Jump to content
Froxlor Forum
  • 0
peterpan

How to trigger renewal of certificate?

Question

Hi,

I have a domain equipped with a certificate from LE. The cert is valid another 2 months. Now I added a domain as an alias of the existing domain, but the certificate isn't updated to have the new domain as its SAN.

How do I trigger getting a new and updated certificate? Should I delete the existing one?

Thanks for helping out.

 

Peter

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

You can safely delete it from the ssl-certificates list, a new one will be generated automatically with the next cronjob

Share this post


Link to post
Share on other sites
  • 0

This doesn't seem to work. I deleted it from the SSL certificates page, but with the next cronjob, it came back exactly as before, with same domains, same creation date and same expiration date.

I even deleted the certificate file from disk in /etc/ssl/froxlor-custom/, but that didn't make any difference as well.

Share this post


Link to post
Share on other sites
  • 0

Did you try running the letsencrypt Cron with --debug flag to see what is coming from let's encrypt itself?

Share this post


Link to post
Share on other sites
  • 0

This is what I see:

[information] Adding SAN entry: xxx.yyy
[information] Updated Let's Encrypt certificate for xxx.zzz
[information] Let's Encrypt certificates have been updated

The date of the certificate on disk has changed to the current time, but not its size, and not its content. openssl x509 -in xxx.crt -text -noout does not show the new domains.

Share this post


Link to post
Share on other sites
  • 0
2 hours ago, peterpan said:

This is what I see:

[information] Adding SAN entry: xxx.yyy
[information] Updated Let's Encrypt certificate for xxx.zzz
[information] Let's Encrypt certificates have been updated

that means nothing happened (or you forget the --debug switch)

Share this post


Link to post
Share on other sites
  • 0
5 hours ago, d00p said:

that means nothing happened (or you forget the --debug switch)

This is what I see with the debug switch. Without it, I see no such output.

Share this post


Link to post
Share on other sites
  • 0

Then no new certificate is created at all. Try deleting the certificate again, then manually run the letsencrypt Cron with --debug

Share this post


Link to post
Share on other sites
  • 0

I put an echo on line 298 in froxlor/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php to see what acme.sh does. When deleting the certificate from the list in Froxlor, it says "Domains not changed" and does nothing. The existing certificate is then copied from /root/.acme.sh to /etc/ssl/froxlor-custom.

When adding a domain (as an alias of the existing domain), the command looks like this:

```

/root/.acme.sh/acme.sh --auto-upgrade 0 --server https://acme-v01.api.letsencrypt.org/directory --renew -d existing_domain.net -d new_domain.net --keylength 4096

```

Since it says '--renew', the new domain is not added to the certificate. The correct switch is '--issue'.

 

It would be helpful to see the output of the acme script when using the --debug switch on the cronjob.

Share this post


Link to post
Share on other sites
  • 0
4 minutes ago, peterpan said:

When deleting the certificate from the list in Froxlor, it says "Domains not changed" and does nothing.

hm...okay, interesting, I'll dig into that

4 minutes ago, peterpan said:

Since it says '--renew', the new domain is not added to the certificate. The correct switch is '--issue'.

sure it tries a --renew when nothing changed :)

4 minutes ago, peterpan said:

It would be helpful to see the output of the acme script when using the --debug switch on the cronjob.

definetly a good idea, I'll check what I can do

Share this post


Link to post
Share on other sites
  • 0
1 minute ago, d00p said:

sure it tries a --renew when nothing changed :)

 

Actually, something did change: I added the new domain as an alias of an existing domain. In the acme.sh command it says '-d new_domain' (correct), so the '--renew' switch is probably not the right choice by your script.

