Jump to content
Froxlor Forum

llucps

Members
  • Content Count

    45
  • Joined

  • Last visited

  • Days Won

    1

llucps last won the day on October 23

llucps had the most liked content!

Community Reputation

1 Neutral

About llucps

  • Rank
    Advanced Froxie
  1. Hi there, I finally could update to the latest Froxlor version with the testing repository. Thanks!
  2. If I use this testing repository, can then I change to the "production" one for future updates? If there can be conflicts after using both.. I'll wait for @Dessa to fix repository. Thanks!
  3. I don't think Stretch packages have been updated yet.. last update was December 5th 2018.. Am I doing something wrong? Architectures: amd64 arm64 armel armhf i386 Codename: stretch Components: main Date: Wed, 05 Dec 2018 07:51:29 +0000 Label: Froxlor Repository Origin: froxlor.org Suite: stable
  4. Thanks d00p, I tried to update a Debian Stretch server to the latest 0.10.2 but it seems there are only packages for Buster? Is it possible to update Stretch to the 0.10.2 with Debian packages? Thanks!
  5. Congratulations! and thank you for all your efforts and work! I'll update when Debian packages become available. Cheers.
  6. Hi there, Are there any plans to implement a proper DKIM, I guess using openkdim instead of the deprecated dkim-filter? I remember I had to scavenged a bit to find the dkim-filter and I think I even had to compile it for Debian 9. Thanks!
  7. DONE!!!!! sorry you're going to kill me... I swear I thought did that step but obviously I didn't. Alias "/.well-known/acme-challenge" "/var/www/froxlor/.well-known/acme-challenge" <Directory "/var/www/froxlor/.well-known/acme-challenge"> Require all granted </Directory> it makes total sense if that directive wasn't present. Thanks for your help and understanding.!
  8. The info: # 10_froxlor_ipandport_XXX.XXX.XX.XX:443.conf # Created 26.03.2018 16:51 # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel. <VirtualHost 195.201.96.107:443> DocumentRoot "/var/www/" ServerName xxxxxxxxx.com FcgidIdleTimeout 30 SuexecUserGroup "froxlorlocal" "froxlorlocal" <Directory "/var/www/"> <FilesMatch "\.(php)$"> SetHandler fcgid-script FcgidWrapper /var/www/php-fcgi-scripts/froxlor.panel/xxxxxxx.com/php-fcgi-starter .php Options +ExecCGI </FilesMatch> Require all granted AllowOverride All </Directory> ServerAlias www.xxxxxxxxx.com SSLEngine On SSLProtocol -ALL +TLSv1 +TLSv1.2 SSLCompression Off SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS SSLVerifyDepth 10 SSLCertificateFile /etc/letsencrypt/live/xxxxxxxx.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/xxxxxxx.com/privkey.pem SSLCACertificateFile /etc/letsencrypt/live/xxxxxxxx.com/fullchain.pem SSLCertificateChainFile /etc/letsencrypt/live/xxxxxxxxx.com/chain.pem </VirtualHost> # 10_froxlor_ipandport_xxx.xxx.xxx.80.conf # Created 26.03.2018 16:57 # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel. <VirtualHost 195.201.96.107:80> DocumentRoot "/var/www/" ServerName xxxxxxx.com FcgidIdleTimeout 30 SuexecUserGroup "froxlorlocal" "froxlorlocal" <Directory "/var/www/"> <FilesMatch "\.(php)$"> SetHandler fcgid-script FcgidWrapper /var/www/php-fcgi-scripts/froxlor.panel/xxxxxxxx.com/php-fcgi-starter .php Options +ExecCGI </FilesMatch> Require all granted AllowOverride All </Directory> ServerAlias www.xxxxxx.com </VirtualHost> # 35_froxlor_normal_vhost_xxxxxxxx.com.conf # Created 26.03.2018 16:57 # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel. # Domain ID: 8 - CustomerID: 1 - CustomerLogin: xxxxxx <VirtualHost 195.201.96.107:80> ServerName xxxxxxxx.com ServerAlias www.xxxxxxx.com ServerAdmin xx@xxxxxx.com DocumentRoot "/var/customers/webs/xxxxx/xxxxxx/" FcgidIdleTimeout 30 SuexecUserGroup "xxxx" "xxxx" <Directory "/var/customers/webs/squeaky/xxxxxx/"> <FilesMatch "\.