Jump to content
Froxlor Forum
  • 0
princeofnaxos

SSL virtual hosts

Question

After migrating from syscp, all SSL hosts have empty host files. A comment is there, saying "# no ssl-certificate was specified for this domain, therefore no explicit vhost is being generated".

Looking in lib/Froxlor/Cron/Http/Apache.php, I see that $domain['ssl_cert_file'] must be empty in order to get that message. But where in the domain form should I enter the certificate's filename? There is nothing under "Webserver SSL settings" that looks like that.

 

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

if Let's encrypt is used (and activated): wait for the cron,

if not, as customer, go to domains - you should see a lock-icon besides every ssl-enabled domain - click on that, you can enter certificate data there

 

Share this post


Link to post
Share on other sites
  • 0

if you want Let's Encrypt - the use froxlor's let's encrypt integration rather then certbot or anything. You won't have to copy'n'paste anything as it's done automatically.

The reason for this behavior is, that the customer is able to set a certificate for his domain on his own because he does not have access to the server, nor should it be necessary that he knows the path to the certificate on the server.

Share this post


Link to post
Share on other sites
  • 0

it's generated via CRONJOB - just give it a few minutes or trigger manually using 

php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug

The certificates are stored in froxlor's database and the configs-cronjob reads from there and generates the files and puts them into the corresponding folder specified in the settings.

Share this post


Link to post
Share on other sites
  • 0

chown: invalid user: ‘froxlorlocal:froxlorlocal’

[information] Updating Let's Encrypt certificates

PHP Notice:  Undefined variable: cronlog in /var/www/froxlor.0-10/lib/Froxlor/Cron/Http/LetsEncrypt/LetsEncryptV2.php on line 164

PHP Fatal error:  Uncaught Error: Call to a member function logAction() on null in /var/www/froxlor.0-10/lib/Froxlor/Cron/Http/LetsEncrypt/LetsEncryptV2.php:164

Stack trace:

#0 /var/www/froxlor.0-10/lib/Froxlor/Cron/Http/LetsEncrypt/LetsEncrypt.php(32): Froxlor\Cron\Http\LetsEncrypt\LetsEncryptV2::run()

#1 /var/www/froxlor.0-10/lib/Froxlor/Cron/MasterCron.php(101): Froxlor\Cron\Http\LetsEncrypt\LetsEncrypt::run()

#2 /var/www/froxlor.0-10/scripts/froxlor_master_cronjob.php(20): Froxlor\Cron\MasterCron::run()

#3 {main}

  thrown in /var/www/froxlor.0-10/lib/Froxlor/Cron/Http/LetsEncrypt/LetsEncryptV2.php on line 164

Share this post


Link to post
Share on other sites
  • 0

Current git master is not for production use, it's development.

Also, your first line states that you did not configure the services correctly after adjusting settings.

Share this post


Link to post
Share on other sites
  • 0
4 minutes ago, princeofnaxos said:

Maybe the user is created on fresh install? At least it wasn't created for me. I now did it with 'useradd froxlorlocal'. Does it need a group as well?

Configuration configuration configuration

Share this post


Link to post
Share on other sites
  • 0

I know it is not for production, but I expect you would know about things that don't work?  I'm willing to help.

 

1 minute ago, d00p said:

Configuration configuration configuration

Jaja, schön, but I see nowhere that I need to create the user myself.

Share this post


Link to post
Share on other sites
  • 0

Same error with ACME v1:

 

PHP Fatal error:  Uncaught Error: Call to a member function logAction() on null in /var/www/froxlor.0-10/lib/Froxlor/Cron/Http/LetsEncrypt/LetsEncrypt.php:166

Share this post


Link to post
Share on other sites
  • 0
7 minutes ago, princeofnaxos said:

Jaja, schön, but I see nowhere that I need to create the user myself.

