Jump to content
Froxlor Forum

Search the Community

Showing results for tags 'lets encrypt'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Froxlor
    • Announcements
    • Feedback
    • Development
    • Bugs and Feature Requests
    • Trashcan
  • Support
    • General Discussion
  • Other Languages
    • German / Deutsch

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 2 results

  1. Nachdem gestern die ersten Zertifikate von Let's encrypt mit Froxlor 0.9.40.1 nicht mehr erneuert wurden, musste ich nun doch auch auf die aktuelle 0.10.20 umsteigen. Das Setting: Apache 2.4, PHP 5.6 FPM,7.2-7.4 FPM, Dovecot, Postfix, diverse Domains, teilweise nur als Mail-Domains, MySQL 5.7.31. Froxlor läuft mit PHP7.3-FPM. Nach Backup der Datenbanken und Dateien von Froxlor habe ich den Cron-Dienst mit systemctl cron stop gestoppt und das alte Froxlor in einen Backup-Ordner verschoben und das aktuelle Froxlor in das Domain-Verzeichnis meines Servers abgelegt. Die userdata.inc.php aus dem alten Froxlor/lib ins neue Froxlor/lib kopiert und dann Froxlor aufgerufen. Froxlor meldet die Notwendigkeit, die Datenbank anzupassen und fragt, ob Domains durch Froxlor verifiziert werden sollen: ja. Upgrade läuft problemlos durch. Nachdem ich den Cron-Dienst wieder mit systemctl cron start gestartet habe, sind für ein paar Minuten noch alle Domains erreichbar, dann killt Froxlor alle bestehenden SSL-Dateien und stirbt selbst. Apache startet nicht mehr. Grund: keine SSL-Zertifikate mehr vorhanden. Nach manuellem Ausführen des Master-Cronjob von der Shell aus scheint zunächst auch alles zu funktionieren. Zertifikate wurden von Let's encrypt geholt - aber nicht in den bisherigen Ordner unter /etc/ssl/froxlor-custom/sub.domain.crt abgelegt sondern in einen Unterordner mit dem jeweiligen Domainnamen. Die Dateinamen der Zertifikate lauten wie bisher auf .crt .Dann scheitert alles weitere. Die Zertifikate werden nicht gefunden, die vHosts nicht angelegt. Apache2 startet zwar, aber nur mit den normalen vHosts. Die SSLs sind weg. Also das Script erneut aufgerufen mit Zusatz --verbose und in ein Logfile geschrieben (Usernamen, IPs und Domainnamen geändert): /usr/bin/php7.3 -q /customers/web/example/kap.example.de/scripts/froxlor_master_cronjob.php --tasks [Mo 10. Aug 14:33:00 CEST 2020] It is recommended to install socat first. [Mo 10. Aug 14:33:00 CEST 2020] We use socat for standalone server if you use standalone mode. [Mo 10. Aug 14:33:00 CEST 2020] If you don't use standalone mode, just ignore this warning. Nach diversen Fehlermeldungen also schnell noch socat installiert mit: apt install socat Dann erneut das Script aufgerufen /usr/bin/php7.3 -q /customers/web/example/kap.example.de/scripts/froxlor_master_cronjob.php --tasks --force --debug [information] TasksCron: Searching for tasks to do [information] TasksCron: Task10 started - setting filesystem quota [information] Running Let's Encrypt cronjob prior to regenerating webserver config files [information] Checking for LetsEncrypt client upgrades before renewing certificates: [Mo 10. Aug 14:49:42 CEST 2020] Installing from online archive. [Mo 10. Aug 14:49:42 CEST 2020] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz [Mo 10. Aug 14:49:43 CEST 2020] Extracting master.tar.gz [Mo 10. Aug 14:49:43 CEST 2020] Installing to /etc/ssl/froxlor-custom [Mo 10. Aug 14:49:43 CEST 2020] Installed to /etc/ssl/froxlor-custom/acme.sh [Mo 10. Aug 14:49:43 CEST 2020] Good, bash is found, so change the shebang to use bash as preferred. [Mo 10. Aug 14:49:44 CEST 2020] OK [Mo 10. Aug 14:49:44 CEST 2020] Install success! [Mo 10. Aug 14:49:44 CEST 2020] Upgrade success! [Mo 10. Aug 14:49:44 CEST 2020] Installing cron job 4 0 * * * "/customers/home/root/.acme.sh"/acme.sh --cron --home "/customers/home/root/.acme.sh" > /dev/null [information] Requesting 42 new Let's Encrypt certificates [information] Creating certificate for example.de [information] Adding common-name: example.de [information] Adding SAN entry: www.example.de [information] Validating DNS of example.de [information] Validating DNS of www.example.de [debug] https://github.com/acmesh-official/acme.sh v2.8.6 [Mo 10. Aug 14:49:45 CEST 2020] Domains not changed. [Mo 10. Aug 14:49:45 CEST 2020] Skip, Next renewal time is: Fr 9. Okt 12:33:15 UTC 2020 [Mo 10. Aug 14:49:45 CEST 2020] Add '--force' to force to renew. [error] Could not find file 'example.de.cer' in '/etc/ssl/froxlor-custom/example.de/' [error] Could not find file 