(php)$"> SetHandler fcgid-script FcgidWrapper /var/www/php-fcgi-scripts/xxxxx/xxxxxx.com/php-fcgi-starter .php Options +ExecCGI </FilesMatch> Require all granted AllowOverride All </Directory> Alias /webalizer "/var/customers/webs/xxxx/webalizer" ErrorLog "/var/customers/logs/xxx-error.log" CustomLog "/var/customers/logs/xxxx-access.log" combined </VirtualHost> # 35_froxlor_ssl_vhost_xxxxxx.com.conf # Created 26.03.2018 16:57 # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel. # Domain ID: 8 (SSL) - CustomerID: 1 - CustomerLogin: xxxxx <VirtualHost 195.201.96.107:443> ServerName xxxx.com ServerAlias www.xxxxxx.com ServerAdmin xxxx@xxxxxx.com SSLEngine On SSLProtocol -ALL +TLSv1 +TLSv1.2 SSLCompression Off SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS SSLVerifyDepth 10 SSLCertificateFile /etc/letsencrypt/live/xxxxx.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/xxxxx.com/privkey.pem SSLCACertificateFile /etc/letsencrypt/live/xxxxxx.com/fullchain.pem SSLCertificateChainFile /etc/letsencrypt/live/xxxxxx.com/chain.pem <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=0" </IfModule> DocumentRoot "/var/customers/webs/xxxxx/xxxxxx/" FcgidIdleTimeout 30 SuexecUserGroup "xxxx" "xxx" <Directory "/var/customers/webs/xxx/xxxxx/"> <FilesMatch "\.(php)$"> SetHandler fcgid-script FcgidWrapper /var/www/php-fcgi-scripts/squeaky/xxxxxxx.com/php-fcgi-starter .php Options +ExecCGI </FilesMatch> Require all granted AllowOverride All </Directory> Alias /webalizer "/var/customers/webs/xxx/webalizer" ErrorLog "/var/customers/logs/xxx-error.log" CustomLog "/var/customers/logs/xxxx-access.log" combined </VirtualHost>
  9. Let see... above you said: Validate that your acme-alias is working, put a test-file with "hello" in it into /var/www/froxlor/.well-known/acme-challenge and call http://yourdomain.com/.well-known/acme-challenge/test-file to see if it outputs "hello" I'm not sure whether is a mistake or not, but I understand the the test-file would go into /var/www/froxlor/.well-known/acme-challenge folder but then It would be accesible from http://squeakyhost.com/froxlor/.well-known/acme-challenge/hello.html and you said https://squeakyhost.com/.well-known/acme-challenge/hello.html without the froxlor folder? the root is /var/www/ so it won't be accessible.. Am i missing something? Thanks,
  10. Something weird is happening here.. before I paste the information. Can you tell me if you have access to http://www.squeakyhost.com/froxlor/.well-known/acme-challenge/hello.html ? I'm getting redirect to https://www.squeakyhost.com/froxlor... using chrome, firefox, safari, cleaning caches, cookies etc... Using my phone either wifi or 3g (another network) it doesn't redirect and works at it should to http:// without s. I removed the SSL port, and any redirect... I did reset the router, everything I can think of.. and still it doesn't work... if it were cache it would not owrk with the phone on wifi since is the same network... it's really strange. Jesus today is not my day.. I'll paste the info right away
  11. I did it that way, because initially Froxlor didn't have the option to create Let's Encrypt certificate for the vhost, so I install certbot and created it manually and have multiple subdomains such as mail.xxx.com. so I could use it for email (dovecot) and hostname. This setup is also how I had it in my old server, and Froxlor was working perfectly and being able to renew the virtual domain certificates with no problem. Regarding the mail.xxx.com and hostname certificate I made a script and using cron to renew it. So, let's step back and go to process step by step of how to create certificates for virtual domains, I'm literally going in circles and getting more confused. It seems obvious that in IP/PORTS we need to create 2 entries one with port 80 and the other one with 443 to be used for SSL. If we setup the 443 we and check Is this an SSL Port?, then we are forced to specify the four fields (Path to the SSL Certificate etc..), otherwise when we try to create a certificate for a virtual domain Froxlor complains of xxxxx.com :: empty certificate file! Cannot create ssl-directives, and none certificate is created. Then if I specify the directory where the certificate a I manually created with certbot, then when we want to create a certificate for a virtual domain then it gets this mail.xxx.com hostname values, so it doesn't work. So, if we don't check the Is this an SSL Port?, then we dont have the SSL option to setup in virtual domains.. so I assume we MUST create that 443 entry in IP/ports.. but then I'm forced to specifiy