Dann würde ich ja Mal unter Configuration -> Distro -> Other (system) gucken...z.b. PHP-FPM, 

Für die anderen Fehler, ersetze $cronlog einfach mit \Froxlor\FroxlorLogger::getInstanceOf()

Share this post


Link to post
Share on other sites
  • 0
16 hours ago, d00p said:

Für die anderen Fehler, ersetze $cronlog einfach mit \Froxlor\FroxlorLogger::getInstanceOf()

I'm using git, so if I make changes, then I can't pull any longer. Better you update the master.

 

16 hours ago, d00p said:

Dann würde ich ja Mal unter Configuration -> Distro -> Other (system) gucken...z.b. PHP-FPM,

Trotzdem finde ich dass es dort nicht ganz klar ist, dass man diesen Nutzer/Gruppe selber anlegen muss. Oder mindestens eine Warnung wenn den nicht existiert. Man sieht ja den Output vom Cronjob nicht, wenn man nicht selber auf der Konsole das Skript ausführt. 

Share this post


Link to post
Share on other sites
  • 0
13 minutes ago, princeofnaxos said:

I'm using git, so if I make changes, then I can't pull any longer. Better you update the master.

Wie wärs dann einfach mit einem PullRequest? Also wenn du helfen willst hilft das mehr - sonst muss ich es sowieso selber durchklicken und fixen

15 minutes ago, princeofnaxos said:

Trotzdem finde ich dass es dort nicht ganz klar ist, dass man diesen Nutzer/Gruppe selber anlegen muss. Oder mindestens eine Warnung wenn den nicht existiert. Man sieht ja den Output vom Cronjob nicht, wenn man nicht selber auf der Konsole das Skript ausführt. 

Deswegen soll man auch nach der Installation ERST die Einstellungen anpassen und DANN soweit nötig ALLE Konifgurations-Schritte durchgehen - da ist alles drin was man braucht, so das man nichts vergisst und nichts noch manuell machen muss.

Share this post


Link to post
Share on other sites
  • 0
1 minute ago, d00p said:

Wie wärs dann einfach mit einem PullRequest? Also wenn du helfen willst hilft das mehr - sonst muss ich es sowieso selber durchklicken und fixen

Ja, ok, das ginge auch

Share this post


Link to post
Share on other sites
  • 0

Das hört man doch gern :) Und am allerbesten schauste einfach bei uns im IRC vorbei, da kann man Fragen und Probleme auch etwas schneller lösen 

Share this post


Link to post
Share on other sites
  • 0
2 minutes ago, d00p said:

da ist alles drin was man braucht, so das man nichts vergisst und nichts noch manuell machen muss.

Wo steht dann 'useradd froxlorlocal'? Ich finde es nicht (weil ich alle Konfiguration-Schritte durchgegangen bin)

Share this post


Link to post
Share on other sites
  • 0

Configuration -> Distro wählen -> Other (System) -> PHP-FPM

[...]
groupadd -f froxlorlocal
useradd -s /bin/false -g froxlorlocal froxlorlocal
[...]

 

Share this post


Link to post
Share on other sites
  • 0

Das steht da halt nicht, wenn es den user schon gibt...macht ja keinen sinn einen anzulegen den es schon gibt

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By nisamudeen97
      Hi,
      Our froxlor server is behiend NAT and it uses the local IP  192.168.73.40.  We have enabled letsencrypt module in froxlor and tried validating SSL for a domain in the server.  SSL generation is getting failed with 403 error.  See the debug log information.      Replaced domain name and main IP.    Can any one help me regarding the issue.
       
