Can't update or show Let's Encrypt certificates after upgrade to 0.10.2-1

[gunwald]

I am running a Froxlor instance on Debian 9 (stretch) with the additional apt source:

deb http://debian.froxlor.org stretch main

Just recently I got an update to Froxlor 0.10.2-1+stretch1. After the update was installed and the database was updated by running the web interface as admin, the Let's Encrypt implementation stopped working. 

(1) Although I have many domains with enabled Let's Encrypt option the page »sslcertificates« says:

Zitat

There are no domains with SSL certificate

(2) When I try to manually renew all certificates I get the message that something with the database went wrong due to a missing PHP extension although the extension is up and running:

/usr/bin/nice -n 5 /usr/bin/php5 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt 1

froxlor[2717]: The php PDO extension or PDO-MySQL driver is not available
froxlor[2717]: --- DEBUG: #0 /var/www/froxlor/lib/Froxlor/Database/Database.php(213): Froxlor\Database\Database::getDB() #1 /var/www/froxlor/lib/Froxlor/Cron/MasterCron.php(21│

 

I have all PHP updates of Debian Jessie installed so I am at: 7.0.33-0+deb9u6.

Maybe there went something wrong with the database update? Can somebody hint me in the right direction, how to debug?

It seems suspicious that the database table `domain_ssl_settings`is empty, although I have many domains with ssl settings.

[d00p]

12 minutes ago, gunwald said:

froxlor[2717]: The php PDO extension or PDO-MySQL driver is not available

did you by any chance remove the package php-mysql?

Also, check your settings as your cron file stil uses /usr/bin/php5 instead of /usr/bin/php (which most likely points to php-7.0.33)

[gunwald]

vor einer Stunde schrieb d00p:

did you by any chance remove the package php-mysql?

Also, check your settings as your cron file stil uses /usr/bin/php5 instead of /usr/bin/php (which most likely points to php-7.0.33)

This was my silly fault, although in my cron file /usr/bin/php is used in my manual testing i used accidentally PHP5, what caused the error described above. So debugging with the faulty command lead me in the wrong direction, sorry!

With the correct command:

/usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt 1

I apparently could recreate the certificates, at least the mentioned database table is filed now. But strangely apache still uses the old certificates although restarted. And indeed, in /etc/ssl/froxlor-custom are only the old ones. Does froxlor in its new version save the certs in the database and not as real files in this folder? Do I have to manually remove them?

I tried to rebuild all apache config files within froxlor an ran cron script with --force flag, but this did not help.

Thank you very much for the excellent and kind support. This is really more than one could ever expect!

[gunwald]

I found out, that due to an unknown reason the webserver configuration files weren't rebuild, although a task to do so was scheduled. I manually removed all tasks from the database table panel_tasks, manually added a task with the »with type = 99 - then reran cronjob with --force« and --debug. Than all config files were created and the new certs started working.

I can't evaluate what exactly went wrong, but I think, (1) the crontab file was corrupt  (could not edit it with contabe -e -u root) (2) a faulty task somehow blocked the cron script to do its work when called manually.

So, if someone has similar issues, maybe it is worth the effort to clear the task table.

[d00p]

3 hours ago, gunwald said:

Does froxlor in its new version save the certs in the database and not as real files in this folder?

Froxlor always does both. It takes the certificate data from let's encrypt and stores them in the database from which the files in the desired directory are being created by the cron

3 hours ago, gunwald said:

Do I have to manually remove them?

No, the cron does that for you

3 hours ago, gunwald said:

manually added a task with the »with type = 99 - then reran cronjob with --force« and --debug.

--force automatically adds tasks #1, #4 (if used), #10 (if used) and #99

3 hours ago, gunwald said:

(could not edit it with contabe -e -u root)

that's because it's not a crontab but a cron-file in /etc/cron.d/