the four directives I mentioned above which relate to the hostname vhost domain. Can you specify step by step the options I have to check in order to get the 443 SSL options in virtual domains and therefore to create its domain? P.D. I also tried to createa certificate for the vhost by hecking Let's Encrypt for froxlor vhost and I also got the same error: Could not get Let's Encrypt certificate for hostname.com: Verification ended with error: {"identifier":{"type":"dns","value":"hostname.com"},"status":"invalid","expires":"2018-04-02T12:45:03Z","challenges":[{"type":"dns-01","status":"invalid","uri":"https:\/\/acme-staging.api.letsencrypt.org\/acme\/challenge\/v-pYQ61JbBBJv7VPzbfNT8qjwOEiES8knQVrZa5AsrE\/112138223","token":"fkwhTv44irQxIg4ioUphc3Jyxsgf6JaLlsoI3EI0CO0"},{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from http:\/\/hostname.com\/.well-known\/acme-challenge\/PMdooEBSj38A5gFLUEUKkOHnFKKbGXdbPBOQScEziq4: \"<!DOCTYPE HTML PUBLIC \"-\/\/IETF\/\/DTD HTML 2.0\/\/EN\">\n<html><head>\n<title>404 Not Found<\/title>\n<\/head><body>\n<h1>Not Found<\/h1>\n<p\"","status":403},"uri":"https:\/\/acme-staging.api.letsencrypt.org\/acme\/challenge\/v-pYQ61JbBBJv7VPzbfNT8qjwOEiES8knQVrZa5AsrE\/112138224","token":"PMdooEBSj38A5gFLUEUKkOHnFKKbGXdbPBOQScEziq4","keyAuthorization":"PMdooEBSj38A5gFLUEUKkOHnFKKbGXdbPBOQScEziq4.BzA_ow8z1IpZskT_cUzCJ9D6UNIjVgvAXvemCXHMfIk","validationRecord":[{"url":"http:\/\/squeakyhost.com\/.well-known\/acme-challenge\/PMdooEBSj38A5gFLUEUKkOHnFKKbGXdbPBOQScEziq4","hostname":"hostname.com","port":"80","addressesResolved":["195.201.96.107"],"addressUsed":"195.201.96.107"}]}],"combinations":[[1],[0]]} Your help is and will be much appreciated. Thank for you patience.
  12. I don't think I have any other customization, I even remove the option Enable SSL-redirect for the froxlor vhost in Froxlor VirtualHost settings just in case... On thing to blame myself was I had the configfile cronjob disabled... so that's my fault. Although all crons are active now. I did manage to get this: Skipping Let's Encrypt generation for xxxxxxxx.com due to an enabled ssl_redirect I thought eureka!! so I unchecked the SSL Redirect option as the warning specified, so only SSL IP Address and Use Let's Encrypt were checked. and I get these two errors (in chronological order): [Lets Encrypt self-check] Please check http://xxxxxxxx.com/.well-known/acme-challenge/YMbO1LF1jn6JTU98dFphoitPJ3Y2meOXbG05SxKQCFM - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate Could not get Let's Encrypt certificate for xxxxxx.com: Verification ended with error: {"identifier":{"type":"dns","value":"xxxxxxxxx.com"},"status":"invalid","expires":"2018-04-02T10:55:03Z","challenges":[{"type":"dns-01","status":"invalid","uri":"https:\/\/acme-staging.api.letsencrypt.org\/acme\/challenge\/UIqUJNrlHmhkPEGFAWeBWfw9sNpkwMJl0xdJJ5rd0Dk\/112115765","token":"eI15xhc_QV8yOw6PA9TPNBmBeB0rQ1n3AaObdgyLruc"},{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from http:\/\/xxxxxx.com\/.well-known\/acme-challenge\/OB8uOeTWMVIH_yLvChykFW7QuyhTKoePFa44EQbrpBU: \"<!DOCTYPE HTML PUBLIC \"-\/\/IETF\/\/DTD HTML 2.0\/\/EN\">\n<html><head>\n<title>404 Not Found<\/title>\n<\/head><body>\n<h1>Not Found<\/h1>\n<p\"","status":403},"uri":"https:\/\/acme-staging.api.letsencrypt.org\/acme\/challenge\/UIqUJNrlHmhkPEGFAWeBWfw9sNpkwMJl0xdJJ5rd0Dk\/112115766","token":"OB8uOeTWMVIH_yLvChykFW7QuyhTKoePFa44EQbrpBU","keyAuthorization":"OB8uOeTWMVIH_yLvChykFW7QuyhTKoePFa44EQbrpBU.BmmkzlbZ7EfNABqYJGl5LskffdqisVLBzg0k5kuOB_k","validationRecord":[{"url":"http:\/\/xxxxxx.com\/.well-known\/acme-challenge\/OB8uOeTWMVIH_yLvChykFW7QuyhTKoePFa44EQbrpBU","hostname":"xxxxxxxx.com","port":"80","addressesResolved":["195.201.96.107"],"addressUsed":"195.201.96.107"}]}],"combinations":[[0],[1]]} Then after this error.. froxlor creates a 35_froxlor_ssl_vhost_xxxxxxxx.com.conf file with the values from the hostname certificate in IP/PORTS 443, these ones: I really don't understand... since the domain is reachable and works.. (xxxxxxxxx.com).. I don't get why froxlor can't reach the domain put the token and create the certificate. Sorry to be a pain but I'm trying everytinng in every way. Thanks,
×
×
  • Create New...