Jump to content
Froxlor Forum
  • 0
fabian.moron.zirfas

apache, letsencrypt und Generierung von 28_froxlor_ssl_vhost_mysite.com.conf

Question

 
Hallo Froxlor Gemeinde,
 
ich versuche gerade auf unserem Server Seiten via letsencrypt zu verschlüsseln. Mit den Froxlor eigenen Tools hatte ich leider keinen Erfolg. Das kann an unserem Setup liegen oder an meiner Unfähigkeit (Achtung Serveradmin-Noob!).  
 
(Der Fehler den ich bekomme ist folgender)  
 
Could not get Let's Encrypt certificate for mysite.com: Please check http://mysite/.well-known/acme-challenge/YI6nQJMglYzLJoOf-2u_MRZMivqlD5w29wovISnRJpA - token not available; PHP error: {"type":2,"message":"file_get_contents(http:\/\/mysite\/.well-known\/acme-challenge\/YI6nQJMglYzLJoOf-2u_MRZMivqlD5w29wovISnRJpA): failed to open stream: HTTP request failed! HTTP\/1.1 404 Not Found\r\n","file":"\/var\/www\/froxlor\/lib\/classes\/ssl\/class.lescript.php","line":171}
 
Wenn jemand dafür eine Lösung hat immer her damit.  
 
 
Was jedoch funktioniert hat ist direkt mit dem letsencrypt Kommandozeilen Tool ein Zertifikat zu erstellen. Nun habe ich das Problem, dass letsencrypt die ssl_vhost_xx.conf angepasst hat. Diese wird von froxlor jedoch bei einer Änderung an der Domain neu generiert.  
 
Meine Fragen:  
 
  • Wo sollte ich die Einstellungen der Domain anpassen, damit sich froxlor und letsencrypt nicht in die Quere kommen? (Geschätz unter "Eigene vHost-Einstellungen:" der Domain)
  • Welchen Teil aus der .conf muss ich übernehmen?  
  • Welcher Teil der .conf verändert sich bei einem erneuern des Zertifikats durch letsencrypt?  
 
Vielen Dank vorab
Fabian
 

 

Share this post


Link to post
Share on other sites

25 answers to this question

Recommended Posts

  • 0

-> php.ini -> allow_url_fopen = On

 

-> prüfe ob die acme.conf im webserver eingerichtet und einbunden wurde (config-templates!)

Share this post


Link to post
Share on other sites
  • 0
-> php.ini -> allow_url_fopen = On

 

 

Check. Ist bereits vorher aktiv gewesen.

 

-> prüfe ob die acme.conf im webserver eingerichtet und einbunden wurde (config-templates!)

 

 

 
Den Teil verstehe ich nicht. Sorry.
Trotzdem danke für die Hilfe.  

Share this post


Link to post
Share on other sites
  • 0

Die Datei

 

/etc/apache2/conf.d/acme.conf

existiert nicht. Grundsätzlich zu meiner Frage. Es ist für mich auch okay ohne froxlor die Zertifikate zu erstellen und zu verwalten. Ich würde nur gerne wissen wo ich mit Froxlor kollidieren könnte, bzw wo ich meine vHost Einstellungen ablegen sollte wenn ich verhindern möchte, dass Froxlor sie überschreibt.

Share this post


Link to post
Share on other sites
  • 0

Wenn du Let's Encrypt aktiviert hast in den Einstellungen, folge bitte den Anweisungen in Configuration -> [distro] -> Webserver -> [dein webserver], dann funktioniert das mit LE auch alles

Share this post


Link to post
Share on other sites
  • 0

Hallo, gibt es bei dir eine Lösung?

Ich habe genau das gleiche Problem. Letsencrypt ist aktiviert und auch die Conf gesetzt. aber der stream kann nicht aufgebaut werden.

