Jump to content
Froxlor Forum

snoopotic

Members
  • Posts

    34
  • Joined

  • Last visited

  • Days Won

    1

snoopotic last won the day on October 4 2013

snoopotic had the most liked content!

Recent Profile Visitors

2224 profile views

snoopotic's Achievements

Apprentice

Apprentice (3/14)

  • Conversation Starter
  • Week One Done
  • One Month Later
  • One Year In
  • First Post

Recent Badges

1

Reputation

  1. Hi. With this little Workaround to set $cert_mode = issue above L267 I was able to delete all certs under admin_domains.php?page=sslcertificates and let them regenerate by running the master_cron. Now the log is empty of this warnings! [information] TasksCron: Searching for tasks to do [information] Running Let's Encrypt cronjob prior to regenerating webserver config files [information] Requesting/renewing Let's Encrypt certificates [information] No new certificates or certificates due for renewal found I will keep this variable setting until the next update. Also: The issue that my Webserver config is rewritten every 5 minutes the cert-job runs is also over. But what really the cause was - I have no idea. Thank you for your effort.
  2. Hmm, in DB it looks good. in AcmeSh.php I placed in Line 320: ( https://github.com/Froxlor/Froxlor/blob/b162324ff02a3279d2728b722d70acd3ccd59059/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php#L320) for testing: //FELIX echo "GIVE CERTMODE: $cert_mode <-thanks "; and got [information] Creating certificate for domain.tld [information] Adding SAN entry: domain.tld [information] Adding SAN entry: www.domain.tld GIVE CERTMODE: renew <-thanks [debug] [Sun 10 Nov 2019 11:59:56 AM CET] Renew: 'domain.tld' [Sun 10 Nov 2019 11:59:56 AM CET] 'domain.tld' is not a issued domain, skip. [error] Could not get Let's Encrypt certificate for domain.tld: [Sun 10 Nov 2019 11:59:56 AM CET] Renew: 'domain.tld' [Sun 10 Nov 2019 11:59:56 AM CET] 'domain.tld' is not a issued domain, skip. then I looked further: placed around https://github.com/Froxlor/Froxlor/blob/b162324ff02a3279d2728b722d70acd3ccd59059/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php#L267 } else { // FELIX $cert_mode = 'issue'; $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Creating certificate for " . $certrow['domain']); //FELIX echo "IS IT ISSUE OR NOT $cert_mode <-- "; } then it worked! (as you see I explicitly set cert_mode = issue again - but afaik it's not necessary but you may see it in your code - I wasn't able yet.) I now have 2 domains that have new certs... Well, after re-running, there domains are also NOT marked to be renewed so there must be a check that sets the renew-cert_mode because of some DB data...!? Is there a DB query I might check? I guess we're going further. Is it maybe I skipped the 0.10.3 --> 0.10.4 update and did a 0.10.3 --> 0.10.5 update? EDIT: AH! as we're in a loop here: https://github.com/Froxlor/Froxlor/blob/b162324ff02a3279d2728b722d70acd3ccd59059/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php#L247 $cert_mode may change (and does in my case) and thus the default in L246 is overridden... So the workaround may be to set it explicitly like I did for recreating... what do you think?
  3. Hmm. although I deleted in froxlor the cert, I don't get: [debug] [So 10. Nov 10:03:15 CET 2019] Creating domain key It's starting with: [debug] [Sun 10 Nov 2019 10:27:55 AM CET] Renew: 'domain.tld' although now I unchecked: "Let's Encrypt Schlüssel wiederverwenden" in ssl settings.(was checked before) but still same behaviour...
  4. Hmm. The rest of the output looks the same as the attached log files I posted initially. So you mean that whole output of "--force --debug" shall have way more information? oO I am on PHP 7.3.11-1+0~20191026.48+debian10~1.gbpf71ca0 (cli) (built: Oct 26 2019 14:20:37) ( NTS ) and the git version tagged with 0.10.5: b162324f#0.10.5
  5. Hi. Yes, of course it was just to tell you that it's not an issue of acme.sh - it CAN get the certs. but froxlor doesn't what I did: 1) delete cert od domain1.tld (not the others) in froxlor 2) unchecked https-ips and let's encrypt settings in froxlor. 3) deleted certs by /root/.acme.sh/acme.sh --remove -d domain1.tld and also removed the folder 4) ran php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --debug --tasks twice last run: [information] TasksCron: Searching for tasks to do [notice] Checking system's last guid 5) enabled ssl-ips and checked the let's encrypt checkbox in froxlor of domain (assuming this re-eanables reissuing of certsI. 6) ran php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --debug --tasks twice again first run throws the one above (Could not get Let's Encrypt certificate for domain1.tld). The second run is the same like in 4). 5) to make sure ran php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --debug --letsencrypt This also throws the "Could not get Let's Encrypt certificate for domain1.tld" from above... expectation: this workflow regenerates certs in first run of 6)