'ca.cer' in '/etc/ssl/froxlor-custom/example.de/' [error] Could not find file 'fullchain.cer' in '/etc/ssl/froxlor-custom/example.de/' [error] Could not get Let's Encrypt certificate for example.de: [information] Let's Encrypt certificates have been updated [information] apache::createIpPort: creating ip/port settings for 1.2.3.4:80 [debug] 1.2.3.4:80 :: inserted listen-statement [debug] 1.2.3.4:80 :: inserted vhostcontainer [information] apache::createIpPort: creating ip/port settings for 1.2.3.4:443 [debug] 1.2.3.4:443 :: inserted listen-statement [debug] System certificate file "" does not seem to exist. Disabling SSL-vhost for "mail.example.de" [error] mail.lightserve.de :: empty certificate file! Cannot create ssl-directives [debug] 1.2.3.4:443 :: inserted vhostcontainer [information] apache::createVirtualHosts: creating vhost container for domain 1, customer ichselber [debug] System certificate file "" does not seem to exist. Disabling SSL-vhost for "example.de" [error] rassow.de :: empty certificate file! Cannot create ssl-directives --- und so sieht es dann auch für alle Domains aus --- [information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/ [information] apache::writeConfigs: rebuilding /etc/apache2/htpasswd/ [information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/ [information] Froxlor\Cron\Http\ApacheFcgi::reload: running /etc/init.d/php5.6-fpm reload [information] Froxlor\Cron\Http\ApacheFcgi::reload: running /etc/init.d/php7.2-fpm reload [information] Froxlor\Cron\Http\ApacheFcgi::reload: running /etc/init.d/php7.3-fpm reload [information] Froxlor\Cron\Http\ApacheFcgi::reload: running service php7.4-fpm restart [information] Froxlor\Cron\Http\ApacheFcgi::reload: reloading Froxlor\Cron\Http\ApacheFcgi [notice] Checking system's last guid So endet der erste Durchlauf Aus irgend einem Grund sucht das Script nicht wie bisher nach .crt -Zertifikaten sondern nach .cer. In den neu erstellten Unterordnern von /etc/ssl/froxlor-custom finden sich aber z.B. /etc/ssl/froxlor-custom/example.de/mail.example.crt. Nach langer, langer Suche bin ich dahinter gekommen, dass das acme-Script /root/.acme.sh/acme.sh die Schuld daran trägt. Bei mir lag dieses in der Version 2.8.6 vor und legte die Zertifikate als .crt an. Nach einem Update auf 2.8.7 läuft das obige Script nun komplett durch und erstellt die Zertifikate mit dem korrekten Dateinamen. Nun sollten die Configs für Apache auch korrekt erzeugt werden, meint man. Aber leider falsch. [information] TasksCron: Searching for tasks to do [information] TasksCron: Task10 started - setting filesystem quota [information] Running Let's Encrypt cronjob prior to regenerating webserver config files [information] Checking for LetsEncrypt client upgrades before renewing certificates: [Mo 10. Aug 15:45:22 CEST 2020] Installing from online archive. [Mo 10. Aug 15:45:22 CEST 2020] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz [Mo 10. Aug 15:45:23 CEST 2020] Extracting master.tar.gz [Mo 10. Aug 15:45:23 CEST 2020] Installing to /etc/ssl/froxlor-custom [Mo 10. Aug 15:45:23 CEST 2020] Installed to /etc/ssl/froxlor-custom/acme.sh [Mo 10. Aug 15:45:23 CEST 2020] Good, bash is found, so change the shebang to use bash as preferred. [Mo 10. Aug 15:45:24 CEST 2020] OK [Mo 10. Aug 15:45:24 CEST 2020] Install success! [Mo 10. Aug 15:45:24 CEST 2020] Upgrade success! [Mo 10. Aug 15:45:24 CEST 2020] Installing cron job 4 0 * * * "/customers/home/root/.acme.sh"/acme.sh --cron --home "/customers/home/root/.acme.sh" > /dev/null [information] Requesting 42 new Let's Encrypt certificates [information] Creating certificate for example.de [information] Adding common-name: example.de [information] Adding SAN entry: www.example.de [information] Validating DNS of example.de [information] Validating DNS of www.example.de [debug] https://github.com/acmesh-official/acme.sh v2.8.7 [Mo 10. Aug 15:45:25 CEST 2020] Create account key ok. [Mo 10. Aug 15:45:25 CEST 2020] Registering account [Mo 10. Aug 15:45:26 CEST 2020] Registered [Mo 10. Aug 15:45:26 CEST 2020] ACCOUNT_THUMBPRINT='GIEw62wW9oLxZqEaVe-NxhNQKyQbOBDjBWGw8JoZy_c' [Mo 10. Aug 15:45:26 CEST 2020] Creating domain key [Mo 10. Aug 15:45:27 CEST 2020] The domain key is here: /etc/ssl/froxlor-custom/example.de/example.de.key [Mo 10. Aug 15:45:27 CEST 2020] Multi domain='DNS:example.de,DNS:www.example.de' [Mo 10. Aug 15:45:27 CEST 2020] Getting domain auth token for each domain [Mo 10. Aug 15:45:30 CEST 