Jump to content
Froxlor Forum
d00p

Release 0.10.19 - API based froxlor with 2FA, MySQL8 compatibility, new Let's Encrypt implementation and much more...

Recommended Posts

Hm it's not like that on my boxes, can you please send me a dump of your panel_domains table so I can check?

Share this post


Link to post
Share on other sites

I just found out: Only domains that have alias domains are duplicated. And the number of duplicates is exactly the number of alias domains.

So I guess it is a problem with alias domains. If you still can't replicate, please let me know.

Edit: After removing the alias domains, the duplicates are gone.

Also the link to the alias domains leads to an empty list of domains.

Edited by crazy4chrissi

Share this post


Link to post
Share on other sites

I can reproduce some issues with alias-domains yes, but your problem seems to be another, as for alias domains, there should no %PATH% shown but "Alias for domain [domain.tld]". Also, please tell me whether the "subdomains" have been added as admin (sub but maindomain) or the customer itself.

Share this post


Link to post
Share on other sites
37 minutes ago, crazy4chrissi said:

The problem that the link "Has Aliasdomains" links to an empty list of domains (even though there are alias domains) is still there.

There you go: https://git.io/JeiAl

Share this post


Link to post
Share on other sites

What is the recommended upgrade path when running Debian 8 (Jessie) with Froxlor 0.9.40.1-1+jessie1? Upgrade Debian twice, then add the repo 'deb https://deb.froxlor.org/debian buster main', then upgrade Froxlor?

Also, is that repo still only 'testing', as was mentioned here (earlier in this thread)?

I will make an VPS snapshot so I have some room for experimentation (I can revert in a pinch), but knowing what to expect is better of course :)

Share this post


Link to post
Share on other sites

Yes, First through all Debians nothing special. Remember to backup everything! If on latest Debian you don't necessarily need to add the repository if you already have froxlor installed. the repository is official and includes the latest stable release of froxlor. It is safe to use.

Don't forget that due to changes in many services I'd recommend re-configure these. Also don't forget to adjust Froxlors settings according to the new environment (apache 2.2 -> 2.4, if using php-fpm, need to use mod_proxy,etc.) all prior to reconfiguring the services.

 

Share this post


Link to post
Share on other sites
On 1/26/2020 at 3:10 PM, d00p said:

Yes, First through all Debians nothing special. Remember to backup everything! If on latest Debian you don't necessarily need to add the repository of you already have froxlor installed. the repository is official and includes the latest stable release of froxlor. It is safe to use.

Don't forget that due to changes in many services I'd recommend re-configure these. Also don't forget to adjust Froxlors settings according to the new environment (apache 2.2 -> 2.4, if using php-fpm, need to use mod_proxy,etc.) all prior to reconfiguring the services.

 

Because I had to revert a failed upgrade some time ago from Debian 8 with Froxlor 0.9 with Courier IMAP/POP3, I learned some things that may be relevant to others upgrading, so I thought I'd post them.

Important pre-steps:

  • Tip: put /etc all in git.
  • Disable all lines in /etc/cron.d/froxlor before doing anything.
  • When upgrading Debian, it always leaves the old PHP versions around. You have to explicitly remove them after 'dist-upgrade'. Having php5 still around, unknowingly, was one of my previous problems. See your installed packages with 'aptitude search php | grep ^i'.

Further, I can't seem to find much info about it, but Froxlor dropped Courier support? At least when suggesting configs in its system setup, it only suggests Dovecot. I decided to retain Courier (for the foreseeable future). There was a big warning by apt saying ''the Courier MTA packaging has been extensively rewritten...", but in the end, I only had to fix minor permission things.

Because Froxlor only gives you Postfix+Dovecot default configs, I retained my Postfix configs, except the virtual mail configuration configs that define mysql queries. They had to be selectively taken from the system setup page in the admin panel. The tables where users reside changed, so that was important. My Postfix config still defined a 'virtual_mailbox_base', so the default 'mysql-virtual_mailbox_maps.cf' didn't work. The original file did work.

Courier didn't need changes related to logins or maildir, but it will give some errors in the error log that are easy to fix. The new courier did, however, change in which files the CA chain needs to be stored. I now have cert, key and chain all in 'TLS_CERTFILE'. My Nagios/Icinga ssl checker script is happy again.

Apt will mark courier as 'no longer needed', so you need to 'apt install' manually to make sure apt doesn't 'autoremove' it later.

/etc/cron.d/froxlor is still never regenerated. I had to edit it to replace 'php5' with php. I've had this before. Still looking into it.

Share this post


Link to post
Share on other sites
8 minutes ago, halfgaar said:

Disable all lines in /etc/cron.d/froxlor before doing anything.

Or simply just stop the cron service :)

8 minutes ago, halfgaar said:

When upgrading Debian, it always leaves the old PHP versions around. You have to explicitly remove them after 'dist-upgrade'. Having php5 still around, unknowingly, was one of my previous problems. See your installed packages with 'aptitude search php | grep ^i'.

