-
Similar Content
-
By d00p
Dear Froxlor Community,
I am proud to finally release the stable version of a new API based froxlor. Due to massive internal improvements and changes in the core (almost 600 commits since 0.9.40.1) users are now able to list/create/edit/delete resources and entities of froxlor via API (requires activation of api-usage in the settings and a user based API-key). The froxlor frontend itself uses the API backend too.
Froxlor now uses composer to include some of its requirements like phpMailer, Logger, IdnaConvert and TwoFactorAuth libraries. All required files will be included in the official tarball so you do not need to worry about installing and using composer (only if you are using / testing the git-master, see https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-from-git-sources).
Most important changes:
froxlor now requires at least php-7.0 or newer, php-5.6 is no longer supported because of its EOL almost a year ago you can access data via API, for more information see https://api.froxlor.org/doc/. An example can be found here: https://github.com/Froxlor/Froxlor/tree/master/doc/example PHPUnit tested API backend with MySQL 5.6, 5.7 and 8 as well as MariaDB 10.3 and 10.4, see https://travis-ci.com/Froxlor/Froxlor compatibility for MySQL8 2FA (two-factor-authentication) for admins/resellers/customers (email or authenticator app) all froxlor-database tables will automatically be converted to the InnoDB engine added support for Debian 10 (buster) and Ubuntu 18.04 (bionic beaver) implemented Let's Encrypt via acme.sh - Note: all your current Let's Encrypt certificates will be removed and re-created due to another structure customizable error/access log handling for webserver (format, level, pipe-to-script, etc.) deprecated Debian 7 (wheezy) and Ubuntu 14.04 (trusty tahr) support dropped support for Ubuntu 12.04 (precise pangolin) dropped ticketsystem Changes in 0.10.1:
allow/disallow API access on a per-customer base new API parameters for Admins.add(), Admins.update(), Customers.add() and Customers.update() bool $api_allowed (default: false for Customers, true for Admins) add explicit tlsv1.3 ciphersuite setting fixed wrong behaviour in Ftps.add() if customer is newly created and setting customer.ftpatdomain is true added expiration date to SSL certificates loaded via API request fixed wrong return in Certificates.get() if given domain does not have a certificate allow setting http2 flag for (sub)domains in customer view, fixes #725 Changes in 0.10.2:
force Let's Encrypt ACMEv2 API, fixed #728 added default-ssl-vhost settings and optionally allow including of non-ssl default-vhost settings, fixes #727 new API parameters for Domains.add() and Domains.update() string $ssl_specialsettings bool $include_specialsettings bool $dont_use_default_ssl_ipandport_if_empty removed API parameters in Domains.add() bool $use_default_ssl_ipandport_if_empty new API parameters for IpsAndPorts.add() and IpsAndPorts.update() string $ssl_specialsettings bool $include_specialsettings string $ssl_default_vhostconf_domain bool $include_default_vhostconf_domain implemented DomainZones.listing() to return custom stored dns entries fix registration and termination date to flip between empty-value and 0000-00-00 Changes in 0.10.3:
fallback to /tmp/froxlor.log if file-log is activated but no file given or not writeable; fixes #737 added tls-settings per domain for admins with change_serversettings-flag set; fixes #519 new API parameter for Domains.add() and Domains.update() bool $override_tls (default: false) array $ssl_protocols string $ssl_cipher_list string $tlsv13_cipher_list preserve downward compatibility for 0.10.1 updaters regarding specialsettings for ssl-enabled domains; fixes #739 Changes in 0.10.4:
added support for CIDR/netmask in mysql-access-hosts; fixes #564 fixed invalid handling of escape-sequences in api-endpoint, fixes #746 fixed an issue with adding the default ftp user for new customer when added by admin/reseller with no ftp-resources; fixes #741 fixed nginx configuration issue with fastcgi_split_path_info option; fixes #744 Changes in 0.10.5:
bugfix release due to errors in Let's Encrypt re-new check; fixes #747 Changes in 0.10.6:
introducing new API parameters sql_search, sql_limit, sql_offset, sql_orderby for almost all listing() calls introducing new API method listingCount() for almost all modules to return the total number of entities available changed behavior of SubDomains.listing() to return all fields from the domain table instead of the limited ones for customers when called as admin added new API module SysLog to query froxlor logs according to permission optimized panel_admins and panel_customers table to avoid mysql/mariadb warning: Row size too large (> 8126); fixes #752 corrected update of hosting plans via interface; fixes #753 implemented API method EmailForwarders.listing(); fixes #754 fixed parameters defaults for Domains.update() parameters ssl_ipandports and add new parameter (see below); fixes #756 new API parameters for Domains.update() bool $remove_ssl_ipandport Changes in 0.10.7:
corrected behavior when changing mysql-access-host values; fixes #758 fix UI error "API keys not accessable due to missing Paging-class" fix trauncating of SysLog using SysLog.delete() corrected UI issue of incorrect listing of domains for customers and admin, fixes #759 corrected ordering of listings in UI regarding pagination added new settings to set default value of domain-edit-settings 'Apply specialsettings to all subdomains' and 'Apply php-config to all subdomains' corrected vhost-merging of specialsettings in nginx; fixes #757 Changes in 0.10.8:
fix duplicate domain entries in customer-domain-list when domain has aliases fix searching for alias-domains by link in customer_domains use correct apiendpoint for lets encrypt; pass debug-flag onto acme.sh; fixes #762 fix removing of ssl-ip-relation to domain if no ssl-ip is selected via interface Debian package: Move mysql server dependency to redommends; fixes #761 Changes in 0.10.9:
fix SQL error when searching for certificates by domainname, fixes #764 fix ordering of listings when natural sorting is activated, fixes #765 check for valid result when reading database usage from information_schema; fixes #766 Changes in 0.10.10:
add new API function Froxlor.generatePassword() to return a random password based on froxlor settings regarding min-length, included characters, etc.; fixes #768 fix mysql8 issue with group by and sorting within; fixes #774 add new 'ssl-enabled' flag for domains and subdomains so ssl can be deactivated (by a customer too) even if there are ssl-ip/ports assigned; introduce new honorcipherorder and sessiontickets flags for more control over ssl-related settings on a per domain base (admin only); fixes #767 and #769 new API parameters for Domains.add() and Domains.update() bool $sslenabled bool $honorcipherorder bool $sessiontickets new API parameters for SubDomains.add() and SubDomains.update() bool $sslenabled new API method Froxlor.generatePassword() Changes in 0.10.11:
apply 'notryfiles', 'writeaccesslog' and 'writeerrorlog' flags to subdomains when editing a domain fix SysLog.delete(), SysLog.listing() and SysLog.listingCount() whencalled as admin/reseller withouth customers_see_all permission add option to disable SSL sessiontickets globally for older systems, fixes #784 ability to add custom config to PHPFPM version, fixes #643 new API parameters for FpmDaemons.add() and FpmDaemons.update() string $custom_config Changes in 0.10.12:
allow using more advanced LogFormat for webserver and awstats fix issue in PhpHelper::trimArray() returning an empty array, fixes #751 fix wrong behaviour of Emails.update() which allowed setting iscatchall-flag for more than one address of the same domain fix writable-check of froxlor-logfile if logfile did not exist Changes in 0.10.13:
validate nameserver ip-addresses for binds allow-transfer block; fixes #791 fix IpsAndPorts when checking for system.ipaddress in update() and delete() fix Domains.update() if called as admin/reseller without change_serversettings privileges, thx to rseffner fix the case that the spf record is not inserted with its quotes, and so the condition fails and 2 spf records are inserted in the domain fix wrongly initialized resource-usage when re-calculating it; fixes #797 update php-fpm defaults; update paths for current stable php-7.3; read froxlor default php.ini from file rather then using phpconfig with id=1; fixes #796 Download: 0.10.13
Note: Debian/Ubuntu packages are available as of 21th of October 2019 - Note that there are no packages for oldoldstable (jessie) anymore
Attention: The auto-update feature is currently not working correctly for updaters from 0.9.x due to the archive taking a bit longer to extract and froxlor trying to redirect too soon thus leading to an internal server error. A quick reload does "fix" the problem. To avoid that please use the manual update options, see https://github.com/Froxlor/Froxlor/wiki
Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net for support, help, participation or just a chat
Thank you,
d00p
-
By ZARk
Hello
I can't renew certs (or create new certs) since the 0.10 upgrade. was working fine before on 0.9
I'm basically getting the same output everytime i run this command.
