Jump to content
Froxlor Forum

llucps

Members
 View Profile  See their activity

  • Posts

    83

  • Joined

  • Last visited

  • Days Won

    4

 Content Type 

Posts posted by llucps

    Underscore in DKIM Selector Froxlor 0.10.20

    in General Discussion

    Posted

    Hi,

    I've upgraded to 0.10.20 and I noticed the removal of underscore in the DKIM selector.

    I know it's old but I've been using dkim-filter perfectly for 6 years, I don't know if it's coincidence but after the upgrade Google and Outook give a: 

    Authentication-Results: mx.google.com;
    dkim=temperror (no key for signature) header.i=@xxxxxxxx.com header.s=dkim_1 header.b=gJgMgR3B;

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=xxxxxxx.com;
	s=dkim_1; t=1596958620;
	bh=OcFrXmsxPwiq9nLiqWOthXQmkOsI8oRkgTPZrapwNcQ=;
	h=To:From:Subject:Message-ID:Date:MIME-Version:Content-Type:
	 Content-Transfer-Encoding;
	b=i6AsOFO6zo8/9OX4mnKexsYMhCkmmD6kwZKOGlCv841/2/6GnifTBNwb0G22llbj8
	 l4A55phHEFtxWpxqTeremRJRe0pDB8cFwRZ0gc7LWCH5+wJm+1wiK6IA1pMgMF6uVk
	 WOUqByJPsLB0GFVxwAPr/G1Ri+0HtmdhG8lPtTT8=

    See that the tag s=dkim_1 still has the underscore in it.. I suspect the error comes from this.. Could it be that there is a cache on Google and Outlook servers?

    I tested the record with "dig" and it seems to be fine. 

    dig dkim1._domainkey.xxxxxxxx.com IN TXT

; <<>> DiG 9.10.6 <<>> dkim1._domainkey.xxxxxxxx.com IN TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47910
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;dkim1._domainkey.xxxxxxxxx.com. IN	TXT

;; ANSWER SECTION:
dkim1._domainkey.xxxxxxxxx.com. 41008 IN TXT "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNM1lxpivQagMjp2KAk0wVUw+OeXFKYyzZ1qbTCUQbvWsFmKPasIOq6dK7F+BMYihelr+T4FP5/GFzwcYEZbA9GxOjpW87iVF7qXgOiYndEpu7ELz9sCrx4AQaXwdGMn/4sAIvTtK6hzqehgulWlTAw59grv4WBOx76ss/m0Ui/wIDAQAB;t=s"

    I also manually  deleted the dkim keys from /etc/postfix/dkim and run /usr/bin/php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug to regenerate all the files which it did.

    And I did also send an  email to auth-results@verifier.port25.com and the result is still showing the underscore on DKIM selector: 

    DKIM check details:
----------------------------------------------------------
Result:         permerror (syntax error in s= tag: Error in "dkim_1": invalid character U+005F ('_') in domain label)
ID(s) verified: 

DNS record(s):

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions.  If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.

    The TXT record is due to 43200 seconds (7 hours) so maybe I have to wait those hours for all the servers to replicate the dkim selector change?

    Any idea where else could i look?

    Thanks!

     

    SSL private key mismatch when renewing Letsecnrypt certificate

    in General Discussion

    Posted

    Hi,

    I forgot to attached the log I when the cron job failed: 

    [Sat 18 Jul 2020 12:04:02 AM CEST] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Sat 18 Jul 2020 12:04:02 AM CEST] Can not init api.
[Sat 18 Jul 2020 12:04:03 AM CEST] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Sat 18 Jul 2020 12:04:03 AM CEST] Can not init api.
[Sat 18 Jul 2020 12:04:03 AM CEST] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Sat 18 Jul 2020 12:04:45 AM CEST] Can not get domain new authz.
[Sat 18 Jul 2020 12:04:45 AM CEST] Please add '--debug' or '--log' to check more details.
[Sat 18 Jul 2020 12:04:45 AM CEST] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Sat 18 Jul 2020 12:04:45 AM CEST] Error renew subdomain.maindomain.com.

    According to the documentation error code 6 is "Couldn't resolve host. The given remote host was not resolved.", so it might well be a one-time problem. I have other domains and another server with Froxlor with the latest 0.10.19 and I haven't had any problems, all domains have been renewed eventually with no issues.

    I also saw this other post, I don't know if it could be related.

    Thanks anyway!

