Jump to content
Froxlor Forum
  • 0

Missing acme.sh cron?


halfgaar

Question

My monitoring alerted me that SSL certificates from Froxlor sites are expiring. As in, the first one triggered my warning level of 24 days. I see the PHP code only loads certificates from disk now, and a recent commit message says that acme.sh is supposed to renew?

Am I missing a cron? My /etc/cron.d/froxlor is:

# automatically generated cron-configuration by froxlor
# do not manually edit this file as it will be re-generated periodically.
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
#
*/5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --tasks 1> /dev/null
0 0 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --traffic 1> /dev/null
5 0 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --usage_report 1> /dev/null
0 */6 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --mailboxsize 1> /dev/null
*/5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt 1> /dev/null

It's dated 2020-03-08, 10:20:

# lh /etc/cron.d/froxlor 
-rw-r----- 1 root root 840 mrt  8 10:20 /etc/cron.d/froxlor

I think that's when I dist-upgraded Debian. My latest Froxlox update was 2020-06-14  09:23:52, to version 0.10.18-1.

The files in /etc/ssl/froxlor are not newer, so it's not an issue with loading the certificates, what 'froxlor_master_cronjob.php --letsencrypt' now does.

Link to comment
Share on other sites

18 answers to this question

Recommended Posts

  • 0

I had checked that actually, there is no cron for root. There are no crons in /var/spool/cron/crontabs.

I just ran 'acme.sh --install-crobjob' by hand, and it created a cron job.

runIssueFor() in AcmeSh.php runs 'acme.sh --install-crobjob'  on issue. So in other words, when you upgrade to the Froxlor version with the new acme system, you won't get the cronjob until you issue new certificates?

Link to comment
Share on other sites

  • 0
24 minutes ago, halfgaar said:

runIssueFor() in AcmeSh.php runs 'acme.sh --install-crobjob'  on issue. So in other words, when you upgrade to the Froxlor version with the new acme system, you won't get the cronjob until you issue new certificates?

looks like you are right yes, must have missed that when refactoring to another technique. Can you open up an issue on GitHub for this please? So we can keep track and I'll find a way to fix that ;)

Link to comment
Share on other sites

  • 0

Something still amiss. The certificate wasn't updated. It was created in /root/.acme.sh, but not in /etc/ssl/froxlor. It didn't do anything, until I ran the cronjob with the --debug flag. That's something that seems to happen more often to me (requiring --debug to make the jobs work).

When I run it multiple times, now, I see it still wants to pick up that domain again and again:

root@myfroxlorserver: /etc/cron.d <master>
# /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug
[information] Updated Let's Encrypt certificate for thedomain.nl
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid
  
root@myfroxlorserver: /etc/cron.d <master>
# /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug
[information] Updated Let's Encrypt certificate for thedomain.nl
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid
  
root@myfroxlorserver: /etc/cron.d <master>
# /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug
[information] Updated Let's Encrypt certificate for thedomain.nl
[information] Let's Encrypt certificates have been updated
[notice] Checking system's last guid

I'm at work now, so I can't check further.

As for the crobjob, I keep typing that for some reason...

Link to comment
Share on other sites

  • 0

I'm confused. That's how it's run from the crontab /etc/cron.d/froxlor. See my original post. But, it doesn't seem to do anything (the files in /etc/ssl/froxlor were not updated), until I add --debug. And even then, it keeps thinking the domain 'thedomain.nl' (and only this one) has a new certificate, every time I run it. Once dealt with, I expect it not to show up as 'Updated Let's Encrypt certificate' anymore.

Link to comment
Share on other sites

  • 0

--letsencrypt is just historically there. The main action is included in --tasks cronjob (which --force triggers).

If its not doing anything then there's nothing to do. Update/renew is done by acme.sh itself. Froxlor just synchronizes the certificates from acme.sh's homedir with its database.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...