Share this post


Link to post
Share on other sites
  • 0

Ah okay, so it did recognize the additional alias....also i think in any case when a certificate gets deleted it should do an --issue and not try a --renew - need to check whether this is froxlor logic or acme.sh - did you - after deletion of the certificate - wait for the cron to remove the certificate from acme-sh itself? see https://github.com/Froxlor/Froxlor/blob/master/lib/Froxlor/Domain/Domain.php#L294

Share this post


Link to post
Share on other sites
  • 0

removing the certificates is "tasks" cronjobs - which runs every 5 minutes so now hard to track whether it did remove the certificate from acme.sh or not

Share this post


Link to post
Share on other sites
  • 0

'tasks' outputs nothing about removing the certificate. I can't get my finger behind it, but in some situations the 'renew' switch is used, where it should be 'issue'. In other situations, 'issue' is used correctly.

Also interesting: if an error occurs when getting the certificate (e.g. the domain validation fails), there is no retry for the certificate. At the next run, it says "No new certificates or certificates due for renewal found".

Share this post


Link to post
Share on other sites
  • 0
3 hours ago, peterpan said:

'tasks' outputs nothing about removing the certificate.

well did you test with 1) stopping the cron, 2) removing a certificate in froxlor and 3) running the cronjob manually (--force --debug) ?

Share this post


Link to post
Share on other sites
  • 0
3 hours ago, peterpan said:

Also interesting: if an error occurs when getting the certificate (e.g. the domain validation fails),

domain validation should be done way before trying to get a certificate (when adding the domain)

Share this post


Link to post
Share on other sites
  • 0
On 9/9/2019 at 4:58 PM, d00p said:

domain validation should be done way before trying to get a certificate (when adding the domain)

Yes, sure, but there are situations where the domain is not available afterwards, such as not-responsive DNS or a domain that doesn't exist anymore. Not always sure that the domain is removed from Froxlor in that case.

Share this post


Link to post
Share on other sites
  • 0

Ok, so I debugged a bit. Changes to domains/aliases/etc. set the expiration-date to NULL which in the former let's encrypt implementation was enough to trigger a re-issue. Acme.sh on the other side displays an error:

Quote

Domain key exists, do you want to overwrite the key?
Add '--force', and try again.
Create domain key error.

Could you test the following changes to see if the certificate issue is now done properly when changing a domain alias?

diff --git a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
index e0967ca0..32d7fae1 100644
--- a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
+++ b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
@@ -62,7 +62,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
                        SELECT
                                domssl.`id`,
                                domssl.`domainid`,
-                               domssl.expirationdate,
+                               domssl.`expirationdate`,
                                domssl.`ssl_cert_file`,
                                domssl.`ssl_key_file`,
                                domssl.`ssl_ca_file`,
@@ -221,9 +221,14 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
                        // Only renew let's encrypt certificate if no broken ssl_redirect is enabled
                        if ($certrow['ssl_redirect'] != 2) {
 
-                               if (! empty($certrow['ssl_cert_file'])) {
+                               $do_force = false;
+                               if (! empty($certrow['ssl_cert_file']) && !empty($certrow['expirationdate'])) {
                                        $cert_mode = 'renew';
                                        $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Updating certificate for " . $certrow['domain']);
+                               } else if (! empty($certrow['ssl_cert_file']) && empty($certrow['expirationdate'])) {
+                                       // domain changed (SAN or similar)
+                                       $do_force = true;
+                                       $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Re-creating certificate for " . $certrow['domain']);
                                } else {
                                        $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Creating certificate for " . $certrow['domain']);
                                }
@@ -252,7 +257,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
                                        }
                                }
 
-                               self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected);
+                               self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected, $do_force);
                        } else {
                                $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
                        }
@@ -270,7 +275,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
                }
        }
 
-       private static function runAcmeSh($certrow = array(), $domains = array(), $cert_mode = 'issue', &$cronlog = null, &$changedetected = 0)
+       private static function runAcmeSh($certrow = array(), $domains = array(), $cert_mode = 'issue', &$cronlog = null, &$changedetected = 0, $force = false)
        {
                if (! empty($domains)) {
 
@@ -295,6 +300,9 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
                        if (Settings::Get('system.letsencryptca') == 'testing') {
                                $acmesh_cmd .= " --staging";
                        }
+                       if ($force) {
+                               $acmesh_cmd .= " --force";
+                       }
 
                        $acme_result = \Froxlor\FileDir::safe_exec($acmesh_cmd);
 

 

Share this post


Link to post
Share on other sites
  • 0

When I run 'git apply' on this, it says:

Quote

error: patch failed: lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php:62
error: lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php: patch does not apply

although it says "SELECT" at line 62.