    SSL private key mismatch when renewing Letsecnrypt certificate

    in General Discussion

    Posted

    Hi,

    Yesterday I got an error when renewing two domains (they are subdomains, the parent domain is not managed or hosted by me) 

    [information] apache::createVirtualHosts: creating vhost container for domain 17, customer xxxxx
[error] Given SSL private key for xxxxx.xxxxx.com does not seem to match the certificate. Cannot create ssl-directives

[information] apache::createVirtualHosts: creating vhost container for domain 18, customer xxxxx
[error] Given SSL private key for xxxxx.xxxxx.com does not seem to match the certificate. Cannot create ssl-directives

    It's just worth to mention that I don't manage those subdomains, the company who has the maindmoain.com just created those two subdomains and pointed the DNS to my server IP. Then I just created a the maindomain.com on my froxlor installation and then the subdomains which are the ones with a SSL certificate, those certificates were generated by Froxlor without any problem.

    The maindomain.com points to another IP on another server and hosts a different website.

    I tried to force the renewal with: 

    /usr/bin/php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug

    and I get those errors from above and the renewal doesn't happen making the website unavailable.. well it points my server's domain (the main domain where froxlor is installed).

    Any idea of what could I do?

    Thanks,

     

    EDIT:

    I just manually ran: 

    /root/.acme.sh/acme.sh --renew -d subdomain1.maindomain.com
/root/.acme.sh/acme.sh --renew -d subdomain2.maindomain.com

    and it worked perfectly.!.. it's really strange.. 

    [Sat 18 Jul 2020 11:21:58 AM CEST] Renew: 'subdomain1.maindomain.com'
[Sat 18 Jul 2020 11:21:59 AM CEST] Creating domain key
[Sat 18 Jul 2020 11:21:59 AM CEST] The domain key is here: /root/.acme.sh/subdomain1.maindomain.com/subdomain1.maindomain.com.key
[Sat 18 Jul 2020 11:21:59 AM CEST] Single domain='subdomain1.maindomain.com'
[Sat 18 Jul 2020 11:21:59 AM CEST] Getting domain auth token for each domain
[Sat 18 Jul 2020 11:22:01 AM CEST] Getting webroot for domain='subdomain1.maindomain.com'
[Sat 18 Jul 2020 11:22:01 AM CEST] Verifying: subdomain1.maindomain.com
[Sat 18 Jul 2020 11:22:06 AM CEST] Success
[Sat 18 Jul 2020 11:22:06 AM CEST] Verify finished, start to sign.
[Sat 18 Jul 2020 11:22:06 AM CEST] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/70093857/4260200176
[Sat 18 Jul 2020 11:22:07 AM CEST] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/asfh923846frgt1cd480a3aefd0344e8409
[Sat 18 Jul 2020 11:22:08 AM CEST] Cert success.
-----BEGIN CERTIFICATE-----
MIIGbzCCBVegAwIBAgISA72VfHOSIHHNSAo679A0ToQJMA0GCSqGSIb3xxxxxxxxxxxxxxxx

    I would like to find out whether it was my fault (although I didn't do anything it was the cronjob that failed yesterday I get emails when something goes wrong) or it is a bug..

     

    Integrity constant violaltion after upgrading to Froxlor 0.10.17

    in General Discussion

    Posted

    44 minutes ago, d00p said:

    That's what I meant, you've clicked on finish the process and not "integrity check" which is on the admins left side menu ;)

    Very weird though, as said the updater should've removed any duplicates prior to setting the unique key. I even added fake duplicates to my database to test that and it went through smoothly. 

    I can't remember off the top of my head the screen immediately you login to finish the update.. :D  I just remember clicking on the green button..

    Anyway, yes it's weird that the update didn't remove those duplicates.. Just worth to mention that on another server the update went through without any problem.

    Thanks for everything!.

    Integrity constant violaltion after upgrading to Froxlor 0.10.17

    in General Discussion

    Posted

    29 minutes ago, d00p said:

    You can't directly call integrity check after update, there is a update procedure which updates the database, you should have seen that (where it states it updates from 0.10.16 to 0.10.17)

    I think I didn't explain myself.. That's what I did, as all the previous updates.

    apt-update & upgrade

    Froxlor Web

    Login with my admin user

    Clic continue to finish the process, this is where it failed because of the duplicated entries.

    I just follow the "official" steps :D

    Integrity constant violaltion after upgrading to Froxlor 0.10.17

    in General Discussion

    Posted

    Hi,

    I just upgraded to Froxlor 0.10.17 using the offical deb repository and after checking the database integrity which is the last step I get this error: 

    Adding unique key on domainid field in domain ssl table 

A database error occurred
SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '3' for key 'domainid'

    Can you point me out what table to look extacly? panel_domains?

    I see in domains_ssl_settings table: there are two entries for domainid 3 with id 24 and 25..

    I'm not sure where to look.

    Thanks,

    UPDATE:

    I've managed to fix the problem.. there were 5 more entries with duplicated ID on the domain_ssl_settings table. I had to remove the duplicates ones, making sure there was only one ID per entry and then I was able to continue with the update..

    It seems that those duplicate entries weren't cleaned up by the cron job? it's seems it could be a bug but I don't really know. Happy to dig a bit more if you want, but I don't know where to start..

×
×
  • Create New...