Jump to content
Froxlor Forum
  • 0
ZARk

can't renew since upgrade to 0.10.X

Question

Hello

I can't renew certs (or create new certs) since the 0.10 upgrade. was working fine before on 0.9

I'm basically getting the same output everytime i run this command.
 

xander /var/www/froxlor # /usr/bin/php7.3 -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug
[information] Requesting/renewing Let's Encrypt certificates
[information] Creating certificate for Westecheurope.eu
[information] Adding SAN entry: Westecheurope.eu
[information] Adding SAN entry: www.Westecheurope.eu
[Mon  4 Nov 11:23:46 CET 2019] It is recommended to install socat first.
[Mon  4 Nov 11:23:46 CET 2019] We use socat for standalone server if you use standalone mode.
[Mon  4 Nov 11:23:46 CET 2019] If you don't use standalone mode, just ignore this warning.
[information] Checking for LetsEncrypt client upgrades before renewing certificates:
[Mon  4 Nov 11:23:45 CET 2019] Installing from online archive.
[Mon  4 Nov 11:23:45 CET 2019] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Mon  4 Nov 11:23:46 CET 2019] Extracting master.tar.gz
[Mon  4 Nov 11:23:46 CET 2019] Installing to /root/.acme.sh
[Mon  4 Nov 11:23:46 CET 2019] Installed to /root/.acme.sh/acme.sh
[Mon  4 Nov 11:23:46 CET 2019] Good, bash is found, so change the shebang to use bash as preferred.
[Mon  4 Nov 11:23:47 CET 2019] OK
[Mon  4 Nov 11:23:47 CET 2019] Install success!
[Mon  4 Nov 11:23:47 CET 2019] Upgrade success!
[Mon  4 Nov 11:23:47 CET 2019] Removing cron job
[Mon  4 Nov 11:23:52 CET 2019] get to authz error.
[Mon  4 Nov 11:23:52 CET 2019] _authorizations_map='www.westecheurope.eu,{"identifier":{"type":"dns","value":"www.westecheurope.eu"},"status":"pending","expires":"2019-11-07T18:17:12Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/e3Lmew","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/rs0T6w","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077162/ZPjfSg","token":"H07E0jvAJ-vnQ4jirnVIxqLeRxDwQ_VC6PQ0RAJgEvU"}]}
westecheurope.eu,{"identifier":{"type":"dns","value":"westecheurope.eu"},"status":"pending","expires":"2019-11-07T18:17:12Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/hOWGhQ","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/nj7_Ow","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1025077160/v7Bc7A","token":"Bd7XDicTn8dtJBIYc9Eod2d7eOxZGba42pnnl5aCNyI"}]}
'
[Mon  4 Nov 11:23:52 CET 2019] Please add '--debug' or '--log' to check more details.
[Mon  4 Nov 11:23:52 CET 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[debug] [Mon  4 Nov 11:23:48 CET 2019] Creating domain key
[Mon  4 Nov 11:23:49 CET 2019] The domain key is here: /root/.acme.sh/Westecheurope.eu/Westecheurope.eu.key
[Mon  4 Nov 11:23:49 CET 2019] Multi domain='DNS:Westecheurope.eu,DNS:www.Westecheurope.eu'
[Mon  4 Nov 11:23:50 CET 2019] Getting domain auth token for each domain
[Mon  4 Nov 11:23:52 CET 2019] Getting webroot for domain='Westecheurope.eu'
[error] Could not get Let's Encrypt certificate for Westecheurope.eu:
[Mon  4 Nov 11:23:48 CET 2019] Creating domain key
[Mon  4 Nov 11:23:49 CET 2019] The domain key is here: /root/.acme.sh/Westecheurope.eu/Westecheurope.eu.key
[Mon  4 Nov 11:23:49 CET 2019] Multi domain='DNS:Westecheurope.eu,DNS:www.Westecheurope.eu'
[Mon  4 Nov 11:23:50 CET 2019] Getting domain auth token for each domain
[Mon  4 Nov 11:23:52 CET 2019] Getting webroot for domain='Westecheurope.eu'
[information] No new certificates or certificates due for renewal found
[notice] Checking system's last guid

 

Share this post


Link to post
Share on other sites

2 answers to this question

Recommended Posts

  • 0

seems to be an acme.sh bug, see https://github.com/Neilpang/acme.sh/issues/2556

The following changes to lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php should fix that for us:

diff --git a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
index 8fc4952b..545ad323 100644
--- a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
+++ b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
@@ -209,7 +209,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 
                        if ($cert_mode) {
                                $domains = array(
-                                       $certrow['domain']
+                                       strtolower($certrow['domain'])
                                );
 
