Jump to content
Froxlor Forum
  • 0

Cronjob "letsencrypt" startet über cronjob "tasks" den apache2 immer neu


schnudeldudel

Question

Hallo Froxlor-Team und Fans,

mir ist in meinem Setup was aufgefallen und zwar, dass in meinem error.log des Apache folgende Zeilen auftauchen:

Zitat

[Mon Apr 20 18:20:03.438900 2020] [mpm_prefork:notice] [pid 8210] AH00171: Graceful restart requested, doing restart
[Mon Apr 20 18:20:03.626058 2020] [mpm_prefork:notice] [pid 8210] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2u configured -- resuming normal operations
[Mon Apr 20 18:20:03.626076 2020] [core:notice] [pid 8210] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 20 18:30:03.541725 2020] [mpm_prefork:notice] [pid 8210] AH00171: Graceful restart requested, doing restart
[Mon Apr 20 18:30:03.706614 2020] [mpm_prefork:notice] [pid 8210] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2u configured -- resuming normal operations
[Mon Apr 20 18:30:03.706638 2020] [core:notice] [pid 8210] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 20 18:35:02.886260 2020] [mpm_prefork:notice] [pid 8210] AH00171: Graceful restart requested, doing restart
[Mon Apr 20 18:35:03.013188 2020] [mpm_prefork:notice] [pid 8210] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2u configured -- resuming normal operations
[Mon Apr 20 18:35:03.013218 2020] [core:notice] [pid 8210] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 20 18:45:03.922304 2020] [mpm_prefork:notice] [pid 8210] AH00171: Graceful restart requested, doing restart
[Mon Apr 20 18:45:04.107956 2020] [mpm_prefork:notice] [pid 8210] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2u configured -- resuming normal operations
[Mon Apr 20 18:45:04.107981 2020] [core:notice] [pid 8210] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 20 18:50:03.286025 2020] [mpm_prefork:notice] [pid 8210] AH00171: Graceful restart requested, doing restart
[Mon Apr 20 18:50:03.375960 2020] [mpm_prefork:notice] [pid 8210] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2u configured -- resuming normal operations
[Mon Apr 20 18:50:03.375980 2020] [core:notice] [pid 8210] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 20 18:55:03.018013 2020] [mpm_prefork:notice] [pid 8210] AH00171: Graceful restart requested, doing restart
[Mon Apr 20 18:55:03.100640 2020] [mpm_prefork:notice] [pid 8210] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2u configured -- resuming normal operations
[Mon Apr 20 18:55:03.100659 2020] [core:notice] [pid 8210] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 20 19:00:04.051056 2020] [mpm_prefork:notice] [pid 8210] AH00171: Graceful restart requested, doing restart
[Mon Apr 20 19:00:04.229691 2020] [mpm_prefork:notice] [pid 8210] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2u configured -- resuming normal operations
[Mon Apr 20 19:00:04.229712 2020] [core:notice] [pid 8210] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 20 19:05:03.046760 2020] [mpm_prefork:notice] [pid 8210] AH00171: Graceful restart requested, doing restart
[Mon Apr 20 19:05:03.169799 2020] [mpm_prefork:notice] [pid 8210] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2u configured -- resuming normal operations
[Mon Apr 20 19:05:03.169820 2020] [core:notice] [pid 8210] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 20 19:10:03.155470 2020] [mpm_prefork:notice] [pid 8210] AH00171: Graceful restart requested, doing restart
[Mon Apr 20 19:10:03.370395 2020] [mpm_prefork:notice] [pid 8210] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2u configured -- resuming normal operations
[Mon Apr 20 19:10:03.370425 2020] [core:notice] [pid 8210] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 20 19:20:03.236257 2020] [mpm_prefork:notice] [pid 8210] AH00171: Graceful restart requested, doing restart
[Mon Apr 20 19:20:03.357724 2020] [mpm_prefork:notice] [pid 8210] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2u configured -- resuming normal operations
[Mon Apr 20 19:20:03.357745 2020] [core:notice] [pid 8210] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 20 19:25:03.473194 2020] [mpm_prefork:notice] [pid 8210] AH00171: Graceful restart requested, doing restart
[Mon Apr 20 19:25:03.579650 2020] [mpm_prefork:notice] [pid 8210] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2u configured -- resuming normal operations
[Mon Apr 20 19:25:03.579669 2020] [core:notice] [pid 8210] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 20 19:30:03.352803 2020] [mpm_prefork:notice] [pid 8210] AH00171: Graceful restart requested, doing restart
[Mon Apr 20 19:30:03.460399 2020] [mpm_prefork:notice] [pid 8210] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2u configured -- resuming normal operations
[Mon Apr 20 19:30:03.460417 2020] [core:notice] [pid 8210] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 20 19:35:03.633228 2020] [mpm_prefork:notice] [pid 8210] AH00171: Graceful restart requested, doing restart
[Mon Apr 20 19:35:03.787190 2020] [mpm_prefork:notice] [pid 8210] AH00163: Apache/2.4.25 (Debian) OpenSSL/1.0.2u configured -- resuming normal operations
[Mon Apr 20 19:35:03.787218 2020] [core:notice] [pid 8210] AH00094: Command line: '/usr/sbin/apache2'

Nach herumprobieren hab ich festgestellt, dass diese Restarts durch Froxlor verursacht werden.