I am on the latest version:

Quote

 

# git status

On branch master

Your branch is up-to-date with 'origin/master'.

nothing to commit, working tree clean

 

 

Share this post


Link to post
Share on other sites
  • 0

sure it was meant for you. Hmm, what do you mean with not available? can you give me an error message? users should be able to download attachments

Share this post


Link to post
Share on other sites
  • 0

Hm, I cant seem to find the proper configuration. Accessing attachments should be allowed for the members group. But the file is basically the same as the diff I've sent you, here the contents:

From 6ebb8dabc448a692c591c4286a5a39eae13c275b Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Thu, 12 Sep 2019 12:30:47 +0200
Subject: [PATCH] re-create certificate if SAN list or domain changes

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
index e0967ca0..32d7fae1 100644
--- a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
+++ b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
@@ -62,7 +62,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 			SELECT
 				domssl.`id`,
 				domssl.`domainid`,
-				domssl.expirationdate,
+				domssl.`expirationdate`,
 				domssl.`ssl_cert_file`,
 				domssl.`ssl_key_file`,
 				domssl.`ssl_ca_file`,
@@ -221,9 +221,14 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 			// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
 			if ($certrow['ssl_redirect'] != 2) {
 
-				if (! empty($certrow['ssl_cert_file'])) {
+				$do_force = false;
+				if (! empty($certrow['ssl_cert_file']) && !empty($certrow['expirationdate'])) {
 					$cert_mode = 'renew';
 					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Updating certificate for " . $certrow['domain']);
+				} else if (! empty($certrow['ssl_cert_file']) && empty($certrow['expirationdate'])) {
+					// domain changed (SAN or similar)
+					$do_force = true;
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Re-creating certificate for " . $certrow['domain']);
 				} else {
 					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Creating certificate for " . $certrow['domain']);
 				}
@@ -252,7 +257,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 					}
 				}
 
-				self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected);
+				self::runAcmeSh($certrow, $domains, $cert_mode, $cronlog, $changedetected, $do_force);
 			} else {
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
 			}
@@ -270,7 +275,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 		}
 	}
 
-	private static function runAcmeSh($certrow = array(), $domains = array(), $cert_mode = 'issue', &$cronlog = null, &$changedetected = 0)
+	private static function runAcmeSh($certrow = array(), $domains = array(), $cert_mode = 'issue', &$cronlog = null, &$changedetected = 0, $force = false)
 	{
 		if (! empty($domains)) {
 
@@ -295,6 +300,9 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 			if (Settings::Get('system.letsencryptca') == 'testing') {
 				$acmesh_cmd .= " --staging";
 			}
+			if ($force) {
+				$acmesh_cmd .= " --force";
+			}
 
 			$acme_result = \Froxlor\FileDir::safe_exec($acmesh_cmd);
 
-- 
2.20.1

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By ZARk
      Hello

      I can't renew certs (or create new certs) since the 0.10 upgrade. was working fine before on 0.9

      I'm basically getting the same output everytime i run this command.
       
