October 27, 20205 yr On one server with nearly the same setup I have enabled: "Let's Encrypt for the froxlor vhost is set" But Froxlor silently did not create it on this server, on the other server it's doing it fine. Sure I miss some other settings, but it's not easy to find it when I don't get any error. Where can start with?
October 29, 20205 yr well did you run the cronjob manually with --force --debug to check for potential problems?
October 31, 20205 yr Author Thanks, I run it with /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --force --debug and now the host domain grallator.com has a letsencrypt cert domain and its working:) But just 2 days ago on this server the virtualhost huahin.vin is not getting a letsencrypt cert. I'm facing this problem since a couple of months with other domains on other new installations. Now I see that there is a folder ~/.acme.sh/ in my root and it holds as well certs related files like: ca.cer fullchain.cer huahin.vin.cer huahin.vin.conf huahin.vin.conf.removed huahin.vin.csr huahin.vin.csr.conf huahin.vin.key I was aware of to the /etc/ssl/froxlor-custom/ where i have my certs what the apache server use: -rw------- 1 root root 1648 Oct 31 11:37 huahin.vin_CA.pem -rw------- 1 root root 1648 Oct 31 11:37 huahin.vin_chain.pem -rw------- 1 root root 2264 Oct 31 11:37 huahin.vin.crt -rw------- 1 root root 3912 Oct 31 11:37 huahin.vin_fullchain.pem -rw------- 1 root root 3247 Oct 31 11:37 huahin.vin.key I don't understand the functionality of this .~/.acme.sh this is what im getting when i run the froxlor letsencrypt script: root@grallator /etc/cron.d/ # /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug --force [information] Checking for LetsEncrypt client upgrades before renewing certificates: [Sat 31 Oct 2020 11:59:10 AM +07] Already uptodate! [Sat 31 Oct 2020 11:59:10 AM +07] Upgrade success! [Sat 31 Oct 2020 11:59:10 AM +07] Installing cron job 4 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null [information] Updated Let's Encrypt certificate for huahin.vin [information] Updated Let's Encrypt certificate for changnooy.city [information] Updated Let's Encrypt certificate for changnooi.city [information] Let's Encrypt certificates have been updated [information] TasksCron: Searching for tasks to do sh: 1: /etc/init.d/dkim-filter: not found [information] Dkim-milter reloaded [information] Task4 started - Rebuilding froxlor_bind.conf [information] Cleaning dns zone files from /etc/bind/domains/ [debug] domId domain ismainbutsubto parent domain list of child domain ids [debug] 11 changnooi.city 0 - [debug] 10 changnooy.city 0 - [debug] 8 huahin.vin 0 - [debug] none grallator.com 0 - [information] `/etc/bind/domains/changnooi.city.zone` written [debug] Generating dns config for changnooi.city [information] `/etc/bind/domains/changnooy.city.zone` written [debug] Generating dns config for changnooy.city [information] `/etc/bind/domains/huahin.vin.zone` written [debug] Generating dns config for huahin.vin [information] `/etc/bind/domains/grallator.com.zone` written [debug] Generating dns config for grallator.com [information] froxlor_bind.conf written [information] Bind daemon reloaded [information] Task4 finished [information] Running Let's Encrypt cronjob prior to regenerating webserver config files [information] Checking for LetsEncrypt client upgrades before renewing certificates: [Sat 31 Oct 2020 11:59:11 AM +07] Already uptodate! [Sat 31 Oct 2020 11:59:11 AM +07] Upgrade success! [Sat 31 Oct 2020 11:59:11 AM +07] Installing cron job 4 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null [information] Updated Let's Encrypt certificate for huahin.vin [information] Updated Let's Encrypt certificate for changnooy.city [information] Updated Let's Encrypt certificate for changnooi.city [information] Let's Encrypt certificates have been updated [information] apache::createIpPort: creating ip/port settings for 103.22.183.243:80 [notice] 103.22.183.243:80 :: namevirtualhost-statement no longer needed for apache-2.4 [debug] 103.22.183.243:80 :: inserted vhostcontainer [information] apache::createIpPort: creating ip/port settings for 103.22.183.243:443 [debug] 103.22.183.243:443 :: inserted vhostcontainer [information] apache::createVirtualHosts: creating vhost container for domain 11, customer changnooy [information] apache::createVirtualHosts: creating vhost container for domain 10, customer changnooy [information] apache::createVirtualHosts: creating vhost container for domain 8, customer huahin [information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/ [information] apache::writeConfigs: rebuilding /etc/apache2/htpasswd/ [information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/ [information] Froxlor\Cron\Http\ApacheFcgi::reload: running service php7.4-fpm restart [information] Froxlor\Cron\Http\ApacheFcgi::reload: reloading Froxlor\Cron\Http\ApacheFcgi [notice] Creating passwd file [notice] Writing 3 entries to passwd file [notice] Succesfully wrote passwd file [notice] Creating group file [notice] Writing 3 entries to group file [notice] Succesfully wrote group file [notice] Creating shadow file [notice] Writing 3 entries to shadow file [notice] Succesfully wrote shadow file [notice] Checking system's last guid
October 31, 20205 yr Froxlor uses acme.sh for the let's encrypt certificates. Acme.sh holds its configs and certificates in /root/.acme.sh/
October 31, 20205 yr Author at this moment the update of the expired certificated for huahin.vin does not work. But I created 2 other new domains 3 days ago and it created them fine. i found this renew issue on my other servers as well. After I manually disable ssl and then enable it, it eventually renewed it.
October 31, 20205 yr Author This is what I found out now: when I enter to the /root/.acme.sh folder and run the script there called acme.sh with parameter --renew-all It works!! Example: # ./acme.sh --renew-all
October 31, 20205 yr Well the renew process is purely managed by acme.sh itself, it has its own cronjob. Be sure it's activated
October 31, 20205 yr Author i did not find any instruction in the configuration guide only i see this for cronjob: /usr/bin/php /var/www/froxlor/scripts/froxlor_master_cronjob.php --run-task 99 /etc/init.d/cron reload
October 31, 20205 yr Author and this is my /etc/cron.d/froxlor file: root@grallator /etc/cron.d/ # cat froxlor # automatically generated cron-configuration by froxlor # do not manually edit this file as it will be re-generated periodically. PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # */5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --tasks 1> /dev/null 0 0 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --traffic 1> /dev/null 5 0 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --usage_report 1> /dev/null 0 */6 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --mailboxsize 1> /dev/null */5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt 1> /dev/null 10 0 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --backup 1> /dev/null
October 31, 20205 yr the cronjob installs acme.sh and it installs the cronjob if not exists. You can verify that the acme.sh cronjob is installed by typing "crontab -e" in the shell as root user. It should show something like 2 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
Archived
This topic is now archived and is closed to further replies.