                                $froxlor_aliases = Settings::Get('system.froxloraliases');
@@ -217,7 +217,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
                                        $froxlor_aliases = explode(",", $froxlor_aliases);
                                        foreach ($froxlor_aliases as $falias) {
                                                if (\Froxlor\Validate\Validate::validateDomain(trim($falias))) {
-                                                       $domains[] = trim($falias);
+                                                       $domains[] = strtolower(trim($falias));
                                                }
                                        }
                                }
@@ -269,12 +269,12 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
 
                                $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $certrow['domain']);
                                $domains = array(
-                                       $certrow['domain']
+                                       strtolower($certrow['domain'])
                                );
                                // add www.<domain> to SAN list
                                if ($certrow['wwwserveralias'] == 1) {
                                        $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $certrow['domain']);
-                                       $domains[] = 'www.' . $certrow['domain'];
+                                       $domains[] = strtolower('www.' . $certrow['domain']);
                                }
 
                                // add alias domains (and possibly www.<aliasdomain>) to SAN list
@@ -284,10 +284,10 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
                                $aliasdomains = $aliasdomains_stmt->fetchAll(\PDO::FETCH_ASSOC);
                                foreach ($aliasdomains as $aliasdomain) {
                                        $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $aliasdomain['domain']);
-                                       $domains[] = $aliasdomain['domain'];
+                                       $domains[] = strtolower($aliasdomain['domain']);
                                        if ($aliasdomain['wwwserveralias'] == 1) {
                                                $cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $aliasdomain['domain']);
-                                               $domains[] = 'www.' . $aliasdomain['domain'];
+                                               $domains[] = strtolower('www.' . $aliasdomain['domain']);
                                        }
                                }

 

Share this post


Link to post
Share on other sites
  • 0

you're a godsend !  Fast reply and right on target ! 

 