2020] Getting webroot for domain='example.de' [Mo 10. Aug 15:45:30 CEST 2020] Getting webroot for domain='www.example.de' [Mo 10. Aug 15:45:30 CEST 2020] Verifying: example.de [Mo 10. Aug 15:45:33 CEST 2020] Pending [Mo 10. Aug 15:45:44 CEST 2020] Success [Mo 10. Aug 15:45:44 CEST 2020] Verifying: www.example.de [Mo 10. Aug 15:45:47 CEST 2020] Success [Mo 10. Aug 15:45:47 CEST 2020] Verify finished, start to sign. [Mo 10. Aug 15:45:47 CEST 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/einpaarzahlen123456789 [Mo 10. Aug 15:45:48 CEST 2020] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/einhashwert123456789 Certificate: Data: Version: 3 (0x2) Serial Number: 04:ba:42:aa:c3:e2:99:b0:d4:96:55:e8:44:69:b7:85:a8:e7 Signature Algorithm: sha256WithRSAEncryption --- hier folgt das Zertifikat --- -----END CERTIFICATE----- [Mo 10. Aug 15:45:49 CEST 2020] Your cert is in /etc/ssl/froxlor-custom/example.de/example.de.cer [Mo 10. Aug 15:45:49 CEST 2020] Your cert key is in /etc/ssl/froxlor-custom/example.de/example.de.key [Mo 10. Aug 15:45:49 CEST 2020] The intermediate CA cert is in /etc/ssl/froxlor-custom/example.de/ca.cer [Mo 10. Aug 15:45:49 CEST 2020] And the full chain certs is there: /etc/ssl/froxlor-custom/example.de/fullchain.cer [error] Could not find certificate-folder '/root/.acme.sh/example.de/' [error] Could not get Let's Encrypt certificate for example.de: https://github.com/acmesh-official/acme.sh Und hier folgt dasselbe Problem wie zuvor. Die Zertifikate liegen nun korrekt in den Unterordnern. Warum werden diese nun im Unterordner von /root/.acme.sh/ gesucht? Bis hierher bin ich in den vergangenen 16 Stunden vorgedrungen. Nun bitte ich um hilfreiche Tipps, wie und wo ich weiter machen soll.
  2. Dear Froxlor Community, we are proud to announce the first release candidate for our upcoming version 0.9.35 which includes some new kick-ass features. Support for Let's Encrypt Many of you were waiting for this one for quite some time now. We finally managed to include ssl-certificate generation via Let's Encrypt directly within froxlor's interface. It's easy as a click on "use let's encrypt" when adding/editing a domain. The certificate will be created and renewed automatically. Please keep in mind that this feature is in BETA state. VHost-Templates Froxlor now provides an editor for custom virtual-host configurations for you. Whenever you have special needs for specific domains or you want to have full control over the content of the generated virtual-hosts - this feature is what you want :-) This feature was not fully operational and will not be included in the final version of 0.9.35 Multiple default IP addresses You can now select multiple IP addresses you want to be set as default for new domains in the System-settings. Until now it was only possible to define one default IP address. This is especially handy if your server has an IPv4 and IPv6 address for example. Auto-Update As of this release candidate, you will be able to update to future releases from within the webinterface. It will automatically download the latest archive and extract it - and you're done - and yes, you can use that already to update to the final release of 0.9.35 when it's released. Menu structure We re-organized some menu-items to reflect their corresponding affinity. The former "Server" category is now called "System". PHP related settings / information are now in their own category. Also "IPs and Ports" and "Recalculate resource usage" were put in the "Resources" category (where they belong). Set MYSQL_PASSWORD on configuration templates It is now possible to set the MYSQL_PASSWORD value (via JavaScript, only client-side) when configurating services with our templates. This eases the process and you do not need to search and replace for MYSQL_PASSWORD in the config files again (also you are likely to not miss any of the occurences). System-Log for customer The customers are now able to see actions related to their account in the menu-item "System-Log", depending on the log-level set in the settings. This is also very helpful for response-messages from Let's Encrypt. Changes in 0.9.35-rc1: You can see all (minor) changes in our bugtracker at http://redmine.froxlor.org/versions/68 Download: 0.9.35-rc1 Note: Gentoo users might use the 9999 ebuild for a live-version. There will be no Debian packages for release-candidates. Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net. Thank you, d00p
×
×
  • Create New...