Share this post


Link to post
Share on other sites
  • 0

Dann nenne uns bitte die Fehlermeldung aus der Froxlor-SystemLog bzw. die ausgabe von "php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug"

Share this post


Link to post
Share on other sites
  • 0

Sry für die verspätete Antwort, hier der Fehler in der Log:

Could not get Let's Encrypt certificate for ossi-connection.de: Please check http://ossi-connection.de/.well-known/acme-challenge/FAit3ZkFG4Pn1jqKfCNrzSUwEivZQYGryIdxzjKK4_8 - token not available; PHP error: {"type":2,"message":"file_get_contents(http:\/\/ossi-connection.de\/.well-known\/acme-challenge\/FAit3ZkFG4Pn1jqKfCNrzSUwEivZQYGryIdxzjKK4_8): failed to open stream: operation failed","file":"\/var\/www\/froxlor\/lib\/classes\/ssl\/class.lescript.php","line":171} 

und hier der Debug:

[debug] Adding SAN entry: ossi-connection.de
[debug] Adding SAN entry: www.ossi-connection.de
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Account already registered. Continuing.
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for ossi-connection.de
[information] letsencrypt Sending signed request to /acme/new-authz
[information] letsencrypt Got challenge token for ossi-connection.de
[information] letsencrypt Token for ossi-connection.de saved at /var/www/froxlor/.well-known/acme-challenge/089SkP0Tr3B7RolBZbg1mkGMzQYE-AV-CUNajRgbtL0 and should be available at http://ossi-connection.de/.well-known/acme-challenge/089SkP0Tr3B7RolBZbg1mkGMzQYE-AV-CUNajRgbtL0
[error] Could not get Let's Encrypt certificate for ossi-connection.de: Please check http://ossi-connection.de/.well-known/acme-challenge/089SkP0Tr3B7RolBZbg1mkGMzQYE-AV-CUNajRgbtL0 - token not available; PHP error: {"type":2,"message":"file_get_contents(http:\/\/ossi-connection.de\/.well-known\/acme-challenge\/089SkP0Tr3B7RolBZbg1mkGMzQYE-AV-CUNajRgbtL0): failed to open stream: operation failed","file":"\/var\/www\/froxlor\/lib\/classes\/ssl\/class.lescript.php","line":171}

Ich hoffe das hilft weiter.

 

Gruß

Lindi

Share this post


Link to post
Share on other sites
  • 0

Ok, das hatte ich alles schon.

Bei einer Einstellung bin ich mir jedoch nicht ganz sicher. 

Der globale Alias zeigt auf /var/www/froxlor/.well-known/acme-challenge

In den SSL Einstellungen bei Froxlor steht unter Verzeichnis für Let's Encrypt challenges: /var/www/froxlor

 

Muss da der selbe Pfad wie bei den Alias rein, oder reicht das Froxlor Verzeichniss?

Share this post


Link to post
Share on other sites
  • 0

Nein das stimmt so, das /.well-known/acme-challenge wird da angehängt

Share this post


Link to post
Share on other sites
  • 0

Ich habe gerade nochmal alles kontrolliert.

Die Datei /etc/apache2/conf-enabled/acme.conf exestiert inkl. entsprechenden Inhalt.

Letsencrypt ist aktiviert im Backend.

allow_url_fopen = On ist Global gesetzt (PHP-Info im Backend) und auch auf der Domain wo Letsencrypt angewendet werden soll.

 

ein Debug bringt leider weiterhin den Fehler

[debug] Updating ossi-connection.de
[debug] Adding SAN entry: ossi-connection.de
[debug] Adding SAN entry: www.ossi-connection.de
[information] letsencrypt Using 'https://acme-v01.api.letsencrypt.org' to generate certificate
[information] letsencrypt Account already registered. Continuing.
[information] letsencrypt Starting certificate generation process for domains
[information] letsencrypt Requesting challenge for ossi-connection.de
[information] letsencrypt Sending signed request to /acme/new-authz
[information] letsencrypt Got challenge token for ossi-connection.de
[information] letsencrypt Token for ossi-connection.de saved at /var/www/froxlor/.well-known/acme-challenge/10d0S29D6pSwJHHB76OcfP-2SX8hvh52cRuWEd0UX8s and should be available at http://ossi-connection.de/.well-known/acme-challenge/10d0S29D6pSwJHHB76OcfP-2SX8hvh52cRuWEd0UX8s
[error] Could not get Let's Encrypt certificate for ossi-connection.de: Please check http://ossi-connection.de/.well-known/acme-challenge/10d0S29D6pSwJHHB76OcfP-2SX8hvh52cRuWEd0UX8s - token not available; PHP error: {"type":2,"message":"file_get_contents(http:\/\/ossi-connection.de\/.well-known\/acme-challenge\/10d0S29D6pSwJHHB76OcfP-2SX8hvh52cRuWEd0UX8s): failed to open stream: operation failed","file":"\/var\/www\/froxlor\/lib\/classes\/ssl\/class.lescript.php","line":171}

