AM UTC] _currentRoot='/var/www/froxlor'
    [Wed 22 Jun 2022 09:12:33 AM UTC] d
    [Wed 22 Jun 2022 09:12:33 AM UTC] _saved_account_key_hash is not changed, skip register account.
    [Wed 22 Jun 2022 09:12:33 AM UTC] Read key length:4096
    [Wed 22 Jun 2022 09:12:33 AM UTC] _createcsr
    [Wed 22 Jun 2022 09:12:33 AM UTC] d
    [Wed 22 Jun 2022 09:12:33 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Wed 22 Jun 2022 09:12:33 AM UTC] payload='{"identifiers": [{"type":"dns","value":"aeroweb.con"}]}'
    [Wed 22 Jun 2022 09:12:33 AM UTC] RSA key
    [Wed 22 Jun 2022 09:12:33 AM UTC] HEAD
    [Wed 22 Jun 2022 09:12:33 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Wed 22 Jun 2022 09:12:33 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
    [Wed 22 Jun 2022 09:12:34 AM UTC] _ret='0'
    [Wed 22 Jun 2022 09:12:34 AM UTC] POST
    [Wed 22 Jun 2022 09:12:34 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Wed 22 Jun 2022 09:12:34 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Wed 22 Jun 2022 09:12:36 AM UTC] _ret='0'
    [Wed 22 Jun 2022 09:12:36 AM UTC] code='201'
    [Wed 22 Jun 2022 09:12:36 AM UTC] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/450484450/99996481836'
    [Wed 22 Jun 2022 09:12:36 AM UTC] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/450484450/99996481836'
    [Wed 22 Jun 2022 09:12:36 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/122387738876'
    [Wed 22 Jun 2022 09:12:36 AM UTC] payload
    [Wed 22 Jun 2022 09:12:36 AM UTC] POST
    [Wed 22 Jun 2022 09:12:36 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/122387738876'
    [Wed 22 Jun 2022 09:12:36 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Wed 22 Jun 2022 09:12:36 AM UTC] _ret='0'
    [Wed 22 Jun 2022 09:12:36 AM UTC] code='200'
    [Wed 22 Jun 2022 09:12:36 AM UTC] d='aeroweb.con'
    [Wed 22 Jun 2022 09:12:37 AM UTC] _w='/var/www/froxlor'
    [Wed 22 Jun 2022 09:12:37 AM UTC] _currentRoot='/var/www/froxlor'
    [Wed 22 Jun 2022 09:12:37 AM UTC] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw","token":"DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic"'
    [Wed 22 Jun 2022 09:12:37 AM UTC] token='DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic'
    [Wed 22 Jun 2022 09:12:37 AM UTC] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw'
    [Wed 22 Jun 2022 09:12:37 AM UTC] keyauthorization='DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic.ceoMx6hV_yV4mFEpS8g2x4mMs6O30ZDb89PxOZBuJHg'
    [Wed 22 Jun 2022 09:12:37 AM UTC] dvlist='aeroweb.con#DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic.ceoMx6hV_yV4mFEpS8g2x4mMs6O30ZDb89PxOZBuJHg#https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw#http-01#/var/www/froxlor'
    [Wed 22 Jun 2022 09:12:37 AM UTC] d
    [Wed 22 Jun 2022 09:12:37 AM UTC] vlist='aeroweb.con#DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic.ceoMx6hV_yV4mFEpS8g2x4mMs6O30ZDb89PxOZBuJHg#https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw#http-01#/var/www/froxlor,'
    [Wed 22 Jun 2022 09:12:37 AM UTC] d='aeroweb.con'
    [Wed 22 Jun 2022 09:12:37 AM UTC] ok, let's start to verify
    [Wed 22 Jun 2022 09:12:37 AM UTC] d='aeroweb.con'
    [Wed 22 Jun 2022 09:12:37 AM UTC] keyauthorization='DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic.ceoMx6hV_yV4mFEpS8g2x4mMs6O30ZDb89PxOZBuJHg'
    [Wed 22 Jun 2022 09:12:37 AM UTC] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw'
    [Wed 22 Jun 2022 09:12:37 AM UTC] _currentRoot='/var/www/froxlor'
    [Wed 22 Jun 2022 09:12:37 AM UTC] wellknown_path='/var/www/froxlor/.well-known/acme-challenge'
    [Wed 22 Jun 2022 09:12:37 AM UTC] writing token:DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic to /var/www/froxlor/.well-known/acme-challenge/DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic
    [Wed 22 Jun 2022 09:12:37 AM UTC] Changing owner/group of .well-known to www-data:www-data
    [Wed 22 Jun 2022 09:12:37 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw'
    [Wed 22 Jun 2022 09:12:37 AM UTC] payload='{}'
    [Wed 22 Jun 2022 09:12:37 AM UTC] POST
    [Wed 22 Jun 2022 09:12:37 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw'
    [Wed 22 Jun 2022 09:12:37 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Wed 22 Jun 2022 09:12:38 AM UTC] _ret='0'
    [Wed 22 Jun 2022 09:12:38 AM UTC] code='200'
    [Wed 22 Jun 2022 09:12:38 AM UTC] trigger validation code: 200
    [Wed 22 Jun 2022 09:12:38 AM UTC] sleep 2 secs to verify again