I simply renamed the domain in the DB. and renewal went straight thru :) 
+ Feature request : lowercase domain names when adding them to froxlor :) 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By d00p
      Dear Froxlor Community,
      I am proud to finally release the stable version of a new API based froxlor. Due to massive internal improvements and changes in the core (almost 600 commits since 0.9.40.1) users are now able to list/create/edit/delete resources and entities of froxlor via API (requires activation of api-usage in the settings and a user based API-key). The froxlor frontend itself uses the API backend too.
      Froxlor now uses composer to include some of its requirements like phpMailer, Logger, IdnaConvert and TwoFactorAuth libraries. All required files will be included in the official tarball so you do not need to worry about installing and using composer (only if you are using / testing the git-master, see https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-from-git-sources).
      Most important changes:
      froxlor now requires at least php-7.0 or newer, php-5.6 is no longer supported because of its EOL almost a year ago you can access data via API, for more information see https://api.froxlor.org/doc/. An example can be found here: https://github.com/Froxlor/Froxlor/tree/master/doc/example PHPUnit tested API backend with MySQL 5.6, 5.7 and 8 as well as MariaDB 10.3 and 10.4, see https://travis-ci.com/Froxlor/Froxlor compatibility for MySQL8 2FA (two-factor-authentication) for admins/resellers/customers (email or authenticator app) all froxlor-database tables will automatically be converted to the InnoDB engine added support for Debian 10 (buster) and Ubuntu 18.04 (bionic beaver) implemented Let's Encrypt via acme.sh - Note: all your current Let's Encrypt certificates will be removed and re-created due to another structure customizable error/access log handling for webserver (format, level, pipe-to-script, etc.) deprecated Debian 7 (wheezy) and Ubuntu 14.04 (trusty tahr) support dropped support for Ubuntu 12.04 (precise pangolin) dropped ticketsystem Changes in 0.10.1:
      allow/disallow API access on a per-customer base new API parameters for Admins.add(), Admins.update(), Customers.add() and Customers.update() bool $api_allowed (default: false for Customers, true for Admins) add explicit tlsv1.3 ciphersuite setting fixed wrong behaviour in Ftps.add() if customer is newly created and setting customer.ftpatdomain is true added expiration date to SSL certificates loaded via API request fixed wrong return in Certificates.get() if given domain does not have a certificate allow setting http2 flag for (sub)domains in customer view, fixes #725 Changes in 0.10.2:
      force Let's Encrypt ACMEv2 API, fixed #728 added default-ssl-vhost settings and optionally allow including of non-ssl default-vhost settings, fixes #727 new API parameters for Domains.add() and Domains.update() string $ssl_specialsettings bool $include_specialsettings bool $dont_use_default_ssl_ipandport_if_empty removed API parameters in Domains.add() bool $use_default_ssl_ipandport_if_empty new API parameters for IpsAndPorts.add() and IpsAndPorts.update() string $ssl_specialsettings bool $include_specialsettings string $ssl_default_vhostconf_domain bool $include_default_vhostconf_domain implemented DomainZones.listing() to return custom stored dns entries fix registration and termination date to flip between empty-value and 0000-00-00 Changes in 0.10.3:
      fallback to /tmp/froxlor.log if file-log is activated but no file given or not writeable; fixes #737 added tls-settings per domain for admins with change_serversettings-flag set; fixes #519 new API parameter for Domains.add() and Domains.update() bool $override_tls (default: false) array $ssl_protocols string $ssl_cipher_list string $tlsv13_cipher_list preserve downward compatibility for 0.10.1 updaters regarding specialsettings for ssl-enabled domains; fixes #739 Changes in 0.10.4:
      added support for CIDR/netmask in mysql-access-hosts; fixes #564 fixed invalid handling of escape-sequences in api-endpoint, fixes #746 fixed an issue with adding the default ftp user for new customer when added by admin/reseller with no ftp-resources; fixes #741 fixed nginx configuration issue with fastcgi_split_path_info option; fixes #744 Changes in 0.10.5:
      bugfix release due to errors in Let's Encrypt re-new check; fixes #747 Changes in 0.10.6:
      introducing new API parameters sql_search, sql_limit, sql_offset, sql_orderby for almost all listing() calls introducing new API method listingCount() for almost all modules to return the total number of entities available changed behavior of SubDomains.listing() to return all fields from the domain table instead of the limited ones for customers when called as admin added new API module SysLog to query froxlor logs according to permission optimized panel_admins and panel_customers table to avoid mysql/mariadb warning: Row size too large (> 8126); fixes #752 corrected update of hosting plans via interface; fixes #753 implemented API method EmailForwarders.listing(); fixes #754 fixed parameters defaults for Domains.update() parameters ssl_ipandports and add new parameter (see below); fixes #756 new API parameters for Domains.update() bool $remove_ssl_ipandport Changes in 0.10.7:
      corrected behavior when changing mysql-access-host values; fixes #758 fix UI error "API keys not accessable due to missing Paging-class" fix trauncating of SysLog using SysLog.delete() corrected UI issue of incorrect listing of domains for customers and admin, fixes #759 corrected ordering of listings in UI regarding pagination added new settings to set default value of domain-edit-settings 'Apply specialsettings to all subdomains' and 'Apply php-config to all subdomains' corrected vhost-merging of specialsettings in nginx; fixes #757 Changes in 0.10.8:
      fix duplicate domain entries in customer-domain-list when domain has aliases fix searching for alias-domains by link in customer_domains use correct apiendpoint for lets encrypt; pass debug-flag onto acme.sh; fixes #762 fix removing of ssl-ip-relation to domain if no ssl-ip is selected via interface Debian package: Move mysql server dependency to redommends; fixes #761 Changes in 0.10.9:
      fix SQL error when searching for certificates by domainname, fixes #764 fix ordering of listings when natural sorting is activated, fixes #765 check for valid result when reading database usage from information_schema; fixes #766 Download: 0.10.9

      Note: Debian/Ubuntu packages are available as of 21th of October 2019 - Note that there are no packages for oldoldstable (jessie) anymore
      Attention: The auto-update feature is currently not working correctly for updaters from 0.9.x due to the archive taking a bit longer to extract and froxlor trying to redirect too soon thus leading to an internal server error. A quick reload does "fix" the problem. To avoid that please use the manual update options, see https://github.com/Froxlor/Froxlor/wiki

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net for support, help, participation or just a chat

      Thank you,
      d00p
    • By peterpan
      Hi,
      I have a domain equipped with a certificate from LE. The cert is valid another 2 months. Now I added a domain as an alias of the existing domain, but the certificate isn't updated to have the new domain as its SAN.
      How do I trigger getting a new and updated certificate? Should I delete the existing one?
      Thanks for helping out.
       