      [information] Updating Let's Encrypt certificates [information] Updating domain-name.com [information] Adding SAN entry: domain-name.com [information] Adding SAN entry: www.domain-name.com [information] letsencrypt-v2 Using 'https://acme-v02.api.letsencrypt.org' to generate certificate [information] letsencrypt-v2 Using existing account key [information] letsencrypt-v2 Starting certificate generation process for domains [information] letsencrypt-v2 Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order [information] letsencrypt-v2 Requesting challenge for domain-name.com [information] letsencrypt-v2 Got challenge token for domain-name.com [information] letsencrypt-v2 Token for domain-name.com saved at /var/www/froxlor/.well-known/acme-challenge/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k and should be available at http://domain-name.com/.well-known/acme-challenge/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k [information] letsencrypt-v2 Sending request to challenge [information] letsencrypt-v2 Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/803008408/k46kFQ [information] letsencrypt-v2 Verification pending, sleeping 1s [information] letsencrypt-v2 Verification pending, sleeping 1s [error] Could not get Let's Encrypt certificate for domain-name.com: Verification ended with error: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from http:\/\/domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k [212.224.xxx.xxx]: \"<!DOCTYPE html>\\n<html lang=\\\"en-CA\\\" class=\\\"html_stretched responsive av-preloader-active av-preloader-enabled av-default-lightbox\"","status":403},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/803008408\/k46kFQ","token":"vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","validationRecord":[{"url":"http:\/\/www.domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","hostname":"www.domain-name.com","port":"80","addressesResolved":["212.224.xxx.xxx"],"addressUsed":"212.224.xxx.xxx"},{"url":"http:\/\/domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","hostname":"domain-name.com","port":"80","addressesResolved":["212.224.xxx.xxx"],"addressUsed":"212.224.xxx.xxx"}]} [information] Let's Encrypt certificates have been updated  
    • By peterpan
      Hi,
      I have a domain equipped with a certificate from LE. The cert is valid another 2 months. Now I added a domain as an alias of the existing domain, but the certificate isn't updated to have the new domain as its SAN.
      How do I trigger getting a new and updated certificate? Should I delete the existing one?
      Thanks for helping out.
       
      Peter
    • By juca
      Hi,
      I was wondering if it possible to specify different custom configurations for HTTP and HTTPS traffic. 
      I have a couple of sites that would need to keep HTTP traffic active. Basically what I would like to do is the following:
      for HTTP:
      ProxyPreserveHost On ProxyRequests off ### HTTP Proxy AllowCONNECT 443 563 ProxyPass / http://localhost:16080/ ProxyPassReverse / http://localhost:16080/  
      for HTTPS:
      ###SSL Proxy ProxyPreserveHost On ProxyRequests off SSLProxyEngine on SSLProxyVerify none  SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ProxyPass / https://localhost:16443/ ProxyPassReverse / https://localhost:16433/ is this possible?
       