xander /var/www/froxlor # /usr/bin/php7.3 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug [information] Requesting/renewing Let's Encrypt certificates [information] Creating certificate for Westecheurope.eu [information] Adding SAN entry: Westecheurope.eu [information] Adding SAN entry: www.Westecheurope.eu [Mon 4 Nov 11:23:46 CET 2019] It is recommended to install socat first. [Mon 4 Nov 11:23:46 CET 2019] We use socat for standalone server if you use standalone mode. [Mon 4 Nov 11:23:46 CET 2019] If you don't use standalone mode, just ignore this warning. [information] Checking for LetsEncrypt client upgrades before renewing certificates: [Mon 4 Nov 11:23:45 CET 2019] Installing from online archive. [Mon 4 Nov 11:23:45 CET 2019] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz [Mon 4 Nov 11:23:46 CET 2019] Extracting master.tar.gz [Mon 4 Nov 11:23:46 CET 2019] Installing to /root/.acme.sh [Mon 4 Nov 11:23:46 CET 2019] Installed to /root/.acme.sh/acme.sh [Mon 4 Nov 11:23:46 CET 2019] Good, bash is found, so change the shebang to use bash as preferred. [Mon 4 Nov 11:23:47 CET 2019] OK [Mon 4 Nov 11:23:47 CET 2019] Install success! [Mon 4 Nov 11:23:47 CET 2019] Upgrade success! [Mon 4 Nov 11:23:47 CET 2019] Removing cron job [Mon 4 Nov 11:23:52 CET 2019] get to authz error. [Mon 4 Nov 11:23:52 CET 2019] _authorizations_map='www.westecheurope.eu,{"identifier":{"type":"dns","value":"www.westecheurope.eu"},"status":"pending","expires":"2019-11-07T18:17:12Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/e3Lmew","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/rs0T6w","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/ZPjfSg","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"}]} westecheurope.eu,{"identifier":{"type":"dns","value":"westecheurope.eu"},"status":"pending","expires":"2019-11-07T18:17:12Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/hOWGhQ","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/nj7_Ow","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/v7Bc7A","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"}]} ' [Mon 4 Nov 11:23:52 CET 2019] Please add '--debug' or '--log' to check more details. [Mon 4 Nov 11:23:52 CET 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh [debug] [Mon 4 Nov 11:23:48 CET 2019] Creating domain key [Mon 4 Nov 11:23:49 CET 2019] The domain key is here: /root/.acme.sh/Westecheurope.eu/Westecheurope.eu.key [Mon 4 Nov 11:23:49 CET 2019] Multi domain='DNS:Westecheurope.eu,DNS:www.Westecheurope.eu' [Mon 4 Nov 11:23:50 CET 2019] Getting domain auth token for each domain [Mon 4 Nov 11:23:52 CET 2019] Getting webroot for domain='Westecheurope.eu' [error] Could not get Let's Encrypt certificate for Westecheurope.eu: [Mon 4 Nov 11:23:48 CET 2019] Creating domain key [Mon 4 Nov 11:23:49 CET 2019] The domain key is here: /root/.acme.sh/Westecheurope.eu/Westecheurope.eu.key [Mon 4 Nov 11:23:49 CET 2019] Multi domain='DNS:Westecheurope.eu,DNS:www.Westecheurope.eu' [Mon 4 Nov 11:23:50 CET 2019] Getting domain auth token for each domain [Mon 4 Nov 11:23:52 CET 2019] Getting webroot for domain='Westecheurope.eu' [information] No new certificates or certificates due for renewal found [notice] Checking system's last guid
-
By peterpan
Hi,
I have a domain equipped with a certificate from LE. The cert is valid another 2 months. Now I added a domain as an alias of the existing domain, but the certificate isn't updated to have the new domain as its SAN.
How do I trigger getting a new and updated certificate? Should I delete the existing one?