      Peter
    • By d00p
      Dear Froxlor Commuity,
      finally - the first release candidate of our new API based version 0.10.0! A lot of work has gone into this, many internal changes (you might miss any frontend-changes, but be patient...) most importantly the API backend which not only is used by froxlor frontend itself but can also be uses from within your website/scripts/etc.
      Froxlor now uses composer to include some of its requirements like phpMailer, Logger, IdnaConvert and TwoFactorAuth libraries.
      Here are some of the new features besides API that found their way in:
      - 2FA / TwoFactor Authentication for accounts - MySQL8 compatibility - new implementation of Let's Encrypt (acme.sh) - customizable error/access log handling for webserver (format, level, pipe-to-script, etc.) - lots and lots of bugfixes and small enhancements You can see all changes on Github at https://github.com/Froxlor/Froxlor/compare/0.9.40.1...0.10.0-rc2
      Download: 0.10.0-rc2

      Note: There will be no Debian packages for release-candidates.

      Visit http://www.froxlor.org or join our IRC channel #froxlor on irc.freenode.net.

      Thank you,
      d00p
    • By LukasH
      [Dieses Problem hat sich gelöst, ich hab mich doch tatsächlich verlesen, im Einsatz ist nur die .de, die .com ist nur eine Weiterleitung, klar funktioniert die nicht]
       
      ______________________________________________________________________________
       
      Dann habe ich noch ein weiteres Problem und zwar habe ich eine neue Subdomain angelegt, beim versuch ein SSL Zertifikat zu ziehen kommen nun nur die folgenden Fehlermeldungen:
      [Lets Encrypt self-check] Please check http://www.mail.hoerth.eu/.well-known/acme-challenge/_s_fIpGAblEU_T6A9Iej0RV1Wp-gte-xrTeVRu9naPI - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate Could not get Let's Encrypt certificate for mail.hoerth.eu: Verification ended with error: {"identifier":{"type":"dns","value":"www.mail.hoerth.eu"},"status":"invalid","expires":"2018-06-15T12:01:38Z","challenges":[{"type":"dns-01","status":"invalid","uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/SXa_3IeDJd19Xg3oVtLd0iaj3H2lKBN_fzM1cZPtguc\/5014287643","token":"mOYe0nDwOyTxrfZc83fmpBVeL1vZesbZrV-t_nkRdZ0"},{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up A for www.mail.hoerth.eu","status":400},"uri":"https:\/\/acme-v01.api.letsencrypt.org\/acme\/challenge\/SXa_3IeDJd19Xg3oVtLd0iaj3H2lKBN_fzM1cZPtguc\/5014287644","token":"_s_fIpGAblEU_T6A9Iej0RV1Wp-gte-xrTeVRu9naPI","keyAuthorization":"_s_fIpGAblEU_T6A9Iej0RV1Wp-gte-xrTeVRu9naPI.JriXbK73HFGeqTSIPL3Qg0VCDy2Qt0n4wrUZon9dCEM","validationRecord":[{"url":"http:\/\/www.mail.hoerth.eu\/.well-known\/acme-challenge\/_s_fIpGAblEU_T6A9Iej0RV1Wp-gte-xrTeVRu9naPI","hostname":"www.mail.hoerth.eu","port":"80"}]}],"combinations":[[0],[1]]} Ich habe dann mal nachgesehen und der Token existiert defintiv nicht - klar findet ihn Lets Encrypt also nicht, was ist denn gerade bei mir Los?
    • By jonny87
      Guten Morgen liebe Community,
      ich hab schon gesucht hier, aber nicht wirklich was passendes gefunden, darum mach ich jetzt hier nochmal nen Thread auf. Ich nutz Froxlor nun erfolgreich seit über einem Jahr auf zwei Servern, es funktioniert soweit auch alles mit LetsEncrypt und den Zertifikaten.
      Jetzt hab ich nur folgendes Problem, bzw. ist dies möglich, da ich mehrere Kunden über Froxlor auf zwei Servern verwalte, muss ich natürlich auch E-Mails verwalten, und zwar verschlüsselt. Kann man das über Froxlor machen? Sprich, dass die Kunden ihre Emails über
      imap.kunde1.de & smtp.kunde1.de sowie imap.kunde2.de & smtp.kunde2.de usw. abrufen können. 
      Momentan muss man ja bzw. so hat es mein Admin gemacht, ein Zertifikat für alle hinterlegen, welches auch nicht automatisch per Script geupdatet wird?! -> Ist das so richtig?
      Oder müssen alle Kunden ihre E-Mails per imap.hauptdomain.de abrufen? 
       
       
       
       
       
×
×
  • Create New...