[habe Probleme LE-Zertifikate zu beziehen]

Danke - noch eine Kleinigkeit: hätte jetzt auch das LE-Cert für den froxlor-VHost gelöscht - aber das wird anscheinend nicht wieder generiert?

[habe Probleme LE-Zertifikate zu beziehen]

On 4/4/2020 at 5:26 PM, d00p said:

Okay, also noch die LOG_WARN kacke weg und dann läuft's

merci - kann das hier bestätigen, nach einem --force sind die LE-Certs wieder gut.

Krieg ich eventuell einen Tipp, wie dsa LOG_WARN wegzubekommen wäre?

Danke!

[habe Probleme LE-Zertifikate zu beziehen]

Hallo,
wir haben das gleiche Phänomen auf einer Froxlor-Installation.

Gibt's da zufällig einen geordneten Fix?

Danke, hk

[It is recommended to install socat first]

and sorry for taking the wrong forum, obviously should have posted in german here, maybe you can move this thread to the international one. thank you again.

[It is recommended to install socat first]

3 minutes ago, d00p said:

well, don't call the "normal" cronjob with "--debug" flag, default from the generated /etc/cron.d/froxlor file is:

*/5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --tasks 1> /dev/null

 

uhm, that's exactly what is (and was) running on this box, yet we got lots of mails reporting about socat.

[It is recommended to install socat first]

1 minute ago, d00p said:

not required/needed for us

well, the acme.sh is reporting this on a 5-minute-basis because of the --tasks job and to get rid of this had to install it but any other "get rid of this" solutions would be welcome.

[It is recommended to install socat first]

today we suddenly got this:

/usr/bin/php /var/www/html/scripts/froxlor_master_cronjob.php --tasks --debug
[information] TasksCron: Searching for tasks to do
[information] Running Let's Encrypt cronjob prior to regenerating webserver config files
[information] Requesting/renewing Let's Encrypt certificates
[information] Updating certificate for xxx.server.local
[Tue Dec 31 15:47:09 CET 2019] It is recommended to install socat first.
[Tue Dec 31 15:47:09 CET 2019] We use socat for standalone server if you use standalone mode.
[Tue Dec 31 15:47:09 CET 2019] If you don't use standalone mode, just ignore this warning.
[information] Checking for LetsEncrypt client upgrades before renewing certificates:
[Tue Dec 31 15:47:08 CET 2019] Installing from online archive.
[Tue Dec 31 15:47:08 CET 2019] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Tue Dec 31 15:47:09 CET 2019] Extracting master.tar.gz
[Tue Dec 31 15:47:09 CET 2019] Installing to /root/.acme.sh
[Tue Dec 31 15:47:09 CET 2019] Installed to /root/.acme.sh/acme.sh
[Tue Dec 31 15:47:09 CET 2019] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Dec 31 15:47:10 CET 2019] OK
[Tue Dec 31 15:47:10 CET 2019] Install success!
[Tue Dec 31 15:47:10 CET 2019] Upgrade success!
[Tue Dec 31 15:47:10 CET 2019] Removing cron job
 

the box is ubuntu buster/sid after a bit of digging into the issue "apt install socat" did the trick. please add it to the required packages.

 

[Maintenance Release 0.9.38.8 - Let's Encrypt for panel, HSTS / OSCP settings and ssl-cert overview]

Hi
good news! Is there a sane way for current debian-package-users to upgrade without breaking anything (ie. upgrading using the latest tar.gz)?

thx,
hk

[Important bugfix release 0.9.33.2]

Hi

actually this fix is missing the removal of the compromised logfiles, otherwise it fixes future logging of passwords, but not the access to the logfile that has been compromised.

 

I ask you to add a proper .htaccess-block for the logs-directory _and_ remove the logfiles from there as they - if kept - are still a security-risk in the current release.

 

thx

hk