Jump to content
Froxlor Forum
JuKu

Letsencrypt SSL_ERROR_RX_RECORD_TOO_LONG

Recommended Posts

Hello everybody,

 

I try to configure a letsencrypt certificate for one of my domains https://jukusoft.com , certificates are already generated by froxlor, but i get this error, if i browse the domain with firefox:

SSL_ERROR_RX_RECORD_TOO_LONG

 

If i search with google there are many threads about this topic, but there isn't any solution for this.

Also there is no good tutorial on froxlor sites. Because i dont know if this is a bug or only a issue about a not-existent documentation, i havent created a issue on github yet.

I also doesnt get any results by your forum search. If this is the wrong forum, please move my topic to the right! thanks!

 

If i try to execute "openssl s_client -showcerts -connect jukusoft.com:443 -servername jukusoft.com" i get this output:

CONNECTED(00000003)
140505437533840:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:782:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 310 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1521806504
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

 

I have also configured IP / Port settings:

dd.thumb.PNG.70720f5fcd7a07000e2c64a6d207f42e.PNG

ddKopie.thumb.PNG.92d0d3b336f996f1b3fae88324917f43.PNG

dd.thumb.PNG.9cc821acb106d182f668f4cb5a295ec8.PNG

 

Domain Settings:

dd.thumb.PNG.d7fdcfca32dd668d301eded847a34066.PNG

 

ddKopie.thumb.PNG.e1722a41e04545189f7e17a5710e2060.PNG

 

Where is the problem?
And please, can you write a good tutorial / documentation for SSL & letsencrypt configuration for froxlor?

Share this post


Link to post
Share on other sites

The ssl-enabled IP/Port needs a certificate too, specify that either globally in ssl-settings, per ip/port when editing the corresponding ip/port or via froxlor-vhost (also settings). You also have to activate "generate Vhost container" in the ip/port for this to work

Share this post


Link to post
Share on other sites

@d00p Thanks for this fast answer!

 

vor 5 Stunden schrieb d00p:

The ssl-enabled IP/Port needs a certificate too

How do i get this certificate? Can i generate this or also get a certificate from letsencrypt?

 

vor 5 Stunden schrieb d00p:

specify that either globally in ssl-settings, per ip/port when editing the corresponding ip/port or via froxlor-vhost (also settings).

 

I have already specified this in global ssl settings:

dd.thumb.PNG.db439cd7ac1e9bc75181a3886d683d6a.PNG

ddKopie.thumb.PNG.3eff33ea3ecbac24d381193cdd1b402a.PNG

 

Is this right?

Share this post


Link to post
Share on other sites

You need to manually create this certificate on the Filesystem. Either a selfsigned certificate or one you bought

Share this post


Link to post
Share on other sites

Or you activate lets encrypt in "froxlor vhost settings", but Changes i mentioned before are required

Share this post


Link to post
Share on other sites
Am 25.3.2018 um 08:27 schrieb d00p:

You need to manually create this certificate on the Filesystem. Either a selfsigned certificate or one you bought

Thanks for your answer again!
Can i also use a lets encrypt certificate for this?

Or have i really generate a selfsigned certificate?

 

If yes, how can i do this?

openssl req -new > new.ssl.csr

openssl rsa -in privkey.pem -out new.cert.key
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days NNN
cp new.cert.cert /etc/ssl/certs/server.crt
cp new.cert.key /etc/ssl/private/server.key

 

Am 25.3.2018 um 08:28 schrieb d00p:

Or you activate lets encrypt in "froxlor vhost settings", but Changes i mentioned before are required

I have done this, but it doesnt works.

Share this post


Link to post
Share on other sites
42 minutes ago, JuKu said:

I have done this, but it doesnt works.

