veto Posted October 27, 2020 Share Posted October 27, 2020 On one server with nearly the same setup I have enabled: "Let's Encrypt for the froxlor vhost is set" But Froxlor silently did not create it on this server, on the other server it's doing it fine. Sure I miss some other settings, but it's not easy to find it when I don't get any error. Where can start with? Link to comment Share on other sites More sharing options...
0 d00p Posted October 29, 2020 Share Posted October 29, 2020 well did you run the cronjob manually with --force --debug to check for potential problems? Link to comment Share on other sites More sharing options...
0 veto Posted October 31, 2020 Author Share Posted October 31, 2020 Thanks, I run it with /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --force --debug and now the host domain grallator.com has a letsencrypt cert domain and its working:) But just 2 days ago on this server the virtualhost huahin.vin is not getting a letsencrypt cert. I'm facing this problem since a couple of months with other domains on other new installations. Now I see that there is a folder ~/.acme.sh/ in my root and it holds as well certs related files like: ca.cer fullchain.cer huahin.vin.cer huahin.vin.conf huahin.vin.conf.removed huahin.vin.csr huahin.vin.csr.conf huahin.vin.key I was aware of to the /etc/ssl/froxlor-custom/ where i have my certs what the apache server use: -rw------- 1 root root 1648 Oct 31 11:37 huahin.vin_CA.pem -rw------- 1 root root 1648 Oct 31 11:37 huahin.vin_chain.pem -rw------- 1 root root 2264 Oct 31 11:37 huahin.vin.crt -rw------- 1 root root 3912 Oct 31 11:37 huahin.vin_fullchain.pem -rw------- 1 root root 3247 Oct 31 11:37 huahin.vin.key I don't understand the functionality of this .~/.acme.sh this is what im getting when i run the froxlor letsencrypt script: root@grallator /etc/cron.d/ # /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug --force [information] Checking for LetsEncrypt client upgrades before renewing certificates: [Sat 31 Oct 2020 11:59:10 AM +07] Already uptodate! [Sat 31 Oct 2020 11:59:10 AM +07] Upgrade success! [Sat 31 Oct 2020 11:59:10 AM +07] Installing cron job 4 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null [information] Updated Let's Encrypt certificate for huahin.vin [information] Updated Let's Encrypt certificate for changnooy.city [information] Updated Let's Encrypt certificate for changnooi.city [information] Let's Encrypt certificates have been updated [information] TasksCron: Searching for tasks to do sh: 1: /etc/init.d/dkim-filter: not found [information] Dkim-milter reloaded [information] Task4 started - Rebuilding froxlor_bind.conf [information] Cleaning dns zone files from /etc/bind/domains/ [debug] domId domain ismainbutsubto parent domain list of child domain ids [debug] 11 changnooi.city 0 - [debug] 10 changnooy.city 0 - [debug] 8 huahin.vin 0 - [debug] none grallator.com 0 - [information] `/etc/bind/domains/changnooi.city.zone` written [debug] Generating dns config for changnooi.city [information] `/etc/bind/domains/changnooy.city.zone` written [debug] Generating dns config for changnooy.city [information] `/etc/bind/domains/huahin.vin.zone` written [debug] Generating dns config for huahin.vin [information] `/etc/bind/domains/grallator.com.zone` written [debug] Generating dns config for grallator.com [information] froxlor_bind.conf written [information] Bind daemon reloaded [information] Task4 finished [information] Running Let's Encrypt cronjob prior to regenerating webserver config files [information] Checking for LetsEncrypt client upgrades before renewing certificates: [Sat 31 Oct 2020 11:59:11 AM +07] Already uptodate! [Sat 31 Oct 2020 11:59:11 AM +07] Upgrade success! [Sat 31 Oct 2020 11:59:11 AM +07] Installing cron job 4 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null [information] Updated Let's Encrypt certificate for huahin.vin [information] Updated Let's Encrypt certificate for changnooy.city [information] Updated Let's Encrypt certificate for changnooi.city [information] Let's Encrypt certificates have been updated [information] apache::createIpPort: creating ip/port settings for 103.22.183.243:80 [notice] 103.22.183.243:80 :: namevirtualhost-statement no longer needed for apache-2.4 [debug] 103.22.183.243:80 :: inserted vhostcontainer [information] apache::createIpPort: creating ip/port settings for 103.22.183.243:443 [debug] 103.22.183.243:443 :: inserted vhostcontainer [information] apache::createVirtualHosts: creating vhost container for domain 11, customer changnooy [information] apache::createVirtualHosts: creating vhost container for domain 10, customer changnooy [information] apache::createVirtualHosts: creating vhost container for domain 8, customer huahin [information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/ [information] apache::writeConfigs: rebuilding /etc/apache2/htpasswd/ [information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/ [information] Froxlor\Cron\Http\ApacheFcgi::reload: running service php7.4-fpm restart [information] Froxlor\Cron\Http\ApacheFcgi::reload: reloading Froxlor\Cron\Http\ApacheFcgi [notice] Creating passwd file [notice] Writing 3 entries to passwd file [notice] Succesfully wrote passwd file [notice] Creating group file [notice] Writing 3 entries to group file [notice] Succesfully wrote group file [notice] Creating shadow file [notice] Writing 3 entries to shadow file [notice] Succesfully wrote shadow file [notice] Checking system's last guid Link to comment Share on other sites More sharing options...
0 d00p Posted October 31, 2020 Share Posted October 31, 2020 Froxlor uses acme.sh for the let's encrypt certificates. Acme.sh holds its configs and certificates in /root/.acme.sh/ Link to comment Share on other sites More sharing options...
0 veto Posted October 31, 2020 Author Share Posted October 31, 2020 at this moment the update of the expired certificated for huahin.vin does not work. But I created 2 other new domains 3 days ago and it created them fine. i found this renew issue on my other servers as well. After I manually disable ssl and then enable it, it eventually renewed it. Link to comment Share on other sites More sharing options...
0 veto Posted October 31, 2020 Author Share Posted October 31, 2020 This is what I found out now: when I enter to the /root/.acme.sh folder and run the script there called acme.sh with parameter --renew-all It works!! Example: # ./acme.sh --renew-all Link to comment Share on other sites More sharing options...
0 d00p Posted October 31, 2020 Share Posted October 31, 2020 Well the renew process is purely managed by acme.sh itself, it has its own cronjob. Be sure it's activated Link to comment Share on other sites More sharing options...
0 veto Posted October 31, 2020 Author Share Posted October 31, 2020 i did not find any instruction in the configuration guide only i see this for cronjob: /usr/bin/php /var/www/froxlor/scripts/froxlor_master_cronjob.php --run-task 99 /etc/init.d/cron reload Link to comment Share on other sites More sharing options...
0 veto Posted October 31, 2020 Author Share Posted October 31, 2020 Link to comment Share on other sites More sharing options...
0 veto Posted October 31, 2020 Author Share Posted October 31, 2020 and this is my /etc/cron.d/froxlor file: root@grallator /etc/cron.d/ # cat froxlor # automatically generated cron-configuration by froxlor # do not manually edit this file as it will be re-generated periodically. PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # */5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --tasks 1> /dev/null 0 0 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --traffic 1> /dev/null 5 0 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --usage_report 1> /dev/null 0 */6 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --mailboxsize 1> /dev/null */5 * * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt 1> /dev/null 10 0 * * * root /usr/bin/nice -n 5 /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --backup 1> /dev/null Link to comment Share on other sites More sharing options...
0 d00p Posted October 31, 2020 Share Posted October 31, 2020 the cronjob installs acme.sh and it installs the cronjob if not exists. You can verify that the acme.sh cronjob is installed by typing "crontab -e" in the shell as root user. It should show something like 2 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null Link to comment Share on other sites More sharing options...
Question
veto
On one server with nearly the same setup I have enabled: "Let's Encrypt for the froxlor vhost is set"
But Froxlor silently did not create it on this server, on the other server it's doing it fine.
Sure I miss some other settings, but it's not easy to find it when I don't get any error.
Where can start with?
Link to comment
Share on other sites
10 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now