Share this post


Link to post
Share on other sites
  • 0

Versuche mal folgendes, da mir die Ideen ausgehen:
 
Öffne die Datei /var/www/froxlor/lib/classes/ssl/class.lescript.php und in Zeile 171 änderst du:

$uri = "http://${domain}/.well-known/acme-challenge/${challenge['token']}";

einfach mal in

$uri = urlencode("http://${domain}/.well-known/acme-challenge/${challenge['token']}");

und schau was beim cronjob passiert

Share this post


Link to post
Share on other sites
  • 0

Dann kommt folgendes:

[error] Could not get Let's Encrypt certificate for ossi-connection.de: Please check http%3A%2F%2Fossi-connection.de%2F.well-known%2Facme-challenge%2FlsBmBncHYHfiGN5mtv8iLFesCSBYh0YhBV-TObUZ4f8 - token not available; PHP error: {"type":2,"message":"file_get_contents(http%3A%2F%2Fossi-connection.de%2F.well-known%2Facme-challenge%2FlsBmBncHYHfiGN5mtv8iLFesCSBYh0YhBV-TObUZ4f8): failed to open stream: No such file or directory","file":"\/var\/www\/froxlor\/lib\/classes\/ssl\/class.lescript.php","line":171}

Die Änderung habe ich aber in der Zeile 166 gemacht.

In der Zeile 171 steht: if ($payload !== trim(@file_get_contents($uri))) {

// simple self check
if ($payload !== trim(@file_get_contents($uri))) {
$errmsg = json_encode(error_get_last());
if ($errmsg != "null") {
$errmsg = "; PHP error: " . $errmsg;
} else {
$errmsg = "";
}
@unlink($tokenPath);
throw new \RuntimeException("Please check $uri - token not available" . $errmsg);
}

Share this post


Link to post
Share on other sites
  • 0

Dann nutzt du nicht die aktuelle Froxlor version, bitte mit 0.9.37-rc1 oder git-master testen...

Share this post


Link to post
Share on other sites
  • 0

Hallo,

das aktuelle update ist eingespielt.

Die Zeile zum bearbeiten ist aber immer noch in der 166.

Aber selbst mit der Anpassung haben, hat sich nix geändert.

Share this post


Link to post
Share on other sites
  • 0

Dann leg doch mal irgendeine Datei in den Ordner /var/www/froxlor/.well-known/acme-challenge und versuch von deiner domain aus darauf zuzugreifen. ggfls dabei halt logs checken oder sogar nen PHP scriptchen machen, was grad das file_get_contents() auch ausführt und auf fehler achten

Share this post


Link to post
Share on other sites
  • 0

Also ich habe nun mal eine normale Datei erstellt, die kann ich mit der /.well-known URL aufrufen.

In den Errorlogs ist nix los, weder in der normalen Apache Log, noch bei den Kunden.

Die Fehlermeldung hat sich nicht geändert.

welche PHP Einstellungen greifen da genau? Die von der Domain, für das  dass SSL Zertifikat genutzt wird oder?

Was mich wundert, ist die Einstellung der Vhost datei für SSL. passt das so?

  SSLCertificateFile /etc/apache2/apache2.pem
  SSLCertificateKeyFile /etc/apache2/apache2.key
  SSLCACertificateFile /etc/apache2/apache2.crt
  SSLCertificateChainFile /etc/apache2/apache2.csr

Das sieht für mich irgendwie falsch aus.

Share this post


Link to post
Share on other sites
  • 0

Es greifen natürlich die php-Einstellungen die du für die Domain festgelegt hast, mit SSL oder nicht hat das nichts zu tun

Share this post


Link to post
Share on other sites
  • 0

Ich habe für diese Domain eine extra PHP Einstellung. Ist da was was fehlerhaft?

short_open_tag = On
asp_tags = Off
precision = 14
output_buffering = 4096
allow_call_time_pass_reference = Off
safe_mode = {SAFE_MODE}
safe_mode_gid = Off
safe_mode_include_dir = "{PEAR_DIR}"
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"
disable_functions = passthru,shell_exec,system,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate
disable_classes =
expose_php = Off
max_execution_time = 30
max_input_time = 60
memory_limit = 16M
post_max_size = 16M
error_reporting = E_ALL & ~E_NOTICE
display_errors = On
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = Off
variables_order = "GPCS"
register_globals = Off
register_argc_argv = Off
gpc_order = "GPC"
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
include_path = ".:{PEAR_DIR}"
enable_dl = Off
file_uploads = On
upload_tmp_dir = "{TMP_DIR}"
upload_max_filesize = 32M
allow_url_fopen = On
sendmail_path = "/usr/sbin/sendmail -t -f {CUSTOMER_EMAIL}"
session.save_handler = files
session.save_path = "{TMP_DIR}"
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 16
session.entropy_file = /dev/urandom
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
suhosin.simulation = Off
suhosin.mail.protect = 1
suhosin.session.encrypt = 0

opcache.restrict_api = "{DOCUMENT_ROOT}"