It doesnt work is not an error message...please post logs or error messages.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By irisdina
      Warning, this is not an official guide!!!
      1.
      sudo nano /etc/apt/source.list 1a. Delete all Text in to the File and Paste new Source list
      1b. 
      ###### Debian Main Repos deb http://ftp.de.debian.org/debian/ stable main contrib non-free deb-src http://ftp.de.debian.org/debian/ stable main contrib non-free deb http://ftp.de.debian.org/debian/ stable-updates main contrib non-free deb-src http://ftp.de.debian.org/debian/ stable-updates main contrib non-free deb http://security.debian.org/ stable/updates main deb-src http://security.debian.org/ stable/updates main deb http://ftp.debian.org/debian stretch-backports main deb-src http://ftp.debian.org/debian stretch-backports main ###### Extra Repos ###Debian Multimedia deb [arch=i386,amd64] http://www.deb-multimedia.org stretch main non-free ###nginx deb [arch=amd64,i386] http://nginx.org/packages/debian/ stretch nginx deb-src [arch=amd64,i386] http://nginx.org/packages/debian/ stretch nginx ###php7.X | curl https://packages.sury.org/php/apt.gpg | apt-key add - deb https://packages.sury.org/php/ $(lsb_release -sc) main ### MariaDB 10.3 ### http://downloads.mariadb.org/mariadb/repositories/ deb [arch=amd64,i386,ppc64el] http://ftp.hosteurope.de/mirror/mariadb.org/repo/10.3/debian stretch main deb-src http://ftp.hosteurope.de/mirror/mariadb.org/repo/10.3/debian stretch main 1c. 
      sudo apt update && sudo apt dist-upgrade && sudo apt autoclean && sudo apt autoremove 1d. 
      sudo apt install curl wget apt-transport-https dirmngr git software-properties-common Now you can start setting up your server
      2. MariaDB install
      Warning use sudo command für this install!
      sudo apt install mariadb-server mariadb-client 2a. MariaDB 10.3 Workround (Optional)
      3. nginx install
      sudo apt install nginx 3a. 
      mkdir /etc/nginx/sites-available mkdir /etc/nginx/sites-enabled 3b. nano /etc/nginx/nginx.conf
      4. PHP install
      sudo apt-get -y install php7.3-fpm php7.3-mysql php7.3-curl php7.3-gd php7.3-intl php-pear php-imagick php7.3-imap php-memcache php7.3-pspell php7.3-recode php7.3-sqlite3 php7.3-tidy php7.3-xmlrpc php7.3-xsl php7.3-mbstring php-gettext php7.3-mysql php7.3-curl php7.3-gd php7.3-intl php-pear php-imagick php7.3-imap php-memcache php7.3-memcached php7.3-pspell php7.3-recode php7.3-sqlite3 php7.3-tidy php7.3-xmlrpc php7.3-xsl php7.3-mbstring php-gettext php7.3-fpm php7.3-cli php7.3-cgi php-bcmath php-zip php7.3-fpm php7.3-curl php7.3-gd php7.3-mysql php7.3-mbstring php7.3-zip php7.3-bcmath zip unzip 4a. 
      sudo service nginx restart sudo service php7.3-fpm restart For Ubuntu (Cosmic)
      1. sudo nano /etc/apt/source.list
      1a. Delete all Text in to the File and Paste new Source list
      1b. 
      ###### Ubuntu Main Repos deb http://de.archive.ubuntu.com/ubuntu/ cosmic main restricted universe multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ cosmic main restricted universe multiverse ###### Ubuntu Update Repos deb http://de.archive.ubuntu.com/ubuntu/ cosmic-security main restricted universe multiverse deb http://de.archive.ubuntu.com/ubuntu/ cosmic-updates main restricted universe multiverse deb http://de.archive.ubuntu.com/ubuntu/ cosmic-proposed main restricted universe multiverse deb http://de.archive.ubuntu.com/ubuntu/ cosmic-backports main restricted universe multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ cosmic-security main restricted universe multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ cosmic-updates main restricted universe multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ cosmic-proposed main restricted universe multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ cosmic-backports main restricted universe multiverse # MariaDB 10.3 repository list - created 2019-01-25 21:01 UTC # http://downloads.mariadb.org/mariadb/repositories/ deb [arch=amd64] http://ftp.hosteurope.de/mirror/mariadb.org/repo/10.3/ubuntu cosmic main deb-src http://ftp.hosteurope.de/mirror/mariadb.org/repo/10.3/ubuntu cosmic main 1c. Key install 
      sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8 1d. PPA (https://askubuntu.com/questions/4983/what-are-ppas-and-how-do-i-use-them/4987#4987) 
      sudo add-apt-repository ppa:nginx/development sudo add-apt-repository ppa:ondrej/php 1e. 
      sudo apt update && sudo apt dist-upgrade && sudo apt autoclean && sudo apt autoremove 2. MariaDB install
      Warning use sudo command für this install!
      sudo apt install mariadb-server mariadb-client 2a. MariaDB 10.3 Workround (Optional)
      3. nginx install
      sudo apt install nginx Froxlor install
      There are two ways to get Froxlor. Stable (wget) and Beta Build (git / Master)
      Stable Version
      1. 
      cd /var/www/html/ 1a. 
      sudo https://files.froxlor.org/releases/froxlor-latest.tar.gz && sudo tar xzfv froxlor-latest.tar.gz or
      Git Version (Beta Version)
      sudo git clone https://github.com/Froxlor/Froxlor.git If you're using the git version, you still need to load the composer > Composer.phar and Read this for install Do not run Composer with root/super user
      1a(2). Composer install in your Froxlor directory
      composer install --no-dev 1b. 
      sudo chown -R www-data:www-data Froxlor/ Set up Froxlor
      2. Open Your Browser
      2a.
      http://your IP or Hostname/Froxlor
       

