Rômulo Pereira

Are there any non-default configurations that would be recommended in this scenario, specifically considering security and availability?

(1) Would Froxlor be able to meet a very large demand without causing service interruption? (2) Is Froxlor designed with very large demands like this in mind, or does it only meet common hosting scenarios? (3) If Froxlor is able to meet a very large demand, what non-default configurations would be recommended in this scenario, specifically considering security and availability?

I really appreciate your help. I managed to place the certificate on a domain. In the end, all that was left was to adjust the access on the firewall.

- does /root/.acme.sh/teste3.my-domain.com/ exist? Yes, it does. - Disable let's encrypt for the domain, let the cronjob run (or run manually) Done - run "/root/.acme.sh/acme.sh remove -d teste3.my-domain.com" Log: "[Thu May 8 10:51:53 -03 2025] -d is not an issued domain, skipping." - delete the directory "rm -rf /root/.acme.sh/teste3.my-domain.com/" Done - enable let's encrypt for the domain and let the cronjob run / manually run it Log: [Thu May 8 10:53:28 -03 2025] ===Starting cron=== [Thu May 8 10:53:28 -03 2025] Renewing: 'teste3.my-domain.com' [Thu May 8 10:53:28 -03 2025] Renewing using Le_API=https://acme-v02.api.letsencrypt.org/directory [Thu May 8 10:53:28 -03 2025] Skipping invalid cert for: teste3.my-domain.com [Thu May 8 10:53:28 -03 2025] Skipped teste3.my-domain.com [Thu May 8 10:53:28 -03 2025] Renewing: 'teste3.my-domain.com' [Thu May 8 10:53:28 -03 2025] Renewing using Le_API=https://acme-v02.api.letsencrypt.org/directory [Thu May 8 10:53:28 -03 2025] Skipping invalid cert for: teste3.my-domain.com [Thu May 8 10:53:28 -03 2025] Skipped teste3.my-domain.com_ecc [Thu May 8 10:53:28 -03 2025] Renewing: 'teste3.my-domain.com' [Thu May 8 10:53:28 -03 2025] 'teste3.my-domain.com' is not an issued domain, skipping. [Thu May 8 10:53:28 -03 2025] Skipped teste3.my-domain.com_ecc [Thu May 8 10:53:28 -03 2025] ===End cron===

Thank you very much for your help. I followed the procedures as suggested and the following errors were returned: [debug] Successful exit-code returned - storing certificate [error] Could not find file 'teste3.my-domain.com.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not find file 'ca.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not find file 'fullchain.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not get Let's Encrypt certificate for teste3.my-domain.com:_https://github.com/acmesh-official/acme.sh_v3.1.1_[Thu May 8 10:10:39 -03 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory_[Thu May 8 10:10:40 -03 2025] Creating domain key_[Thu May 8 10:10:43 -03 2025] The domain key is here: /root/.acme.sh/teste3.my-domain.com/teste3.my-domain.com.key_[Thu May 8 10:10:43 -03 2025] Generating next pre-generate key._[Thu May 8 10:10:43 -03 2025] Single domain_'teste3.my-domain.com'_[Thu May 8 10:10:46 -03 2025] Getting webroot for domain_'teste3.my-domain.com'_[Thu May 8 10:10:46 -03 2025] Verifying: teste3.my-domain.com_[Thu May 8 10:10:47 -03 2025] Pending. The CA is processing your order, please wait. (1/30)_[Thu May 8 10:10:50 -03 2025] Pending. The CA is processing your order, please wait. (2/30)_[Thu May 8 10:10:53 -03 2025] Pending. The CA is processing your order, please wait. (3/30)_[Thu May 8 10:10:55 -03 2025] Pending. The CA is processing your order, please wait. (4/30)_[Thu May 8 10:10:58 -03 2025] Pending. The CA is processing your order, please wait. (5/30) [error] Could not find file 'teste3.my-domain.com.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not find file 'ca.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not find file 'fullchain.cer' in '/root/.acme.sh/teste3.my-domain.com/' [error] Could not get Let's Encrypt certificate for teste3.my-domain.com:_ [information] Let's Encrypt certificates have been updated

Here follows the Virtual host config for the domain. How do I change the self signed certificate for a let's encrypt certificate? Do I have to do it manually on the server? Regarding the log, it is exactly what I showed. I do appreciate any help. <VirtualHost [Server-IP-Here]:443> ServerName teste3.my-domain.com ServerAdmin teste3@email.com SSLEngine On SSLProtocol -ALL +TLSv1.2 SSLCompression Off SSLSessionTickets on SSLHonorCipherOrder off SSLCipherSuite [CipherSuite-Here] SSLVerifyDepth 10 SSLCertificateFile /etc/ssl/froxlor_selfsigned.pem SSLCertificateKeyFile /etc/ssl/froxlor_selfsigned.key <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=0" </IfModule> DocumentRoot "/var/customers/webs/teste3" <Directory "/var/customers/webs/teste3/"> <FilesMatch \.(php)$> <If "-f %{SCRIPT_FILENAME}"> SetHandler proxy:unix:/var/lib/apache2/fastcgi/1-teste3-teste3.my-domain.com-php-fpm.socket|fcgi://localhost </If> </FilesMatch> CGIPassAuth On Require all granted AllowOverride All </Directory> Alias /webalizer "/var/customers/webs/teste3/webalizer" LogLevel warn ErrorLog "/var/customers/logs/teste3-error.log" CustomLog "/var/customers/logs/teste3-access.log" combined </VirtualHost>

Thanks for the reply. Unfortunately, the insecure connection continues to appear, without the let's encrypt ssl certificate. Even opening explicitly with https the connection remains insecure.

Here it is: [Wed May 07 12:15:20.487180 2025] [ssl:warn] [pid 1022:tid 1022] AH01906: [my-domain-here]:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Wed May 07 12:15:20.487208 2025] [ssl:warn] [pid 1022:tid 1022] AH01909: [my-domain-here]:443:0 server certificate does NOT include an ID which matches the server name

Î found this issue related to it: https://github.com/Froxlor/Froxlor/issues/767

I get these messages on log for the domain: "server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)" "server certificate does NOT include an ID which matches the server name" How do I fix it?

Thanks for the reply. I added the domain to DNS pointing to the froxlor server IP and checked with ping that the domain is being properly resolved, but I still get an insecure connection when I access the domain. What should I do next?

I want to enable Let's Encrypt SSL certificate for a domain. I already checked in "System > Settings > SSL Settings" the options "Enable SSL usage" and "Enable Let's Encrypt". Under "Resources > Domains > Edit a domain", the options related to "Webserver SSL settings" are selected, including "Use Let's Encrypt". I already reloaded apache after doing these selections. Unfortunately, when I point a domain to froxlor server IP in /etc/hosts to access the domain locally, I get unsecured connection. What should I do next in order to enable Let's Encrypt SSL certificate on a domain?