    • By j4mb4l4j4
      Hallo, ich hätte eine Frage da ich aktuell in folgendes Problem laufe.
      Froxlor version: 0.9.39.5 (DB: 201805290)
      Meine Domains bekommen aktuell keine neuen Zertifikate mehr, da der Cronjob der die Letsencrypt Zertifikate erzeugt einen Fehler wirft.
      Gemäß Syspanel bekomme ich die Meldung (customer = mein Kunde, my.domain.com = meine Domain):
      25.03.19 18:51:38 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: Unknown SSL protocol error in connection to acme-v02.api.letsencrypt.org:443 25.03.19 17:48:28 error froxlor.panel Could not get Let's Encrypt certificate for my.domain.com: Curl: Unknown SSL protocol error in connection to acme-v02.api.letsencrypt.org:443 25.03.19 17:35:04 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: Empty reply from server 25.03.19 16:47:52 error froxlor.panel Could not get Let's Encrypt certificate for my.domain.com: Curl: Unknown SSL protocol error in connection to acme-v02.api.letsencrypt.org:443 25.03.19 16:43:53 error froxlor.panel Could not get Let's Encrypt certificate for my.domain.com: Curl: Empty reply from server 25.03.19 16:43:53 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: Unknown SSL protocol error in connection to acme-v02.api.letsencrypt.org:443 25.03.19 16:30:27 error froxlor.panel Could not get Let's Encrypt certificate for my.domain.com: Curl: Empty reply from server 20.03.19 16:55:42 error froxlor.panel Could not get Let's Encrypt certificate for my.domain.com: Curl: Could not resolve host: acme-v02.api.letsencrypt.org 20.03.19 16:50:50 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: Could not resolve host: acme-v02.api.letsencrypt.org 20.03.19 16:50:20 error froxlor.panel Could not get Let's Encrypt certificate for my.domain.com: Curl: Operation timed out after 0 milliseconds with 0 out of 0 bytes received 09.03.19 16:12:36 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: Empty reply from server 09.03.19 14:52:02 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: Empty reply from server 01.03.19 14:54:10 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: Unknown SSL protocol error in connection to acme-v02.api.letsencrypt.org:443 01.03.19 05:30:01 error customer Could not get Let's Encrypt certificate for my.domain.com: Curl: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error Leider bekomme ich wenn ich folgenden Befehl ausführe auch keine Meldung, es hängt einfach und passiert nix:
      root@server:/var/run# php -q /var/www/my.domain.com/scripts/froxlor_master_cronjob.php --letsencrypt --debug [information] Updating Let's Encrypt certificates [information] Updating my.domain.com [information] letsencrypt-v2 Using 'https://acme-v02.api.letsencrypt.org' to generate certificate [information] letsencrypt-v2 Using existing account key [information] letsencrypt-v2 Starting certificate generation process for domains [information] letsencrypt-v2 Requesting challenge for my.domain.com Leider sehe ich keine weitere Möglichkeit zum Debugging.
      Wo müsste ich ansetzen um mehr Logs zu bekommen, bzw. kennt jemand den Fehler und kann mir sagen was ich falsch mache ?
      Irgendwie verstehe ich nicht was das Problem ist.
      Auf einem anderen Server mit anderer IP und Froxlor habe ich genau das gleiche Problem.
      Ich kann erfolgreich pingen und telnetten:
      root@server:/var/run# telnet acme-v02.api.letsencrypt.org 443 Trying 2a02:26f0:eb:186::3a8e... Connected to e14990.dscx.akamaiedge.net. Escape character is '^]'. ^CConnection closed by foreign host.  

    • By FearTheDude
      Folgende Situation:
      Ich betreibe einen vServer mit Froxlor als Hostingpanel
      Der docroot von meinedomain.tld liegt unter /var/customers/webs/meinAccount
      Eine SSL Weiterleitung wurde auf meinedomain.tld eingerichtet
      Kunden verwenden ein paar vorinstallierte tools (Webmailer, DB Frontend, Froxlor Panel) über toolname.meinedomain.tld
      Die Tools liegen nicht im docroot von meinedomain.tld sondern unter /var/www/toolname
      Folgendes Problem:
      Die SSL Weiterleitung von http auf https bei der Hauptdomain meinedomain.tld funktioniert nicht, es sei denn, man verwendet eine der Subdomains für die Tools
      Für meinedomain.tld wird anstatt /var/customers/webs/meinAccount der docroot /var/www verwendet
      Vorübergehende Lösung:
      Die Prüfung, ob mod_rewrite in der NN_froxlor_normal_vhost_meinedomain.tld.conf aktiv ist, entfernen
      <IfModule !mod_rewrite.c> Redirect 301 / https://meinedomain.tld/ </IfModule> Dann findet IMMER ein Redirect auf HTTPS statt, wobei hier auch der richtige docroot geladen wird.
      Nachteil:
      Sobald die Configs neu geschrieben werden, ist die Änderung weg.
      Fragen:
      Kann man die mod_rewrite prüfung für die SSL Weiterleitung irgendwo dauerhaft deaktivieren?
      Warum verwendet der vHost Container für http keinen bzw. den falschen docroot?
      Wie kann ich persistente Änderungen an den .conf Dateien für einen vHost vornehmen?




×
×
  • Create New...