      Install Froxlor finish
       3d. Move userdata (Optional) 
      sudo mv /tmp/userdata.inc.php /var/www/html/Froxlor/lib/ 2c. 
      sudo rm /etc/nginx/site-enable/default don't restart nginx!
      Froxlor Settings
      1. Cronjob
      sudo nano /etc/cron.d/froxlor insert 
      # # Set PATH, otherwise restart-scripts won't find start-stop-daemon # PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # # Regular cron jobs for the froxlor package # # Please check that all following paths are correct # */5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/html/Froxlor/scripts/froxlor_master_cronjob.php sudo chmod 0640 "/etc/cron.d/froxlor" sudo chown root:0 "/etc/cron.d/froxlor" sudo service cron restart 2. Nginx PHP Backend
      Settings > Webserver settings > Nginx PHP backend
      from 127.0.0.1:8888 to unix:/run/php/php7.3-fpm.sock
      3. 
      sudo mkdir -p /var/customers/webs/ sudo mkdir -p /var/customers/logs/ sudo mkdir -p /var/customers/tmp sudo chmod 1777 /var/customers/tmp sudo service nginx restart 4. IPs and Ports > Add IP/Port

      2a(1), SSL Port



      Wait 5min for Autimatic Start Froxlor's cronjob or start the cronjob manually
      sudo php /var/www/html/Froxlor/scripts/froxlor_master_cronjob.php --force --debug Optional
      PHP-FPM activate
      1. User/Group add
      sudo adduser froxlorlocal --disabled-password --no-create-home && sudo usermod -a -G www-data froxlorlocal 2. libnss-extrausers install 
      sudo apt install nscd libnss-extrausers sudo mkdir -p /var/lib/extrausers sudo touch /var/lib/extrausers/{passwd,group,shadow} sudo mv "/etc/nsswitch.conf" "/etc/nsswitch.conf.frx.bak" sudo nano /etc/nsswitch.conf # Make sure that `passwd`, `group` and `shadow` have mysql in their lines # You should place mysql at the end, so that it is queried after the other mechanisams # passwd: compat extrausers group: compat extrausers shadow: compat extrausers hosts: files dns networks: files dns services: db files protocols: db files rpc: db files ethers: db files netmasks: files netgroup: files bootparams: files automount: files aliases: files sudo service nscd restart sudo nscd --invalidate=group 2a. Settings > System settings > Activate > Use libnss-extrausers instead of libnss-mysql

      3. Settings > PHP-FPM > Activated:
      Change from NO to YES
      3a. PHP-FPM versions
      Change > php-fpm restart command:
      service php7.3-fpm restart and
      Configuration directory of php-fpm: > to 
      /etc/php/7.3/fpm/pool.d/ 3b. Settings > Froxlor VirtualHost settings > Activate > Enable PHP-FPM for the Froxlor vHost

      3c. 
      sudo chown -HR froxlorlocal:froxlorlocal /var/www/html/Froxlor SSL / Let's Encrypt activate
      1.
      sudo apt install certbot 1a. 
      sudo mkdir /etc/nginx/ssl && cd /etc/nginx/ssl 1b. Create SSL File
      sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt 1c. 
      sudo nano /etc/nginx/acme.conf insert
      location /.well-known/acme-challenge { alias /var/www/html/Froxlor/.well-known/acme-challenge; location ~ /.well-known/acme-challenge/(.*) { default_type text/plain; } }  
      2. Open your  Froxlor Panel
      Settings> SSL > Activated:
      Change from NO to YES
      2a. Settings > SSL > Settings
      Change your path from your certificate / Keyfile
      Path to the SSL certificate
      insert
      /etc/nginx/ssl/nginx.crt Path to the SSL Keyfile
      insert
      /etc/nginx/ssl/nginx.key 2b. Settings > SSL > Settings
      Activate > Enable Let's Encrypt