      xander /var/www/froxlor # /usr/bin/php7.3 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug [information] Requesting/renewing Let's Encrypt certificates [information] Creating certificate for Westecheurope.eu [information] Adding SAN entry: Westecheurope.eu [information] Adding SAN entry: www.Westecheurope.eu [Mon 4 Nov 11:23:46 CET 2019] It is recommended to install socat first. [Mon 4 Nov 11:23:46 CET 2019] We use socat for standalone server if you use standalone mode. [Mon 4 Nov 11:23:46 CET 2019] If you don't use standalone mode, just ignore this warning. [information] Checking for LetsEncrypt client upgrades before renewing certificates: [Mon 4 Nov 11:23:45 CET 2019] Installing from online archive. [Mon 4 Nov 11:23:45 CET 2019] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz [Mon 4 Nov 11:23:46 CET 2019] Extracting master.tar.gz [Mon 4 Nov 11:23:46 CET 2019] Installing to /root/.acme.sh [Mon 4 Nov 11:23:46 CET 2019] Installed to /root/.acme.sh/acme.sh [Mon 4 Nov 11:23:46 CET 2019] Good, bash is found, so change the shebang to use bash as preferred. [Mon 4 Nov 11:23:47 CET 2019] OK [Mon 4 Nov 11:23:47 CET 2019] Install success! [Mon 4 Nov 11:23:47 CET 2019] Upgrade success! [Mon 4 Nov 11:23:47 CET 2019] Removing cron job [Mon 4 Nov 11:23:52 CET 2019] get to authz error. [Mon 4 Nov 11:23:52 CET 2019] _authorizations_map='www.westecheurope.eu,{"identifier":{"type":"dns","value":"www.westecheurope.eu"},"status":"pending","expires":"2019-11-07T18:17:12Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/e3Lmew","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/rs0T6w","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/ZPjfSg","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"}]} westecheurope.eu,{"identifier":{"type":"dns","value":"westecheurope.eu"},"status":"pending","expires":"2019-11-07T18:17:12Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/hOWGhQ","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/nj7_Ow","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/v7Bc7A","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"}]} ' [Mon 4 Nov 11:23:52 CET 2019] Please add '--debug' or '--log' to check more details. [Mon 4 Nov 11:23:52 CET 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh [debug] [Mon 4 Nov 11:23:48 CET 2019] Creating domain key [Mon 4 Nov 11:23:49 CET 2019] The domain key is here: /root/.acme.sh/Westecheurope.eu/Westecheurope.eu.key [Mon 4 Nov 11:23:49 CET 2019] Multi domain='DNS:Westecheurope.eu,DNS:www.Westecheurope.eu' [Mon 4 Nov 11:23:50 CET 2019] Getting domain auth token for each domain [Mon 4 Nov 11:23:52 CET 2019] Getting webroot for domain='Westecheurope.eu' [error] Could not get Let's Encrypt certificate for Westecheurope.eu: [Mon 4 Nov 11:23:48 CET 2019] Creating domain key [Mon 4 Nov 11:23:49 CET 2019] The domain key is here: /root/.acme.sh/Westecheurope.eu/Westecheurope.eu.key [Mon 4 Nov 11:23:49 CET 2019] Multi domain='DNS:Westecheurope.eu,DNS:www.Westecheurope.eu' [Mon 4 Nov 11:23:50 CET 2019] Getting domain auth token for each domain [Mon 4 Nov 11:23:52 CET 2019] Getting webroot for domain='Westecheurope.eu' [information] No new certificates or certificates due for renewal found [notice] Checking system's last guid  
    • By d00p
      Dear Froxlor Community,
      I am proud to finally release the stable version of a new API based froxlor. Due to massive internal improvements and changes in the core (almost 600 commits since 0.9.40.1) users are now able to list/create/edit/delete resources and entities of froxlor via API (requires activation of api-usage in the settings and a user based API-key). The froxlor frontend itself uses the API backend too.
