Jump to content
Froxlor Forum
  • 0

Configuration Woes


w6g

Question

Posted

Hi!

 

Recently, I upgraded from 0.9.34.2 to 0.9.37. Trying to get Let's Encrypt working, I am experiencing some basic strangenesses which I don't understand and which I need help with.

 

Let's begin here:

 

  • I am trying to enable debug logs in order to see what is happening. I set the debug level to "paranoid" (only options available are "paranoid" and "normal"), having all log destinations activated. Logs get written, but I don't get the "debug" entries, Only "information", "notice", "error". The parameter "logger.severity" in panel_settings is set to 2.
  • In the log entries I have an error message from a cron job that the ssl_cert_file cannot be found. The setting I have entered into "Settings/SSL Settings/Path to the SSL certificate" is the correct one; but the error message logs a different file name. The database entry in panel_settings "system.ssl_cert_file" is the correct one, too. Nevertheless, the cron job tries to read a different file.

How should I go on from here?

 

w6g

5 answers to this question

Recommended Posts

Posted

Well, no and yes.

 

I did not mix up the SSL Certificates we are talking about now with Let's Encrypt. LE ist still off, and I did not expect anything from LE (yet).

 

What I did learn is that there is not only

  • Settings / SSL Settings / Path to the SSL Certificate

but also

  • IP and Ports / x.x.x.x:443 / Path to the Certificate

and the latter one had the faulty setting.

 

Thanks you for your help -- where can I learn about which setting is for what? Is there anything I should read up?

 

w6g

Posted

Did that already. Did it again: https://nopaste.me/view/80c1c2c7

No debug information there.

 

Note:

The cert file "/usr/local/etc/ssl/somehost.example.org-cert.pem" mentioned in the error entry is the one I was talking about. In panel_settings I have the entry "/usr/local/etc/ssl/somehost.example.org/somehost.example.org.crt".

Posted

You've mixed a few things:

 

/usr/local/etc/ssl/somehost.example.org-cert.pem seems to be the certificate you have specified in your settings / ip-port. This is NO Let's Encrypt certificate and is not being autogenerated. But it is needed for the domain ssl-vhosts to be at least a self-signed certificate. For Let's Encrypt certificates per domain you'd just need to check the "Use Let's Encrypt" checkbox when editing the domain

Posted

System-setting -> is fallback for -> ip/port specific certificates -> is fallback (and needed!) for -> domain specific certificates

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...