  6. Hmm. now it throws: [information] Creating certificate for domain1.tld [information] Adding SAN entry: domain1.tld [information] Adding SAN entry: www.domain1.tld [debug] [Sun 10 Nov 2019 08:55:25 AM CET] Renew: 'domain1.tld' [Sun 10 Nov 2019 08:55:25 AM CET] 'domain1.tld' is not a issued domain, skip. [error] Could not get Let's Encrypt certificate for domain1.tld: [Sun 10 Nov 2019 08:55:25 AM CET] Renew: 'domain1.tld' [Sun 10 Nov 2019 08:55:25 AM CET] 'domain1.tld' is not a issued domain, skip. [information] No new certificates or certificates due for renewal found But ./acme.sh --issue -d domain1.tld -w /var/www/froxlor works if you need to know that. Sadly froxlor does not recognize 😕
  7. Hmm. I now ran "php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug" two times as it now always changes between 2 states. I replaced my IPs and the domains via sed but kept the rest. I can't read anything abnormal... need more? froxlor2.log froxlor.log
  8. Hi. I went from 0.10.2 over 0.10.3 by missing 0.10.4 over to 0.10.5 since the upgrade from 0.10.3 to 0.10.5 every 5 minutes the lets encrypt cron runs and throws: Could not get Let's Encrypt certificate for <domain>: [Fri 08 Nov 2019 10:50:06 PM CET] Renew: '<domain>' [Fri 08 Nov 2019 10:50:06 PM CET] Skip, Next renewal time is: Wed 01 Jan 2020 11:05:25 PM UTC [Fri 08 Nov 2019 10:50:06 PM CET] Add '--force' to force to renew. for every domain. This also causes continuously: "Neuerstellung der Webserver-Konfiguration" task in froxlor and also every 5 minutes my apache config gets renewed... meh I am on git @b162324f#0.10.5 running "php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --force --debug" is weird as it does not look bad but still keeps: [error] Could not get Let's Encrypt certificate for <domain>: [Sat 09 Nov 2019 07:21:15 PM CET] Renew: '<domain>' [Sat 09 Nov 2019 07:21:15 PM CET] Skip, Next renewal time is: Thu 02 Jan 2020 11:03:17 PM UTC [Sat 09 Nov 2019 07:21:15 PM CET] Add '--force' to force to renew. ... Any ideas how to look deeper? I walked through 450 pages of the system log in froxlor and found that this messages appear since the upgrade to 0.10.5
  9. Hi, Today I struggled with an ssl cert issue I got fixed later. (my froxlor virtual host cert could not get renewed for days. after deleting the cert and making some entry changes to force the regeneration of the certs it worked. But within my changes there was somehow an froxlor.org outage. And sadly this also caused opening "System Admin Settings page not to be opened. Instead I hat to wait until a timeout comes and then I got: (picture follows but upload fails) - picture says: "Curl Error: Failed to connect version.froxlor.org port 443: Connection timed out SO somehow in the code there seems a version check that causes timeouts. Maybe this check can be made optional? regards
  10. @Tealk yup, after that pages went back with new valid certs. Well, maybe I found a bug but I will search for corresponding logs but maybe reporting the use case is quicker: - Create E-Mail Address -> ok - Create E-Mail Account -> fails with: Fehlermeldung Die E-Mail-Adresse "" enthält ungültige Zeichen oder ist nicht vollständig. looks like a typo as the address is already "known" ... shall I look further or is this possibly a case? (I just upgraded my Debian 9 to 10 maybe it's a cross over thingy but I don't think so other things work) EDIT: Oh Noes. Horses back: Entering an alternate E-Mail is mandatory xD
  11. Yeah. Just did it. First view: looks good, good job! One thing I like to mention: In my Environment I use a lot of LE-Certs. On Upgrade the ALL get renewed. By default it's a 5 minute cron for each webserver-change and each LE-renewal run... This means: after Upgrade all certs get deleted and thus web server configfiles recreated with HOSTS default certs. within this webserver-recreation all LE certs get recreated. If they are not fully recreated within 5 minutes the following job: webserver-renewal with the LE-cert paths may take another 5 minutes. For me: My sites were 15 minutes without invalid certs (not that ugly as I have not that highly visited pages :P) Maybe we can add a hint that it may mean up to a 10-15 minutes "possible outage" on upgrade!?
  12. Is there something special to be mentioned at upgrade from 0.9.40.1 that is not stated here: https://github.com/Froxlor/Froxlor/wiki/Updating-Froxlor ? do the cronjobs stay and work etc.?
  13. In the Froxlor Settings for php-fpm you may want to check "use mod_proxy_fcgi". As you state froxlor is not working, manually edit your apache config by reading: https://wiki.apache.org/httpd/PHP-FPM to get it first running and set the checkbox...
×
×
  • Create New...