      Froxlor now uses composer to include some of its requirements like phpMailer, Logger, IdnaConvert and TwoFactorAuth libraries. All required files will be included in the official tarball so you do not need to worry about installing and using composer (only if you are using / testing the git-master, see https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-from-git-sources).
      Most important changes:
      froxlor now requires at least php-7.0 or newer, php-5.6 is no longer supported because of its EOL almost a year ago you can access data via API, for more information see https://api.froxlor.org/doc/. An example can be found here: https://github.com/Froxlor/Froxlor/tree/master/doc/example PHPUnit tested API backend with MySQL 5.6, 5.7 and 8 as well as MariaDB 10.3 and 10.4, see https://travis-ci.com/Froxlor/Froxlor compatibility for MySQL8 2FA (two-factor-authentication) for admins/resellers/customers (email or authenticator app) all froxlor-database tables will automatically be converted to the InnoDB engine added support for Debian 10 (buster) and Ubuntu 18.04 (bionic beaver) implemented Let's Encrypt via acme.sh - Note: all your current Let's Encrypt certificates will be removed and re-created due to another structure customizable error/access log handling for webserver (format, level, pipe-to-script, etc.) deprecated Debian 7 (wheezy) and Ubuntu 14.04 (trusty tahr) support dropped support for Ubuntu 12.04 (precise pangolin) dropped ticketsystem Changes in 0.10.1:
      allow/disallow API access on a per-customer base new API parameters for Admins.add(), Admins.update(), Customers.add() and Customers.update() bool $api_allowed (default: false for Customers, true for Admins) add explicit tlsv1.3 ciphersuite setting fixed wrong behaviour in Ftps.add() if customer is newly created and setting customer.ftpatdomain is true added expiration date to SSL certificates loaded via API request fixed wrong return in Certificates.get() if given domain does not have a certificate allow setting http2 flag for (sub)domains in customer view, fixes #725 Changes in 0.10.2:
      force Let's Encrypt ACMEv2 API, fixed #728 added default-ssl-vhost settings and optionally allow including of non-ssl default-vhost settings, fixes #727 new API parameters for Domains.add() and Domains.update() string $ssl_specialsettings bool $include_specialsettings bool $dont_use_default_ssl_ipandport_if_empty removed API parameters in Domains.add() bool $use_default_ssl_ipandport_if_empty new API parameters for IpsAndPorts.add() and IpsAndPorts.update() string $ssl_specialsettings bool $include_specialsettings string $ssl_default_vhostconf_domain bool $include_default_vhostconf_domain implemented DomainZones.listing() to return custom stored dns entries fix registration and termination date to flip between empty-value and 0000-00-00 Changes in 0.10.3:
      fallback to /tmp/froxlor.log if file-log is activated but no file given or not writeable; fixes #737 added tls-settings per domain for admins with change_serversettings-flag set; fixes #519 new API parameter for Domains.add() and Domains.update() bool $override_tls (default: false) array $ssl_protocols string $ssl_cipher_list string $tlsv13_cipher_list preserve downward compatibility for 0.10.1 updaters regarding specialsettings for ssl-enabled domains; fixes #739 Changes in 0.10.4:
      added support for CIDR/netmask in mysql-access-hosts; fixes #564 fixed invalid handling of escape-sequences in api-endpoint, fixes #746 fixed an issue with adding the default ftp user for new customer when added by admin/reseller with no ftp-resources; fixes #741 fixed nginx configuration issue with fastcgi_split_path_info option; fixes #744 Changes in 0.10.5:
      bugfix release due to errors in Let's Encrypt re-new check; fixes #747 Download: 0.10.5