Ich seh mitlerweile den Wald vor lauter Bäume nicht mehr ...

Share this post


Link to post
Share on other sites
  • 0

Wenn du magst, schick mir gerne mal root Zugang per PM, dann schau ich mal drauf

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By d00p
      Dear Froxlor Community,
      I am proud to finally release the stable version of a new API based froxlor. Due to massive internal improvements and changes in the core (almost 600 commits since 0.9.40.1) users are now able to list/create/edit/delete resources and entities of froxlor via API (requires activation of api-usage in the settings and a user based API-key). The froxlor frontend itself uses the API backend too.
      Froxlor now uses composer to include some of its requirements like phpMailer, Logger, IdnaConvert and TwoFactorAuth libraries. All required files will be included in the official tarball so you do not need to worry about installing and using composer (only if you are using / testing the git-master, see https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-from-git-sources).
      Most important changes:
      froxlor now requires at least php-7.0 or newer, php-5.6 is no longer supported because of its EOL almost a year ago you can access data via API, for more information see https://api.froxlor.org/doc/. An example can be found here: https://github.com/Froxlor/Froxlor/tree/master/doc/example PHPUnit tested API backend with MySQL 5.6, 5.7 and 8 as well as MariaDB 10.3 and 10.4, see https://travis-ci.com/Froxlor/Froxlor compatibility for MySQL8 2FA (two-factor-authentication) for admins/resellers/customers (email or authenticator app) all froxlor-database tables will automatically be converted to the InnoDB engine added support for Debian 10 (buster) and Ubuntu 18.04 (bionic beaver) implemented Let's Encrypt via acme.sh - Note: all your current Let's Encrypt certificates will be removed and re-created due to another structure customizable error/access log handling for webserver (format, level, pipe-to-script, etc.) deprecated Debian 7 (wheezy) and Ubuntu 14.04 (trusty tahr) support dropped support for Ubuntu 12.04 (precise pangolin) dropped ticketsystem Changes in 0.10.1:
      allow/disallow API access on a per-customer base new API parameters for Admins.add(), Admins.update(), Customers.add() and Customers.update() bool $api_allowed (default: false for Customers, true for Admins) add explicit tlsv1.3 ciphersuite setting fixed wrong behaviour in Ftps.add() if customer is newly created and setting customer.ftpatdomain is true added expiration date to SSL certificates loaded via API request fixed wrong return in Certificates.get() if given domain does not have a certificate allow setting http2 flag for (sub)domains in customer view, fixes #725 Changes in 0.10.2:
      force Let's Encrypt ACMEv2 API, fixed #728 added default-ssl-vhost settings and optionally allow including of non-ssl default-vhost settings, fixes #727 new API parameters for Domains.add() and Domains.update() string $ssl_specialsettings bool $include_specialsettings bool $dont_use_default_ssl_ipandport_if_empty removed API parameters in Domains.add() bool $use_default_ssl_ipandport_if_empty new API parameters for IpsAndPorts.add() and IpsAndPorts.update() string $ssl_specialsettings bool $include_specialsettings string $ssl_default_vhostconf_domain bool $include_default_vhostconf_domain implemented DomainZones.listing() to return custom stored dns entries fix registration and termination date to flip between empty-value and 0000-00-00 Changes in 0.10.3:
      fallback to /tmp/froxlor.log if file-log is activated but no file given or not writeable; fixes #737 added tls-settings per domain for admins with change_serversettings-flag set; fixes #519 new API parameter for Domains.add() and Domains.update() bool $override_tls (default: false) array $ssl_protocols string $ssl_cipher_list string $tlsv13_cipher_list preserve downward compatibility for 0.10.1 updaters regarding specialsettings for ssl-enabled domains; fixes #739 Changes in 0.10.4:
      added support for CIDR/netmask in mysql-access-hosts; fixes #564 fixed invalid handling of escape-sequences in api-endpoint, fixes #746 fixed an issue with adding the default ftp user for new customer when added by admin/reseller with no ftp-resources; fixes #741 fixed nginx configuration issue with fastcgi_split_path_info option; fixes #744 Changes in 0.10.5:
      bugfix release due to errors in Let's Encrypt re-new check; fixes #747 Changes in 0.10.6:
      introducing new API parameters sql_search, sql_limit, sql_offset, sql_orderby for almost all listing() calls introducing new API method listingCount() for almost all modules to return the total number of entities available changed behavior of SubDomains.listing() to return all fields from the domain table instead of the limited ones for customers when called as admin added new API module SysLog to query froxlor logs according to permission optimized panel_admins and panel_customers table to avoid mysql/mariadb warning: Row size too large (> 8126); fixes #752 corrected update of hosting plans via interface; fixes #753 implemented API method EmailForwarders.listing(); fixes #754 fixed parameters defaults for Domains.update() parameters ssl_ipandports and add new parameter (see below); fixes #756 new API parameters for Domains.update() bool $remove_ssl_ipandport Changes in 0.10.7:
      corrected behavior when changing mysql-access-host values; fixes #758 fix UI error "API keys not accessable due to missing Paging-class" fix trauncating of SysLog using SysLog.delete() corrected UI issue of incorrect listing of domains for customers and admin, fixes #759 corrected ordering of listings in UI regarding pagination added new settings to set default value of domain-edit-settings 'Apply specialsettings to all subdomains' and 'Apply php-config to all subdomains' corrected vhost-merging of specialsettings in nginx; fixes #757 Changes in 0.10.8:
      fix duplicate domain entries in customer-domain-list when domain has aliases fix searching for alias-domains by link in customer_domains use correct apiendpoint for lets encrypt; pass debug-flag onto acme.sh; fixes #762 fix removing of ssl-ip-relation to domain if no ssl-ip is selected via interface Debian package: Move mysql server dependency to redommends; fixes #761 Changes in 0.10.9:
      fix SQL error when searching for certificates by domainname, fixes #764 fix ordering of listings when natural sorting is activated, fixes #765 check for valid result when reading database usage from information_schema; fixes #766 Changes in 0.10.10:
      add new API function Froxlor.generatePassword() to return a random password based on froxlor settings regarding min-length, included characters, etc.; fixes #768 fix mysql8 issue with group by and sorting within; fixes #774 add new 'ssl-enabled' flag for domains and subdomains so ssl can be deactivated (by a customer too) even if there are ssl-ip/ports assigned; introduce new honorcipherorder and sessiontickets flags for more control over ssl-related settings on a per domain base (admin only); fixes #767 and #769 new API parameters for Domains.add() and Domains.update() bool $sslenabled bool $honorcipherorder bool $sessiontickets new API parameters for SubDomains.add() and SubDomains.update() bool $sslenabled new API method Froxlor.generatePassword() Changes in 0.10.11:
      apply 'notryfiles', 'writeaccesslog' and 'writeerrorlog' flags to subdomains when editing a domain fix SysLog.delete(), SysLog.listing() and SysLog.listingCount() whencalled as admin/reseller withouth customers_see_all permission add option to disable SSL sessiontickets globally for older systems, fixes #784 ability to add custom config to PHPFPM version, fixes #643 new API parameters for FpmDaemons.add() and FpmDaemons.update() string $custom_config Changes in 0.10.12:
      allow using more advanced LogFormat for webserver and awstats fix issue in PhpHelper::trimArray() returning an empty array, fixes #751 fix wrong behaviour of Emails.update() which allowed setting iscatchall-flag for more than one address of the same domain fix writable-check of froxlor-logfile if logfile did not exist Changes in 0.10.13:
      validate nameserver ip-addresses for binds allow-transfer block; fixes #791 fix IpsAndPorts when checking for system.ipaddress in update() and delete() fix Domains.update() if called as admin/reseller without change_serversettings privileges, thx to rseffner fix the case that the spf record is not inserted with its quotes, and so the condition fails and 2 spf records are inserted in the domain fix wrongly initialized resource-usage when re-calculating it; fixes #797 update php-fpm defaults; update paths for current stable php-7.3; read froxlor default php.ini from file rather then using phpconfig with id=1; fixes #796 Changes in 0.10.14:
      require set password complexity for admins too when resetting password; display correct error message if password complexity is not satisfied do not require enabled vhost-container for froxlor-vhost to change sslsessiontickets-setting disable sslsessiontickets-option in domain-add/edit if globally disabled in the settings fix listing of customer email addresses if 'domain' section is hidden via settings, fixes #803 add Froxlor.integrityCheck() API call to externally run integrity/consistency check, fixes #801 new API method Froxlor.integrityCheck() make customer firstname,name,company and customer-no available for all templates; fixes #808 store ace-string of domain besides idn-converted string to have correct sorting in the frontend; fixes #809 allow private ip ranges in ips-and-ports as some configurations require that; fixes #802 Changes in 0.10.15:
      fixed temporary userdata file creation results in an empty file on installation; fixes #815 Changes in 0.10.16:
      remove ssl-certificates connected to domains that are being deleted when deleting a customer; fixes #818 fix removing ip address if ip is set as system-ipaddress but there are other entries of that ip with a different port fixed parsing due to changes in dovecots default mail_log_prefix restructure acmesh implementation and let acme.sh take care of renewing the certificates itself; fixes #792, fixes #816 Double check whether installation of acme.sh worked when not installed yet and do not continue if not; fixes #823 add optional dns validation for let's encrypt activated domains; fixes #817 let send-to-alternative-email be optional if no address is given instead of displaying error that the email address is invalid; fixes #829 Changes in 0.10.17:
      fix minor issue with let's encrypt and uppercase letters in domainnames validate we're using the required minimum version of php in frontend and cron, not only on installation adding email addresses via webinterface results in error if domains are hidden from customers; fixes #803 fix including of language-strings in reports-cron, fixes #836 Changes in 0.10.18:
      remove TLSv1 from the list of default SSL-protocols marked Ubuntu 16.04 configuration templates as deprecated removed Ubuntu 14.04 configuration templates added configuration-templates for Ubuntu 20.04 added configuration-templates for CentOS 8 added distribution detection on installation and OS possibility for specific setting-adjustments (for later use) read certificate data folder from acme.sh.env file, fixes #846 corrected API docs, fixes #856 and #857 Changes in 0.10.19:
      return full domain object on Domains.update() call, fixes #861 add missing parmeter customerid for SubDomains.delete() which is required when called as admin; fixes #862 check for possible CNAME overrides of A/AAAA record in dns-editor, fixes #864 corrected timestamp-check for let's encrypt filesystem sync, fixes #865 Changes in 0.10.20:
      fix permanent rebuilding of vhost configs when using let's encrypt updated jquery library, fixes #872 unset any limit as we do not have pagination when showing search-results, fixes #869 fix missing query-parameters for IpsAndPorts.listing() when using sql_search show current count of results besides total count in listings, fixes #869 remove underscore from dkim-selector, refs #619 use overridden limit_extensions and idle_timeout values in vhost config when using fpm and not mod_proxy Download: 0.10.20

