Jump to content
Froxlor Forum
  • 0

SSL virtual hosts


princeofnaxos
 Share

Question

After migrating from syscp, all SSL hosts have empty host files. A comment is there, saying "# no ssl-certificate was specified for this domain, therefore no explicit vhost is being generated".

Looking in lib/Froxlor/Cron/Http/Apache.php, I see that $domain['ssl_cert_file'] must be empty in order to get that message. But where in the domain form should I enter the certificate's filename? There is nothing under "Webserver SSL settings" that looks like that.

 

Link to comment
Share on other sites

Recommended Posts

  • 0

if you want Let's Encrypt - the use froxlor's let's encrypt integration rather then certbot or anything. You won't have to copy'n'paste anything as it's done automatically.

The reason for this behavior is, that the customer is able to set a certificate for his domain on his own because he does not have access to the server, nor should it be necessary that he knows the path to the certificate on the server.

Link to comment
Share on other sites

  • 0

it's generated via CRONJOB - just give it a few minutes or trigger manually using 

php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug

The certificates are stored in froxlor's database and the configs-cronjob reads from there and generates the files and puts them into the corresponding folder specified in the settings.

Link to comment
Share on other sites

  • 0

chown: invalid user: ‘froxlorlocal:froxlorlocal’

[information] Updating Let's Encrypt certificates

PHP Notice:  Undefined variable: cronlog in /var/www/froxlor.0-10/lib/Froxlor/Cron/Http/LetsEncrypt/LetsEncryptV2.php on line 164

PHP Fatal error:  Uncaught Error: Call to a member function logAction() on null in /var/www/froxlor.0-10/lib/Froxlor/Cron/Http/LetsEncrypt/LetsEncryptV2.php:164

Stack trace:

#0 /var/www/froxlor.0-10/lib/Froxlor/Cron/Http/LetsEncrypt/LetsEncrypt.php(32): Froxlor\Cron\Http\LetsEncrypt\LetsEncryptV2::run()

#1 /var/www/froxlor.0-10/lib/Froxlor/Cron/MasterCron.php(101): Froxlor\Cron\Http\LetsEncrypt\LetsEncrypt::run()

#2 /var/www/froxlor.0-10/scripts/froxlor_master_cronjob.php(20): Froxlor\Cron\MasterCron::run()

#3 {main}

  thrown in /var/www/froxlor.0-10/lib/Froxlor/Cron/Http/LetsEncrypt/LetsEncryptV2.php on line 164

Link to comment
Share on other sites

  • 0
4 minutes ago, princeofnaxos said:

Maybe the user is created on fresh install? At least it wasn't created for me. I now did it with 'useradd froxlorlocal'. Does it need a group as well?

Configuration configuration configuration

Link to comment
Share on other sites

  • 0
7 minutes ago, princeofnaxos said:

Jaja, schön, but I see nowhere that I need to create the user myself.

Dann würde ich ja Mal unter Configuration -> Distro -> Other (system) gucken...z.b. PHP-FPM, 

Für die anderen Fehler, ersetze $cronlog einfach mit \Froxlor\FroxlorLogger::getInstanceOf()

Link to comment
Share on other sites

  • 0
16 hours ago, d00p said:

Für die anderen Fehler, ersetze $cronlog einfach mit \Froxlor\FroxlorLogger::getInstanceOf()

I'm using git, so if I make changes, then I can't pull any longer. Better you update the master.

 

16 hours ago, d00p said:

Dann würde ich ja Mal unter Configuration -> Distro -> Other (system) gucken...z.b. PHP-FPM,

Trotzdem finde ich dass es dort nicht ganz klar ist, dass man diesen Nutzer/Gruppe selber anlegen muss. Oder mindestens eine Warnung wenn den nicht existiert. Man sieht ja den Output vom Cronjob nicht, wenn man nicht selber auf der Konsole das Skript ausführt. 

Link to comment
Share on other sites

  • 0
13 minutes ago, princeofnaxos said:

I'm using git, so if I make changes, then I can't pull any longer. Better you update the master.

Wie wärs dann einfach mit einem PullRequest? Also wenn du helfen willst hilft das mehr - sonst muss ich es sowieso selber durchklicken und fixen

15 minutes ago, princeofnaxos said:

Trotzdem finde ich dass es dort nicht ganz klar ist, dass man diesen Nutzer/Gruppe selber anlegen muss. Oder mindestens eine Warnung wenn den nicht existiert. Man sieht ja den Output vom Cronjob nicht, wenn man nicht selber auf der Konsole das Skript ausführt. 