Und zwar ist es wohl so, dass der 5min Cronjob "--letsencrypt" dafür sorgt, dass der "--tasks" cronjob den Apache restartet.

Wenn man den "--tasks" cronjob allein aufruft passiert nichts (solange eben keine tasks vorliegen). Ruft man aber händisch zuerst den "--letsencrypt"  und danach "--tasks" so wird der apache neu gestartet.

Dabei ist es egal ob "--letsencrypt" irgendwelche Zertifikate erneuern musste.

 

Da beide jobs per default alle 5min laufen, wird auch immer der apache neu gestartet...

Mir scheint es, als sei das mit dem letzten Update (release 0.10.15) neu hinzugekommen. Meine alten error.logs sehen jedenfalls sauber aus.

Frage: Ist das ein Bug?

Gruss und Danke!

 

Link to comment
Share on other sites

5 answers to this question

Recommended Posts

  • 0

Von 0.10.14 auf 0.10.15 ist in dem Bereich gar nichts passiert, siehe https://github.com/Froxlor/Froxlor/compare/0.10.14...0.10.15

Ebenso ruft --tasks im grunde nur --letsencrypt auf, wenn --letsencrypt alleine läuft, prüft er lediglich ob es renew/issue jobs gibt und legt einen task für den --tasks cron an - mehr nicht. Lass den cronjob doch mal manuell laufen mit den Parametern --force und --debug, ggfls ergibt sich da der Grund für das dauernde Neustarten (fehler bei issue/renew o.Ä.)

Link to comment
Share on other sites

  • 0

Hi d00p,

hier mal der output (Domainnamen hab ich umbenannt):

