[SSL LE] Difference between acme.sh and Froxlor crons

[logicbloke]

Hi,

I'm just wondering what the difference is between the following 2 folders:

Quote

 

/root/.acme.sh/domain.com/*

/etc/ssl/froxlor-custom/*

 

Why is froxlor installing acme.sh cron everytime it runs at 3am everyday especially since the 5-min let's encrypt froxlor cron is already in place? Also, all my db config points to /etc/ssl/froxlor-custom for the domains and all keys/certificates inside that folder have a different md5 from the ones under /root/.acme.sh/, so I'm wondering what's with the mismatch? Are we updating certificates for domains twice?

 

If anyone can shed some more light on this, it will be very much appreciated.

 

Many thanks!

[d00p]

If you are using a recent version of froxlor it's like this:

If let's encrypt is activated for a domain, froxlors cronjob calls acme.sh to issue a certificate.

From this point on, acme.sh takes care of the certificate and it's renewal.

Froxlors cronjob simply checks for changes (new domains, SAN list changes, or similar) to issue to acme.sh.

Any renewal is a simple filesystem synchronisation from /root/.acme.sh/ to froxlors database. The cronjob then creates the certificate files in /etc/ssl/froxlor-custom/ from the contents of the database. The content can vary depending on the used Webserver because it's htttp oriented for the vhosts (e.g. cert + key + chain, or similar)