Thanks for helping out.
Peter
-
By d00p
Dear Froxlor Commuity,
finally - the first release candidate of our new API based version 0.10.0! A lot of work has gone into this, many internal changes (you might miss any frontend-changes, but be patient...) most importantly the API backend which not only is used by froxlor frontend itself but can also be uses from within your website/scripts/etc.
Froxlor now uses composer to include some of its requirements like phpMailer, Logger, IdnaConvert and TwoFactorAuth libraries.
Here are some of the new features besides API that found their way in:
- 2FA / TwoFactor Authentication for accounts - MySQL8 compatibility - new implementation of Let's Encrypt (acme.sh) - customizable error/access log handling for webserver (format, level, pipe-to-script, etc.) - lots and lots of bugfixes and small enhancements You can see all changes on Github at https://github.com/Froxlor/Froxlor/compare/0.9.40.1...0.10.0-rc2
Download: 0.10.0-rc2
Note: There will be no Debian packages for release-candidates.
Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.
Thank you,
d00p
-
By LukasH
[Dieses Problem hat sich gelöst, ich hab mich doch tatsächlich verlesen, im Einsatz ist nur die .de, die .com ist nur eine Weiterleitung, klar funktioniert die nicht]
______________________________________________________________________________
Dann habe ich noch ein weiteres Problem und zwar habe ich eine neue Subdomain angelegt, beim versuch ein SSL Zertifikat zu ziehen kommen nun nur die folgenden Fehlermeldungen:
[Lets Encrypt self-check] Please check http://www.mail.hoerth.eu/.well-known/acme-challenge/_s_fIpGAblEU_T6A9Iej0RV1Wp-gte-xrTeVRu9naPI - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate Could not get Let's Encrypt certificate for mail.hoerth.eu: Verification ended with error: {"identifier":{"type":"dns","value":"www.mail.hoerth.eu"},"status":"invalid","expires":"2018-06-15T12:01:38Z","challenges":[{"type":"dns-01","status":"invalid","uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/SXa_3IeDJd19Xg3oVtLd0iaj3H2lKBN_fzM1cZPtguc\/5014287643","token":"mOYe0nDwOyTxrfZc83fmpBVeL1vZesbZrV-t_nkRdZ0"},{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up A for www.mail.hoerth.eu","status":400},"uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/SXa_3IeDJd19Xg3oVtLd0iaj3H2lKBN_fzM1cZPtguc\/5014287644","token":"_s_fIpGAblEU_T6A9Iej0RV1Wp-gte-xrTeVRu9naPI","keyAuthorization":"_s_fIpGAblEU_T6A9Iej0RV1Wp-gte-xrTeVRu9naPI.JriXbK73HFGeqTSIPL3Qg0VCDy2Qt0n4wrUZon9dCEM","validationRecord":[{"url":"http:\/\/www.mail.hoerth.eu\/.well-known\/acme-challenge\/_s_fIpGAblEU_T6A9Iej0RV1Wp-gte-xrTeVRu9naPI","hostname":"www.mail.hoerth.eu","port":"80"}]}],"combinations":[[0],[1]]} Ich habe dann mal nachgesehen und der Token existiert defintiv nicht - klar findet ihn Lets Encrypt also nicht, was ist denn gerade bei mir Los?
-
Guten Morgen zusammen,
ich habe erfolgreich die 0.9.35 am laufen (0.9.35-rc1 (DB: 201603150)) und die lets encrypt - Unterstützung funktioniert nach einigen anfänglichen Schwierigkeiten ganz hervorragend.
Es gibt aber eine Domain, bei der die Beantragung des Zertifikats fehlschlagt. Im Systemlog erscheint folgende Meldung:
Could not get Let's Encrypt certificate for rh-its.de: No challenges received for *.rh-its.de. Whole response: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: Invalid character in DNS name","status":400}In den Domain-Einstellungen steht ServerAlias auf "www". Warum versucht Froxlor, die Domain mit dem Wildcard-* bei letsencrypt einzureichen und was kann ich dagegen tun?
Vielen Dank für eure Hilfe!
Share this post
Link to post
Share on other sites