Beware of removing old but possibly still in use php-versions...I'd recommend removing older php-version after validating froxlor or customers do not use them anylonger

9 minutes ago, halfgaar said:

Further, I can't seem to find much info about it, but Froxlor dropped Courier support?

no maintainer, I don't know anyone still using courier. You are welcome to provide required configuration-templates for it

11 minutes ago, halfgaar said:

etc/cron.d/froxlor is still never regenerated. I had to edit it to replace 'php5' with php. I've had this before.

Sure it's regenerated, but only with data from the settings. If you have php5 in there you need to adjust the corresponding setting first

Share this post


Link to post
Share on other sites
24 minutes ago, d00p said:

Or simply just stop the cron service

You never know what apt restarts, and also because of reboots, I prefer to make it permanent.

24 minutes ago, d00p said:

Beware of removing old but possibly still in use php-versions...I'd recommend removing older php-version after validating froxlor or customers do not use them anylonger

Froxlor went haywire last time running on php5, so I wanted to be sure this time. I communicated the PHP5 to 7.3 upgrade to users before the upgrade, so I was covered there.

24 minutes ago, d00p said:

no maintainer, I don't know anyone still using courier. You are welcome to provide required configuration-templates for it

I could, perhaps, but I don't have any special reason to use it (. I just didn't want to tag a Courier-to-dovecot migration to my upgrade as well. People installing fresh would like not care, but people upgrading like me do. But, I've found very little comments that people do. This forum post may help the few who do.

24 minutes ago, d00p said:

Sure it's regenerated, but only with data from the settings. If you have php5 in there you need to adjust the corresponding setting first

The cronjob settings page says:

"Cron execution command (php-binary): Command to execute our cronjobs. Change this only if you know what you are doing (default: "/usr/bin/nice -n 5 /usr/bin/php5 -q")!"

Here in source.

Shouldn't that have been covered in a migration?

I just changed that setting, and the cronjob, that I had added some test comments too, is indeed regenerated.

Share this post


Link to post
Share on other sites
6 minutes ago, halfgaar said:

The cronjob settings page says:

"Cron execution command (php-binary): Command to execute our cronjobs. Change this only if you know what you are doing (default: "/usr/bin/nice -n 5 /usr/bin/php5 -q")!"

Here in source.

you're right, missed that in the language files. The fallback in CronConfig.php is very unlikely to happen, but also updated now, thank you.

Share this post


Link to post
Share on other sites

Hi,

Quick question...

Quote

restructure acmesh implementation and let acme.sh take care of renewing the certificates itself; fixes #792, fixes #816

Does that mean that we have to create the cronjob of acme.sh using the "--install" or "--install-cronjob" option?

Share this post


Link to post
Share on other sites
23 minutes ago, gamefreaktegel said:

Hi,

Quick question...

Does that mean that we have to create the cronjob of acme.sh using the "--install" or "--install-cronjob" option?

No froxlor handles that for you

Share this post


Link to post
Share on other sites
4 minutes ago, gamefreaktegel said:

So there should be a cronjob from acme.sh now?

Yes, check "crontab -e" as root

Share this post


Link to post
Share on other sites

ok, that's my issue. There is nothing related to acme.sh.

I checked "AcmeSh.php" and can see the checkUpgrade() function. This function will be called in function runAcmeSh(). Looks also good.

 

After running:

acme.sh --install-cronjob

... it looks all good. The cronjob was inserted.

Strange...

Share this post


Link to post
Share on other sites

Let's encrypt Cron only does something if there's something to do, so possibly no issue or renew hence no Cron inserted by froxlor

Share this post


Link to post
Share on other sites

I found this issue, because I got notifications from the Let's Encrypt Expiry Bot.

So I checked all logs and didn't see any errors. Froxlor was showing me that a lot of certificates needs to be renewed.

Afterwards I ran the master cronjob with --force and --debug. Also no errors and I saw messages like "[information] Updated Let's Encrypt certificate for example.tld".

So this was looking also good, but no certificate was updated.

I checked acme.sh --list and saw that no certificate were updated, too.

 

So I came to the point that acme.sh was not being executed at all.

Share this post


Link to post
Share on other sites

Just FYI: Updated a little late, but got a database error, when logging in as an admin and performing the update. Got an "SQLSTATE[23000]: Integrity constraint violation:[...]" caused by entrys with the same domain-id. Deleted one of them and it worked. 

 

Share this post


Link to post
Share on other sites
4 hours ago, brecherspitz82 said:

Just FYI: Updated a little late, but got a database error, when logging in as an admin and performing the update. Got an "SQLSTATE[23000]: Integrity constraint violation:[...]" caused by entrys with the same domain-id. Deleted one of them and it worked. 