    [Wed 22 Jun 2022 09:12:40 AM UTC] checking
    [Wed 22 Jun 2022 09:12:40 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw'
    [Wed 22 Jun 2022 09:12:40 AM UTC] payload
    [Wed 22 Jun 2022 09:12:40 AM UTC] POST
    [Wed 22 Jun 2022 09:12:40 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw'
    [Wed 22 Jun 2022 09:12:40 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Wed 22 Jun 2022 09:12:41 AM UTC] _ret='0'
    [Wed 22 Jun 2022 09:12:41 AM UTC] code='200'
    [Wed 22 Jun 2022 09:12:41 AM UTC] aeroweb.con:Verify error:102.37.45.140: Invalid response from http://aeroweb.con/.well-known/acme-challenge/DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic: 404
    [Wed 22 Jun 2022 09:12:41 AM UTC] Debug: get token url.
    [Wed 22 Jun 2022 09:12:41 AM UTC] GET
    [Wed 22 Jun 2022 09:12:41 AM UTC] url='http://aeroweb.con/.well-known/acme-challenge/DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic'
    [Wed 22 Jun 2022 09:12:41 AM UTC] timeout=1
    [Wed 22 Jun 2022 09:12:41 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  --connect-timeout 1'
    [Wed 22 Jun 2022 09:12:41 AM UTC] ret='0'
    [Wed 22 Jun 2022 09:12:41 AM UTC] Debugging, skip removing: /var/www/froxlor/.well-known/acme-challenge/DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic
    [Wed 22 Jun 2022 09:12:41 AM UTC] pid
    [Wed 22 Jun 2022 09:12:41 AM UTC] No need to restore nginx, skip.
    [Wed 22 Jun 2022 09:12:41 AM UTC] _clearupdns
    [Wed 22 Jun 2022 09:12:41 AM UTC] dns_entries
    [Wed 22 Jun 2022 09:12:41 AM UTC] skip dns.
    [Wed 22 Jun 2022 09:12:41 AM UTC] _on_issue_err
    [Wed 22 Jun 2022 09:12:41 AM UTC] Please add '--debug' or '--log' to check more details.
    [Wed 22 Jun 2022 09:12:41 AM UTC] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
    [Wed 22 Jun 2022 09:12:41 AM UTC] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw'
    [Wed 22 Jun 2022 09:12:41 AM UTC] payload='{}'
    [Wed 22 Jun 2022 09:12:41 AM UTC] POST
    [Wed 22 Jun 2022 09:12:41 AM UTC] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/122387738876/dsP_Zw'
    [Wed 22 Jun 2022 09:12:41 AM UTC] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
    [Wed 22 Jun 2022 09:12:42 AM UTC] _ret='0'
    [Wed 22 Jun 2022 09:12:42 AM UTC] code='400'
    [Wed 22 Jun 2022 09:12:42 AM UTC] socat doesn't exist.
    [Wed 22 Jun 2022 09:12:42 AM UTC] Diagnosis versions:
    openssl:openssl
    OpenSSL 1.1.1f  31 Mar 2020
    apache:
    apache doesn't exist.
    nginx:
    nginx doesn't exist.
    socat:
    [debug] https://github.com/acmesh-official/acme.sh
    v3.0.5
    [Wed 22 Jun 2022 09:12:33 AM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
    [Wed 22 Jun 2022 09:12:33 AM UTC] Single domain='aeroweb.con'
    [Wed 22 Jun 2022 09:12:33 AM UTC] Getting domain auth token for each domain
    [Wed 22 Jun 2022 09:12:36 AM UTC] Getting webroot for domain='aeroweb.con'
    [Wed 22 Jun 2022 09:12:37 AM UTC] Verifying: aeroweb.con
    [Wed 22 Jun 2022 09:12:38 AM UTC] Pending, The CA is processing your order, please just wait. (1/30)
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>404 Not Found</title>
    </head><body>
    <h1>Not Found</h1>
    <p>The requested URL was not found on this server.</p>
    <hr>
    <address>Apache/2.4.41 (Ubuntu) Server at aeroweb.con Port 80</address>
    </body></html>
    [error] Could not find file 'aeroweb.con.cer' in '/root/.acme.sh/aeroweb.con/'
    [error] Could not find file 'ca.cer' in '/root/.acme.sh/aeroweb.con/'
    [error] Could not find file 'fullchain.cer' in '/root/.acme.sh/aeroweb.con/'
    [error] Could not get Let's Encrypt certificate for aeroweb.con:
    https://github.com/acmesh-official/acme.sh
    v3.0.5
    [Wed 22 Jun 2022 09:12:33 AM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
    [Wed 22 Jun 2022 09:12:33 AM UTC] Single domain='aeroweb.con'
    [Wed 22 Jun 2022 09:12:33 AM UTC] Getting domain auth token for each domain
    [Wed 22 Jun 2022 09:12:36 AM UTC] Getting webroot for domain='aeroweb.con'
    [Wed 22 Jun 2022 09:12:37 AM UTC] Verifying: aeroweb.con
    [Wed 22 Jun 2022 09:12:38 AM UTC] Pending, The CA is processing your order, please just wait. (1/30)
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>404 Not Found</title>
    </head><body>
    <h1>Not Found</h1>
    <p>The requested URL was not found on this server.</p>
    <hr>
    <address>Apache/2.4.41 (Ubuntu) Server at aeroweb.con Port 80</address>
    </body></html>
    
