June 21, 20205 yr My monitoring alerted me that SSL certificates from Froxlor sites are expiring. As in, the first one triggered my warning level of 24 days. I see the PHP code only loads certificates from disk now, and a recent commit message says that acme.sh is supposed to renew? Am I missing a cron? My /etc/cron.d/froxlor is: # automatically generated cron-configuration by froxlor # do not manually edit this file as it will be re-generated periodically. PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # */5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --tasks 1> /dev/null 0 0 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --traffic 1> /dev/null 5 0 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --usage_report 1> /dev/null 0 */6 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --mailboxsize 1> /dev/null */5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt 1> /dev/null It's dated 2020-03-08, 10:20: # lh /etc/cron.d/froxlor -rw-r----- 1 root root 840 mrt 8 10:20 /etc/cron.d/froxlor I think that's when I dist-upgraded Debian. My latest Froxlox update was 2020-06-14 09:23:52, to version 0.10.18-1. The files in /etc/ssl/froxlor are not newer, so it's not an issue with loading the certificates, what 'froxlor_master_cronjob.php --letsencrypt' now does.
June 21, 20205 yr Froxlor Just runs the install-cronjob on acme.sh. if you run "crontab -e" as root you should see the corresponding line for acme.sh
June 21, 20205 yr Author I had checked that actually, there is no cron for root. There are no crons in /var/spool/cron/crontabs. I just ran 'acme.sh --install-crobjob' by hand, and it created a cron job. runIssueFor() in AcmeSh.php runs 'acme.sh --install-crobjob' on issue. So in other words, when you upgrade to the Froxlor version with the new acme system, you won't get the cronjob until you issue new certificates?
June 21, 20205 yr 24 minutes ago, halfgaar said: runIssueFor() in AcmeSh.php runs 'acme.sh --install-crobjob' on issue. So in other words, when you upgrade to the Froxlor version with the new acme system, you won't get the cronjob until you issue new certificates? looks like you are right yes, must have missed that when refactoring to another technique. Can you open up an issue on GitHub for this please? So we can keep track and I'll find a way to fix that
June 22, 20205 yr 14 hours ago, halfgaar said: I just ran 'acme.sh --install-crobjob' by hand, and it created a cron job. thanks
June 22, 20205 yr Author Something still amiss. The certificate wasn't updated. It was created in /root/.acme.sh, but not in /etc/ssl/froxlor. It didn't do anything, until I ran the cronjob with the --debug flag. That's something that seems to happen more often to me (requiring --debug to make the jobs work). When I run it multiple times, now, I see it still wants to pick up that domain again and again: root@myfroxlorserver: /etc/cron.d <master> # /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug [information] Updated Let's Encrypt certificate for thedomain.nl [information] Let's Encrypt certificates have been updated [notice] Checking system's last guid root@myfroxlorserver: /etc/cron.d <master> # /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug [information] Updated Let's Encrypt certificate for thedomain.nl [information] Let's Encrypt certificates have been updated [notice] Checking system's last guid root@myfroxlorserver: /etc/cron.d <master> # /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug [information] Updated Let's Encrypt certificate for thedomain.nl [information] Let's Encrypt certificates have been updated [notice] Checking system's last guid I'm at work now, so I can't check further. As for the crobjob, I keep typing that for some reason...
June 22, 20205 yr Author I'm confused. That's how it's run from the crontab /etc/cron.d/froxlor. See my original post. But, it doesn't seem to do anything (the files in /etc/ssl/froxlor were not updated), until I add --debug. And even then, it keeps thinking the domain 'thedomain.nl' (and only this one) has a new certificate, every time I run it. Once dealt with, I expect it not to show up as 'Updated Let's Encrypt certificate' anymore.
June 22, 20205 yr --letsencrypt is just historically there. The main action is included in --tasks cronjob (which --force triggers). If its not doing anything then there's nothing to do. Update/renew is done by acme.sh itself. Froxlor just synchronizes the certificates from acme.sh's homedir with its database.
June 23, 20205 yr Author I'm still not 100% on the original issue I had, but it's probably related to this ticket I just made.
June 25, 20205 yr Can you verify that it works with the changes introduced in https://github.com/Froxlor/Froxlor/commit/a141c83ad48191a5460c14a6098b5f18ae49b473
June 26, 20205 yr Author I saw the Github notification. I didn't have the opportunity to test. Anyway, that fix worked.
Archived
This topic is now archived and is closed to further replies.