Deswegen soll man auch nach der Installation ERST die Einstellungen anpassen und DANN soweit nötig ALLE Konifgurations-Schritte durchgehen - da ist alles drin was man braucht, so das man nichts vergisst und nichts noch manuell machen muss.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Similar Content

    • By logicbloke
      Hello,
      I seem to be getting this error when the cron runs:
      [debug] System certificate file "/etc/ssl/froxlor-custom/xxx.tld.crt" does not seem to exist. Disabling SSL-vhost for "xxx.tld"
      Froxlor VirtualHost is enabled, along with SSL generation but it seems like it's being generated on acme's folder and not copied over to /etc/ssl/froxlor-custom/, anyone has any clues?
       
      Many thanks,
    • By logicbloke
      Hi,
      I'm just wondering what the difference is between the following 2 folders:
      Why is froxlor installing acme.sh cron everytime it runs at 3am everyday especially since the 5-min let's encrypt froxlor cron is already in place? Also, all my db config points to /etc/ssl/froxlor-custom for the domains and all keys/certificates inside that folder have a different md5 from the ones under /root/.acme.sh/, so I'm wondering what's with the mismatch? Are we updating certificates for domains twice?
       
      If anyone can shed some more light on this, it will be very much appreciated.
       
      Many thanks!
    • By Michael Groß
      Hallo zusammen,
      ich kämpfe momentan mit der SSL Konfiguration von meinem Froxlor-Server.
      Bedauerlicherweise befindet sich der Webserver hinter einer Firewall und hat eine private IP Adresse zugewiesen bekommen. 
      Die Firewall leitet entsprechend den Traffic von außerhalb auf den Server weiter (HTTP ist das alles kein Problem).
      Nun habe ich vorhin SSL aktivieren wollen und hierzu kann ich leider keine private IP Adresse eintragen (lässt Froxlor nicht zu).
      Entsprechend habe ich die public IP eingetragen, was aber auch nicht funktioniert, da durch das NAT der Firewall die private IP angesprochen wird - somit funktioniert dies nicht.
      Habt ihr eine Idee, wie man das umbauen kann?
      An sich brauche ich nur die private IP Adresse als SSL Adresse eintragen - vermute aber, dass dadurch Let's Encrypt auch nicht mehr richtig laufen wird.
      Viele Grüße
      Michael
      PS: Ein 1:1 NAT wäre noch eine Möglichkeit, da ich die Public IP aber für diverse Server verwende, fällt das auch raus. Müsste dann eine neue Public IP kaufen, welche ich dann mit einem 1:1 NAT auf den Webserver laufen lasse (wäre noch eine Möglichkeit)
    • By nisamudeen97
      Hi,
      Our froxlor server is behiend NAT and it uses the local IP  192.168.73.40.  We have enabled letsencrypt module in froxlor and tried validating SSL for a domain in the server.  SSL generation is getting failed with 403 error.  See the debug log information.      Replaced domain name and main IP.    Can any one help me regarding the issue.
       
      [information] Updating Let's Encrypt certificates [information] Updating domain-name.com [information] Adding SAN entry: domain-name.com [information] Adding SAN entry: www.domain-name.com [information] letsencrypt-v2 Using 'https://acme-v02.api.letsencrypt.org' to generate certificate [information] letsencrypt-v2 Using existing account key [information] letsencrypt-v2 Starting certificate generation process for domains [information] letsencrypt-v2 Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order [information] letsencrypt-v2 Requesting challenge for domain-name.com [information] letsencrypt-v2 Got challenge token for domain-name.com [information] letsencrypt-v2 Token for domain-name.com saved at /var/www/froxlor/.well-known/acme-challenge/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k and should be available at http://domain-name.com/.well-known/acme-challenge/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k [information] letsencrypt-v2 Sending request to challenge [information] letsencrypt-v2 Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/803008408/k46kFQ [information] letsencrypt-v2 Verification pending, sleeping 1s [information] letsencrypt-v2 Verification pending, sleeping 1s [error] Could not get Let's Encrypt certificate for domain-name.com: Verification ended with error: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from http:\/\/domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k [212.224.xxx.xxx]: \"<!DOCTYPE html>\\n<html lang=\\\"en-CA\\\" class=\\\"html_stretched responsive av-preloader-active av-preloader-enabled av-default-lightbox\"","status":403},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/803008408\/k46kFQ","token":"vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","validationRecord":[{"url":"http:\/\/www.domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","hostname":"www.domain-name.com","port":"80","addressesResolved":["212.224.xxx.xxx"],"addressUsed":"212.224.xxx.xxx"},{"url":"http:\/\/domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","hostname":"domain-name.com","port":"80","addressesResolved":["212.224.xxx.xxx"],"addressUsed":"212.224.xxx.xxx"}]} [information] Let's Encrypt certificates have been updated  
    • By peterpan
      Hi,
      I have a domain equipped with a certificate from LE. The cert is valid another 2 months. Now I added a domain as an alias of the existing domain, but the certificate isn't updated to have the new domain as its SAN.
      How do I trigger getting a new and updated certificate? Should I delete the existing one?
      Thanks for helping out.
       
      Peter
×
×
  • Create New...