      Note: Debian/Ubuntu packages are available as of 21th of October 2019 - Note that there are no packages for oldoldstable (jessie) anymore

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net for support, help, participation or just a chat

      Thank you,
      d00p
    • By logicbloke
      Hi,
      I'm just wondering what the difference is between the following 2 folders:
      Why is froxlor installing acme.sh cron everytime it runs at 3am everyday especially since the 5-min let's encrypt froxlor cron is already in place? Also, all my db config points to /etc/ssl/froxlor-custom for the domains and all keys/certificates inside that folder have a different md5 from the ones under /root/.acme.sh/, so I'm wondering what's with the mismatch? Are we updating certificates for domains twice?
       
      If anyone can shed some more light on this, it will be very much appreciated.
       
      Many thanks!
    • By ZARk
      Hello

      I can't renew certs (or create new certs) since the 0.10 upgrade. was working fine before on 0.9

      I'm basically getting the same output everytime i run this command.
       
      xander /var/www/froxlor # /usr/bin/php7.3 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug [information] Requesting/renewing Let's Encrypt certificates [information] Creating certificate for Westecheurope.eu [information] Adding SAN entry: Westecheurope.eu [information] Adding SAN entry: www.Westecheurope.eu [Mon 4 Nov 11:23:46 CET 2019] It is recommended to install socat first. [Mon 4 Nov 11:23:46 CET 2019] We use socat for standalone server if you use standalone mode. [Mon 4 Nov 11:23:46 CET 2019] If you don't use standalone mode, just ignore this warning. [information] Checking for LetsEncrypt client upgrades before renewing certificates: [Mon 4 Nov 11:23:45 CET 2019] Installing from online archive. [Mon 4 Nov 11:23:45 CET 2019] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz [Mon 4 Nov 11:23:46 CET 2019] Extracting master.tar.gz [Mon 4 Nov 11:23:46 CET 2019] Installing to /root/.acme.sh [Mon 4 Nov 11:23:46 CET 2019] Installed to /root/.acme.sh/acme.sh [Mon 4 Nov 11:23:46 CET 2019] Good, bash is found, so change the shebang to use bash as preferred. [Mon 4 Nov 11:23:47 CET 2019] OK [Mon 4 Nov 11:23:47 CET 2019] Install success! [Mon 4 Nov 11:23:47 CET 2019] Upgrade success! [Mon 4 Nov 11:23:47 CET 2019] Removing cron job [Mon 4 Nov 11:23:52 CET 2019] get to authz error. [Mon 4 Nov 11:23:52 CET 2019] _authorizations_map='www.westecheurope.eu,{"identifier":{"type":"dns","value":"www.westecheurope.eu"},"status":"pending","expires":"2019-11-07T18:17:12Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/e3Lmew","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/rs0T6w","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/ZPjfSg","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"}]} westecheurope.eu,{"identifier":{"type":"dns","value":"westecheurope.eu"},"status":"pending","expires":"2019-11-07T18:17:12Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/hOWGhQ","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/nj7_Ow","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/v7Bc7A","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"}]} ' [Mon 4 Nov 11:23:52 CET 2019] Please add '--debug' or '--log' to check more details. [Mon 4 Nov 11:23:52 CET 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh [debug] [Mon 4 Nov 11:23:48 CET 2019] Creating domain key [Mon 4 Nov 11:23:49 CET 2019] The domain key is here: /root/.acme.sh/Westecheurope.eu/Westecheurope.eu.key [Mon 4 Nov 11:23:49 CET 2019] Multi domain='DNS:Westecheurope.eu,DNS:www.Westecheurope.eu' [Mon 4 Nov 11:23:50 CET 2019] Getting domain auth token for each domain [Mon 4 Nov 11:23:52 CET 2019] Getting webroot for domain='Westecheurope.eu' [error] Could not get Let's Encrypt certificate for Westecheurope.eu: [Mon 4 Nov 11:23:48 CET 2019] Creating domain key [Mon 4 Nov 11:23:49 CET 2019] The domain key is here: /root/.acme.sh/Westecheurope.eu/Westecheurope.eu.key [Mon 4 Nov 11:23:49 CET 2019] Multi domain='DNS:Westecheurope.eu,DNS:www.Westecheurope.eu' [Mon 4 Nov 11:23:50 CET 2019] Getting domain auth token for each domain [Mon 4 Nov 11:23:52 CET 2019] Getting webroot for domain='Westecheurope.eu' [information] No new certificates or certificates due for renewal found [notice] Checking system's last guid  
    • By peterpan
      Hi,
      I have a domain equipped with a certificate from LE. The cert is valid another 2 months. Now I added a domain as an alias of the existing domain, but the certificate isn't updated to have the new domain as its SAN.
      How do I trigger getting a new and updated certificate? Should I delete the existing one?
      Thanks for helping out.
       
      Peter
    • By d00p
      Dear Froxlor Commuity,
      finally - the first release candidate of our new API based version 0.10.0! A lot of work has gone into this, many internal changes (you might miss any frontend-changes, but be patient...) most importantly the API backend which not only is used by froxlor frontend itself but can also be uses from within your website/scripts/etc.
      Froxlor now uses composer to include some of its requirements like phpMailer, Logger, IdnaConvert and TwoFactorAuth libraries.
      Here are some of the new features besides API that found their way in:
      - 2FA / TwoFactor Authentication for accounts - MySQL8 compatibility - new implementation of Let's Encrypt (acme.sh) - customizable error/access log handling for webserver (format, level, pipe-to-script, etc.) - lots and lots of bugfixes and small enhancements You can see all changes on Github at https://github.com/Froxlor/Froxlor/compare/0.9.40.1...0.10.0-rc2
      Download: 0.10.0-rc2

      Note: There will be no Debian packages for release-candidates.

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.

      Thank you,
      d00p
×
×
  • Create New...