    [error] Could not find file 'aeroweb.con.cer' in '/root/.acme.sh/aeroweb.con/'
    [error] Could not find file 'ca.cer' in '/root/.acme.sh/aeroweb.con/'
    [error] Could not find file 'fullchain.cer' in '/root/.acme.sh/aeroweb.con/'
    [error] Could not get Let's Encrypt certificate for aeroweb.con:
    
    [information] Let's Encrypt certificates have been updated
    
    

     

  5. 7 minutes ago, d00p said:

    Where to exacty? The target path is a setting. Depending on the used webserver it might need adjusting

    Quote

    $ more /etc/apache2/conf-enabled/acme.conf

    Alias "/.well-known/acme-challenge" "/var/www/froxlor/.well-known/acme-challenge"
    <Directory "/var/www/froxlor/.well-known/acme-challenge">
            Require all granted
    </Directory>

    The acme points from the vhosts /.well-known/acme-challenge to /var/www/froxlor/.well-known/acme-challenge where the challenge files are present, and where I created the test file. As I mentioned, accessing the test file outside of the cron job resulted in a 404.

    I am using apache on Ubuntu 20.04 and config is as per the froxlor configuration.

     

  6. Since a week now, I am unable to create or renew any expired Lets encrypt certificate. The only significant event on the server was an update of froxlor to the latest

    When running the cronjob, it reports a 404 not found when trying to access the file http://domain.name/.well-known/acme-challenge/ . 

    Quote

    Wed 22 Jun 2022 09:12:41 AM UTC] aeroweb.com:Verify error:102.37.45.140: Invalid response from http://aeroweb.com/.well-known/acme-challenge/DMhdsp7PMUFK3iYemN7aUpkzgpFp34S9FunMpxbeqic: 404

    The acme.conf is present and installed as per the instructions. I am also unable to access the test file http://domain.name/.well-known/acme-challenge/test that I manually created.

    I tried creating a symlink from the vhost RootDir to the acme-challenge directory in /var/www/froxlor without success.  I tried adding the alias, on the sites-available file and froxlor vhost settings without success..

    I even tried creating an index.php that strips out the last URL segment and render the file contents from /var/www/froxlor but this did not work because of permissions. This last attempt led me to believe that perhaps this is related to access controls. I tried adding the vhost user to the www-group without success.

    - the vhost root directory '/var/customers/webs/aeroweb/aeroweb.com/ is owned by a user aeroweb:aeroweb

    - the acme challenge directory /var/www/froxlor/.well-known/acme-challenge/ is owned by www-data:www-data

    The logs show a file not found error.

    While this may not be a froxlor issue, I am at a loss oh how to proceed further, and hope that someone would have solved this or assist in looking at something else I may have overlooked. Any assistance is appreciated.

×
×
  • Create New...