      Note: Debian/Ubuntu packages are available as of 21th of October 2019 - Note that there are no packages for oldoldstable (jessie) anymore
      Attention: The auto-update feature is currently not working correctly for updaters from 0.9.x due to the archive taking a bit longer to extract and froxlor trying to redirect too soon thus leading to an internal server error. A quick reload does "fix" the problem. To avoid that please use the manual update options, see https://github.com/Froxlor/Froxlor/wiki

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net for support, help, participation or just a chat

      Thank you,
      d00p
    • By nisamudeen97
      Hi,
      Our froxlor server is behiend NAT and it uses the local IP  192.168.73.40.  We have enabled letsencrypt module in froxlor and tried validating SSL for a domain in the server.  SSL generation is getting failed with 403 error.  See the debug log information.      Replaced domain name and main IP.    Can any one help me regarding the issue.
       
      [information] Updating Let's Encrypt certificates [information] Updating domain-name.com [information] Adding SAN entry: domain-name.com [information] Adding SAN entry: www.domain-name.com [information] letsencrypt-v2 Using 'https://acme-v02.api.letsencrypt.org' to generate certificate [information] letsencrypt-v2 Using existing account key [information] letsencrypt-v2 Starting certificate generation process for domains [information] letsencrypt-v2 Sending signed request to https://acme-v02.api.letsencrypt.org/acme/new-order [information] letsencrypt-v2 Requesting challenge for domain-name.com [information] letsencrypt-v2 Got challenge token for domain-name.com [information] letsencrypt-v2 Token for domain-name.com saved at /var/www/froxlor/.well-known/acme-challenge/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k and should be available at http://domain-name.com/.well-known/acme-challenge/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k [information] letsencrypt-v2 Sending request to challenge [information] letsencrypt-v2 Sending signed request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/803008408/k46kFQ [information] letsencrypt-v2 Verification pending, sleeping 1s [information] letsencrypt-v2 Verification pending, sleeping 1s [error] Could not get Let's Encrypt certificate for domain-name.com: Verification ended with error: {"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from http:\/\/domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k [212.224.xxx.xxx]: \"<!DOCTYPE html>\\n<html lang=\\\"en-CA\\\" class=\\\"html_stretched responsive av-preloader-active av-preloader-enabled av-default-lightbox\"","status":403},"url":"https:\/\/acme-v02.api.letsencrypt.org\/acme\/chall-v3\/803008408\/k46kFQ","token":"vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","validationRecord":[{"url":"http:\/\/www.domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","hostname":"www.domain-name.com","port":"80","addressesResolved":["212.224.xxx.xxx"],"addressUsed":"212.224.xxx.xxx"},{"url":"http:\/\/domain-name.com\/.well-known\/acme-challenge\/vkTyLi2ApfP9O9ou8GyDz6WQmB--HP4ULnU0fhjXI0k","hostname":"domain-name.com","port":"80","addressesResolved":["212.224.xxx.xxx"],"addressUsed":"212.224.xxx.xxx"}]} [information] Let's Encrypt certificates have been updated  
    • By juca
      Hi,
      I was wondering if it possible to specify different custom configurations for HTTP and HTTPS traffic. 
      I have a couple of sites that would need to keep HTTP traffic active. Basically what I would like to do is the following:
      for HTTP:
      ProxyPreserveHost On ProxyRequests off ### HTTP Proxy AllowCONNECT 443 563 ProxyPass / http://localhost:16080/ ProxyPassReverse / http://localhost:16080/  
      for HTTPS:
      ###SSL Proxy ProxyPreserveHost On ProxyRequests off SSLProxyEngine on SSLProxyVerify none  SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ProxyPass / https://localhost:16443/ ProxyPassReverse / https://localhost:16433/ is this possible?
       
    • By d00p
      Dear Froxlor Commuity,
      finally - the first release candidate of our new API based version 0.10.0! A lot of work has gone into this, many internal changes (you might miss any frontend-changes, but be patient...) most importantly the API backend which not only is used by froxlor frontend itself but can also be uses from within your website/scripts/etc.
      Froxlor now uses composer to include some of its requirements like phpMailer, Logger, IdnaConvert and TwoFactorAuth libraries.
      Here are some of the new features besides API that found their way in:
      - 2FA / TwoFactor Authentication for accounts - MySQL8 compatibility - new implementation of Let's Encrypt (acme.sh) - customizable error/access log handling for webserver (format, level, pipe-to-script, etc.) - lots and lots of bugfixes and small enhancements You can see all changes on Github at https://github.com/Froxlor/Froxlor/compare/0.9.40.1...0.10.0-rc2
      Download: 0.10.0-rc2

      Note: There will be no Debian packages for release-candidates.

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.

      Thank you,
      d00p
×
×
  • Create New...