[root@meinserver /var/log/apache2]# php /var/www/html/froxlor/scripts/froxlor_master_cronjob.php --debug --force
[information] TasksCron: Searching for tasks to do
[information] Running Let's Encrypt cronjob prior to regenerating webserver config files
[information] Requesting/renewing Let's Encrypt certificates
[information] Updating certificate for MEINEDOMAIN.de
[information] Adding SAN entry: MEINEDOMAIN.de
[information] Adding SAN entry: www.MEINEDOMAIN.de
[information] Checking for LetsEncrypt client upgrades before renewing certificates:
[Mo 20. Apr 20:07:06 CEST 2020] Already uptodate!
[Mo 20. Apr 20:07:06 CEST 2020] Upgrade success!
[Mo 20. Apr 20:07:06 CEST 2020] Removing cron job
[Mo 20. Apr 20:07:06 CEST 2020] Lets find script dir.
[Mo 20. Apr 20:07:06 CEST 2020] _SCRIPT_='/root/.acme.sh/acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] _script='/root/.acme.sh/acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] _script_home='/root/.acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] Using config home:/root/.acme.sh
[Mo 20. Apr 20:07:06 CEST 2020] Using server: https://acme-v02.api.letsencrypt.org/directory
[Mo 20. Apr 20:07:06 CEST 2020] Running cmd: renew
[Mo 20. Apr 20:07:06 CEST 2020] Using config home:/root/.acme.sh
[Mo 20. Apr 20:07:06 CEST 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mo 20. Apr 20:07:06 CEST 2020] DOMAIN_PATH='/root/.acme.sh/MEINEDOMAIN.de'
[debug] https://github.com/acmesh-official/acme.sh
v2.8.6
[Mo 20. Apr 20:07:06 CEST 2020] Renew: 'MEINEDOMAIN.de'
[Mo 20. Apr 20:07:06 CEST 2020] 'MEINEDOMAIN.de' is not a issued domain, skip.
[information] Updated Let's Encrypt certificate for MEINEDOMAIN.de
[information] Updating certificate for NOCHNEDOMAIN.de
[information] Adding SAN entry: NOCHNEDOMAIN.de
[information] Adding SAN entry: www.NOCHNEDOMAIN.de
[Mo 20. Apr 20:07:06 CEST 2020] Lets find script dir.
[Mo 20. Apr 20:07:06 CEST 2020] _SCRIPT_='/root/.acme.sh/acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] _script='/root/.acme.sh/acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] _script_home='/root/.acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] Using config home:/root/.acme.sh
[Mo 20. Apr 20:07:06 CEST 2020] Using server: https://acme-v02.api.letsencrypt.org/directory
[Mo 20. Apr 20:07:06 CEST 2020] Running cmd: renew
[Mo 20. Apr 20:07:06 CEST 2020] Using config home:/root/.acme.sh
[Mo 20. Apr 20:07:06 CEST 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mo 20. Apr 20:07:06 CEST 2020] DOMAIN_PATH='/root/.acme.sh/NOCHNEDOMAIN.de'
[debug] https://github.com/acmesh-official/acme.sh
v2.8.6
[Mo 20. Apr 20:07:06 CEST 2020] Renew: 'NOCHNEDOMAIN.de'
[Mo 20. Apr 20:07:06 CEST 2020] 'NOCHNEDOMAIN.de' is not a issued domain, skip.
[information] Updated Let's Encrypt certificate for NOCHNEDOMAIN.de
[information] Updating certificate for phpmyadmin.MEINEDOMAIN.de
[information] Adding SAN entry: phpmyadmin.MEINEDOMAIN.de
[Mo 20. Apr 20:07:06 CEST 2020] Lets find script dir.
[Mo 20. Apr 20:07:06 CEST 2020] _SCRIPT_='/root/.acme.sh/acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] _script='/root/.acme.sh/acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] _script_home='/root/.acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] Using config home:/root/.acme.sh
[Mo 20. Apr 20:07:06 CEST 2020] Using server: https://acme-v02.api.letsencrypt.org/directory
[Mo 20. Apr 20:07:06 CEST 2020] Running cmd: renew
[Mo 20. Apr 20:07:06 CEST 2020] Using config home:/root/.acme.sh
[Mo 20. Apr 20:07:06 CEST 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mo 20. Apr 20:07:06 CEST 2020] DOMAIN_PATH='/root/.acme.sh/phpmyadmin.MEINEDOMAIN.de'
[debug] https://github.com/acmesh-official/acme.sh
v2.8.6
[Mo 20. Apr 20:07:06 CEST 2020] Renew: 'phpmyadmin.MEINEDOMAIN.de'
[Mo 20. Apr 20:07:06 CEST 2020] 'phpmyadmin.MEINEDOMAIN.de' is not a issued domain, skip.
[information] Updated Let's Encrypt certificate for phpmyadmin.MEINEDOMAIN.de
[information] Updating certificate for oc.MEINEDOMAIN.de
[information] Adding SAN entry: oc.MEINEDOMAIN.de
[Mo 20. Apr 20:07:06 CEST 2020] Lets find script dir.
[Mo 20. Apr 20:07:06 CEST 2020] _SCRIPT_='/root/.acme.sh/acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] _script='/root/.acme.sh/acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] _script_home='/root/.acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] Using config home:/root/.acme.sh
[Mo 20. Apr 20:07:06 CEST 2020] Using server: https://acme-v02.api.letsencrypt.org/directory
[Mo 20. Apr 20:07:06 CEST 2020] Running cmd: renew
[Mo 20. Apr 20:07:06 CEST 2020] Using config home:/root/.acme.sh
[Mo 20. Apr 20:07:06 CEST 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mo 20. Apr 20:07:06 CEST 2020] DOMAIN_PATH='/root/.acme.sh/oc.MEINEDOMAIN.de'
[debug] https://github.com/acmesh-official/acme.sh
v2.8.6
[Mo 20. Apr 20:07:06 CEST 2020] Renew: 'oc.MEINEDOMAIN.de'
[Mo 20. Apr 20:07:06 CEST 2020] 'oc.MEINEDOMAIN.de' is not a issued domain, skip.
[information] Updated Let's Encrypt certificate for oc.MEINEDOMAIN.de
[information] Updating certificate for um.MEINEDOMAIN.de
[information] Adding SAN entry: um.MEINEDOMAIN.de
[information] Adding SAN entry: www.um.MEINEDOMAIN.de
[Mo 20. Apr 20:07:06 CEST 2020] Lets find script dir.
[Mo 20. Apr 20:07:06 CEST 2020] _SCRIPT_='/root/.acme.sh/acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] _script='/root/.acme.sh/acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] _script_home='/root/.acme.sh'
[Mo 20. Apr 20:07:06 CEST 2020] Using config home:/root/.acme.sh
[Mo 20. Apr 20:07:06 CEST 2020] Using server: https://acme-v02.api.letsencrypt.org/directory
[Mo 20. Apr 20:07:06 CEST 2020] Running cmd: renew
[Mo 20. Apr 20:07:06 CEST 2020] Using config home:/root/.acme.sh
[Mo 20. Apr 20:07:06 CEST 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mo 20. Apr 20:07:06 CEST 2020] DOMAIN_PATH='/root/.acme.sh/um.MEINEDOMAIN.de'
[debug] https://github.com/acmesh-official/acme.sh
v2.8.6
[Mo 20. Apr 20:07:06 CEST 2020] Renew: 'um.MEINEDOMAIN.de'
[Mo 20. Apr 20:07:06 CEST 2020] 'um.MEINEDOMAIN.de' is not a issued domain, skip.
[information] Updated Let's Encrypt certificate for um.MEINEDOMAIN.de
[information] Let's Encrypt certificates have been updated
[information] apache::createIpPort: creating ip/port settings for  188.68.60.164:80
[debug] 188.68.60.164:80 :: inserted vhostcontainer
[information] apache::createIpPort: creating ip/port settings for  188.68.60.164:443
[debug] 188.68.60.164:443 :: inserted vhostcontainer
[information] apache::createIpPort: creating ip/port settings for  [2a03:4000:1b:74::1]:80
[debug] [2a03:4000:1b:74::1]:80 :: inserted vhostcontainer
[information] apache::createIpPort: creating ip/port settings for  [2a03:4000:1b:74::1]:443
[debug] [2a03:4000:1b:74::1]:443 :: inserted vhostcontainer
[information] apache::createVirtualHosts: creating vhost container for domain 37, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 42, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 27, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 26, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 28, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 39, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 41, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 24, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 25, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 10, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 22, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 36, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 31, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 11, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 6, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 8, customer dobue
[information] apache::createVirtualHosts: creating vhost container for domain 7, customer dobue
[information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/
[information] apache::writeConfigs: rebuilding /etc/apache2/htpasswd/
[information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/
[information] Froxlor\Cron\Http\ApacheFcgi::reload: fpm config directory "/etc/php/7.0/fpm/pool.d/" is empty. Creating dummy.
[information] Froxlor\Cron\Http\ApacheFcgi::reload: running service php7.0-fpm restart
[information] Froxlor\Cron\Http\ApacheFcgi::reload: running service php7.3-fpm restart
[information] Froxlor\Cron\Http\ApacheFcgi::reload: fpm config directory "/etc/php/7.4/fpm/pool.d/" is empty. Creating dummy.
[information] Froxlor\Cron\Http\ApacheFcgi::reload: running service php7.4-fpm restart
[information] Froxlor\Cron\Http\ApacheFcgi::reload: reloading Froxlor\Cron\Http\ApacheFcgi
[notice] Creating passwd file
[notice] Writing 1 entries to passwd file
[notice] Succesfully wrote passwd file
[notice] Creating group file
[notice] Writing 1 entries to group file
[notice] Succesfully wrote group file
[notice] Creating shadow file
[notice] Writing 1 entries to shadow file
[notice] Succesfully wrote shadow file
[notice] Checking system's last guid
[root@meinserver /var/log/apache2]#