      Change Path to the acme.conf snippet to > 
      /etc/nginx/acme.conf 2c. Activate on Settings > Froxlor VirtualHost settings
      - Enable Let's Encrypt for the froxlor vhost
      - Enable SSL-redirect for the froxlor vhost
      - HTTP Strict Transport Security (HSTS)
      - Include HSTS for any subdomain






      2d. Activated HTTP2 Support on > Settings > Nginx
       
    • By princeofnaxos
      After migrating from syscp, all SSL hosts have empty host files. A comment is there, saying "# no ssl-certificate was specified for this domain, therefore no explicit vhost is being generated".
      Looking in lib/Froxlor/Cron/Http/Apache.php, I see that $domain['ssl_cert_file'] must be empty in order to get that message. But where in the domain form should I enter the certificate's filename? There is nothing under "Webserver SSL settings" that looks like that.
       
    • By FearTheDude
      Folgende Situation:
      Ich betreibe einen vServer mit Froxlor als Hostingpanel
      Der docroot von meinedomain.tld liegt unter /var/customers/webs/meinAccount
      Eine SSL Weiterleitung wurde auf meinedomain.tld eingerichtet
      Kunden verwenden ein paar vorinstallierte tools (Webmailer, DB Frontend, Froxlor Panel) über toolname.meinedomain.tld
      Die Tools liegen nicht im docroot von meinedomain.tld sondern unter /var/www/toolname
      Folgendes Problem:
      Die SSL Weiterleitung von http auf https bei der Hauptdomain meinedomain.tld funktioniert nicht, es sei denn, man verwendet eine der Subdomains für die Tools
      Für meinedomain.tld wird anstatt /var/customers/webs/meinAccount der docroot /var/www verwendet
      Vorübergehende Lösung:
      Die Prüfung, ob mod_rewrite in der NN_froxlor_normal_vhost_meinedomain.tld.conf aktiv ist, entfernen
      <IfModule !mod_rewrite.c> Redirect 301 / https://meinedomain.tld/ </IfModule> Dann findet IMMER ein Redirect auf HTTPS statt, wobei hier auch der richtige docroot geladen wird.
      Nachteil:
      Sobald die Configs neu geschrieben werden, ist die Änderung weg.
      Fragen:
      Kann man die mod_rewrite prüfung für die SSL Weiterleitung irgendwo dauerhaft deaktivieren?
      Warum verwendet der vHost Container für http keinen bzw. den falschen docroot?
      Wie kann ich persistente Änderungen an den .conf Dateien für einen vHost vornehmen?
    • By Andrew Stafford
      Good day, 
      First time posting here, I just got Froxlor setup on a hyperV, Debian 9 VM.
      It is up and running, got my customers/ domains added. I can't seem to get the domain to cooperate though. 
      I use Godaddy to buy and host my domains. What do I need to do on Godaddy and through Froxlor to get my website visible to the public?
      I currently tried setting an a record on godaddy with my servers ip.
      I changed the name servers in froxlor to those listed by godaddy for my domain.
      Am i on the right track or missing it entirely?
      Any help would be appreciated!
      Thanks, - Andrew 
    • By Christian Vogel
      Ich habe Froxlor installiert und alle Konfigurationen ausgeführt. Dennoch kann ich nicht über Outlook oder Mail auf mein Imap Konto zugreifen. 
      Im syslog sehe ich
      Sep 10 10:11:51 vserver3130 dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=87.191.51.26, lip=109.73.50.135, session=<uGoEloF1eIxXvzMa>
      postconf -d und dovecot -n hab ich als Textdatei angehängt.
      Habe auch schon etwas bei Google gesucht und hier im Forum die Suchfunktion bemüht - finde aber keine Lösung. Kann mir hier jemand helfen? Werden noch andere Infos benötigt für eine Lösung?
      Danke
      Christian
       
       
      dovecot.txt
      postconf.txt


×