 

Thanks, known and fixed, see https://github.com/Froxlor/Froxlor/issues/840

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By ZARk
      Hello

      I can't renew certs (or create new certs) since the 0.10 upgrade. was working fine before on 0.9

      I'm basically getting the same output everytime i run this command.
       
      xander /var/www/froxlor # /usr/bin/php7.3 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug [information] Requesting/renewing Let's Encrypt certificates [information] Creating certificate for Westecheurope.eu [information] Adding SAN entry: Westecheurope.eu [information] Adding SAN entry: www.Westecheurope.eu [Mon 4 Nov 11:23:46 CET 2019] It is recommended to install socat first. [Mon 4 Nov 11:23:46 CET 2019] We use socat for standalone server if you use standalone mode. [Mon 4 Nov 11:23:46 CET 2019] If you don't use standalone mode, just ignore this warning. [information] Checking for LetsEncrypt client upgrades before renewing certificates: [Mon 4 Nov 11:23:45 CET 2019] Installing from online archive. [Mon 4 Nov 11:23:45 CET 2019] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz [Mon 4 Nov 11:23:46 CET 2019] Extracting master.tar.gz [Mon 4 Nov 11:23:46 CET 2019] Installing to /root/.acme.sh [Mon 4 Nov 11:23:46 CET 2019] Installed to /root/.acme.sh/acme.sh [Mon 4 Nov 11:23:46 CET 2019] Good, bash is found, so change the shebang to use bash as preferred. [Mon 4 Nov 11:23:47 CET 2019] OK [Mon 4 Nov 11:23:47 CET 2019] Install success! [Mon 4 Nov 11:23:47 CET 2019] Upgrade success! [Mon 4 Nov 11:23:47 CET 2019] Removing cron job [Mon 4 Nov 11:23:52 CET 2019] get to authz error. [Mon 4 Nov 11:23:52 CET 2019] _authorizations_map='www.westecheurope.eu,{"identifier":{"type":"dns","value":"www.westecheurope.eu"},"status":"pending","expires":"2019-11-07T18:17:12Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/e3Lmew","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/rs0T6w","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/ZPjfSg","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"}]} westecheurope.eu,{"identifier":{"type":"dns","value":"westecheurope.eu"},"status":"pending","expires":"2019-11-07T18:17:12Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/hOWGhQ","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/nj7_Ow","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/v7Bc7A","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"}]} ' [Mon 4 Nov 11:23:52 CET 2019] Please add '--debug' or '--log' to check more details. [Mon 4 Nov 11:23:52 CET 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh [debug] [Mon 4 Nov 11:23:48 CET 2019] Creating domain key [Mon 4 Nov 11:23:49 CET 2019] The domain key is here: /root/.acme.sh/Westecheurope.eu/Westecheurope.eu.key [Mon 4 Nov 11:23:49 CET 2019] Multi domain='DNS:Westecheurope.eu,DNS:www.Westecheurope.eu' [Mon 4 Nov 11:23:50 CET 2019] Getting domain auth token for each domain [Mon 4 Nov 11:23:52 CET 2019] Getting webroot for domain='Westecheurope.eu' [error] Could not get Let's Encrypt certificate for Westecheurope.eu: [Mon 4 Nov 11:23:48 CET 2019] Creating domain key [Mon 4 Nov 11:23:49 CET 2019] The domain key is here: /root/.acme.sh/Westecheurope.eu/Westecheurope.eu.key [Mon 4 Nov 11:23:49 CET 2019] Multi domain='DNS:Westecheurope.eu,DNS:www.Westecheurope.eu' [Mon 4 Nov 11:23:50 CET 2019] Getting domain auth token for each domain [Mon 4 Nov 11:23:52 CET 2019] Getting webroot for domain='Westecheurope.eu' [information] No new certificates or certificates due for renewal found [notice] Checking system's last guid  
    • By peterpan
      Hi,
      I have a domain equipped with a certificate from LE. The cert is valid another 2 months. Now I added a domain as an alias of the existing domain, but the certificate isn't updated to have the new domain as its SAN.
      How do I trigger getting a new and updated certificate? Should I delete the existing one?
      Thanks for helping out.
       
      Peter
    • By d00p
      Dear Froxlor Commuity,
      finally - the first release candidate of our new API based version 0.10.0! A lot of work has gone into this, many internal changes (you might miss any frontend-changes, but be patient...) most importantly the API backend which not only is used by froxlor frontend itself but can also be uses from within your website/scripts/etc.
      Froxlor now uses composer to include some of its requirements like phpMailer, Logger, IdnaConvert and TwoFactorAuth libraries.
      Here are some of the new features besides API that found their way in:
      - 2FA / TwoFactor Authentication for accounts - MySQL8 compatibility - new implementation of Let's Encrypt (acme.sh) - customizable error/access log handling for webserver (format, level, pipe-to-script, etc.) - lots and lots of bugfixes and small enhancements You can see all changes on Github at https://github.com/Froxlor/Froxlor/compare/0.9.40.1...0.10.0-rc2
      Download: 0.10.0-rc2

      Note: There will be no Debian packages for release-candidates.

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.

      Thank you,
      d00p
×
×
  • Create New...