 

Was mich wundert ist die Tatsache, dass er nur 6 Domains bzw. subdomains auf Letsencrypt "abklappert": Ich hab aber in Froxlor insgesamt 14 Domains bzw. individuelle Zertifkate generieren lassen.

Kann es sein das mit den obigen 6 Zerts was nicht stimmt und er deshalb jedesmal die Configs neu schreibt?

 

gruss

 

 

ZUSATZ:  Die ganzen Zertis für alle meine 16 Domains/Subdomains in /etc/ssl/froxlor-custom/ werden übrigens alle 5min auch komplett neu geschrieben durch den Cronjob... Weiss nicht ob das relevant ist..?!

Link to comment
Share on other sites

  • 0
28 minutes ago, schnudeldudel said:

Kann es sein das mit den obigen 6 Zerts was nicht stimmt und er deshalb jedesmal die Configs neu schreibt?

Ja, steht doch da:  'oc.MEINEDOMAIN.de' is not a issued domain, skip.

Das heisst, du hast irgendein froxlor <> acme.sh mischmasch was froxlor nicht abgleichen kann. Lösche die Zertifikate aus froxlor und sofern existent aus /root/.acme.sh/[betreffende-domain] und versuch dann noch mal von vorne die Zertifikate zu beantragen via froxlor

Link to comment
Share on other sites

  • 0

Perfekt. Das war es! DANKE!!!!

Zitat

[root@meinserver~]# php /var/www/html/froxlor/scripts/froxlor_master_cronjob.php --debug --letsencrypt
[information] Requesting/renewing Let's Encrypt certificates
[information] No new certificates or certificates due for renewal found
[notice] Checking system's last guid
[root@meinserver~]#

 

sollte nun passen!

Wäre das evtl. etwas, was man irgendwie prüfen kann innerhalb froxlor...so dass andere nicht in das gleiche Problem laufen...?

gruss

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...