Jump to content
Froxlor Forum
  • 0

Let's encrypt not working with Froxlor Vhost


Diogo Martino

Question

Hi. I've been trying to set up Froxlor with SSL and Let's Encrypt, and I've managed to do that in the customers domains easily, but I can't seem to do that with the Froxlor panel itself. All the SSL settings are enabled, here is my current configuration:

 

transferir.thumb.png.5f493fbb7d94c2eabc7af90003a26f58.png

Screenshot_2.thumb.png.f3e20d46e6097b7bb51ed2ff8da1a0ce.png

After saving this I tried to force run the froxlor cron with Domain aliases for froxlor vhost with "php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug" and even ran the configuration script again. When accessing the painel via the https://domain it shows a invalid certificate. The master cronjob script shows no output related to the panel domain. Am I doing something wrong?

Link to comment
Share on other sites

10 answers to this question

Recommended Posts

  • 0
11 minutes ago, d00p said:

1) nopaste the cron debug output please

2) did you add the system-hostname as domain aliases for froxlor vhost? the system-hostname itself is added in any case, do not add it again

2) Are you talking about the "Domain aliases for froxlor vhost"? It is indeed the same as the hostname, I removed it from there now. Not working yet.
1) 

[information] TasksCron: Searching for tasks to do
[information] Task4 started - Rebuilding froxlor_bind.conf
[information] Cleaning dns zone files from /etc/bind/domains/
[debug] domId    domain                                  ismainbutsubto parent domain                           list of child domain ids
[debug] 1        bruxiris.xyz                            0              -
[debug] 4        diogomartino.com                        0              -
[information] `/etc/bind/domains/bruxiris.xyz.zone` written
[debug] Generating dns config for bruxiris.xyz
[information] `/etc/bind/domains/diogomartino.com.zone` written
[debug] Generating dns config for diogomartino.com
[information] froxlor_bind.conf written
sh: 1: /etc/init.d/bind9: not found
[error] Error while running `/etc/init.d/bind9 reload`: exit code (127) - please check your system logs
[information] Task4 finished
[information] Running Let's Encrypt cronjob prior to regenerating webserver config files
[information] Checking for LetsEncrypt client upgrades before renewing certificates:
[Thu 22 Apr 2021 01:30:41 PM UTC] Already uptodate!
[Thu 22 Apr 2021 01:30:41 PM UTC] Upgrade success!
[Thu 22 Apr 2021 01:30:41 PM UTC] Installing cron job
3 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[information] Requesting 3 new Let's Encrypt certificates
[information] Creating certificate for diogomartino.com
[information] Adding common-name: diogomartino.com
[information] Validating DNS of diogomartino.com
[warning] Skipping Let's Encrypt generation for diogomartino.com due to no system known IP address via DNS check
[information] Creating certificate for pma.diogomartino.com
[information] Adding common-name: pma.diogomartino.com
[information] Validating DNS of pma.diogomartino.com
[warning] Skipping Let's Encrypt generation for pma.diogomartino.com due to no system known IP address via DNS check
[information] Creating certificate for roundcube.diogomartino.com
[information] Adding common-name: roundcube.diogomartino.com
[information] Validating DNS of roundcube.diogomartino.com
[warning] Skipping Let's Encrypt generation for roundcube.diogomartino.com due to no system known IP address via DNS check
[information] Updated Let's Encrypt certificate for bruxiris.xyz
[error] Could not find certificate-folder '/root/.acme.sh/diogomartino.com/'
[error] Could not get Let's Encrypt certificate for diogomartino.com:

[error] Could not find certificate-folder '/root/.acme.sh/pma.diogomartino.com/'
[error] Could not get Let's Encrypt certificate for pma.diogomartino.com:

[error] Could not find certificate-folder '/root/.acme.sh/roundcube.diogomartino.com/'
[error] Could not get Let's Encrypt certificate for roundcube.diogomartino.com:

[information] Let's Encrypt certificates have been updated
[information] apache::createIpPort: creating ip/port settings for  185.11.167.250:80
[notice] 185.11.167.250:80 :: namevirtualhost-statement no longer needed for apache-2.4
[debug] 185.11.167.250:80 :: inserted vhostcontainer
[information] apache::createIpPort: creating ip/port settings for  185.11.167.250:443
[debug] 185.11.167.250:443 :: inserted vhostcontainer
[information] apache::createVirtualHosts: creating vhost container for domain 7, customer diogomartino
[information] apache::createVirtualHosts: creating vhost container for domain 9, customer diogomartino
[information] apache::createVirtualHosts: creating vhost container for domain 1, customer diogomartino
[information] apache::createVirtualHosts: creating vhost container for domain 4, customer diogomartino
[information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/
[information] apache::writeConfigs: rebuilding /etc/apache2/htpasswd/
[information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/
[information] Froxlor\Cron\Http\Apache::reload: reloading Froxlor\Cron\Http\Apache
[notice] Checking system's last guid

 

Link to comment
Share on other sites

  • 0

I haven't noticed that, but I don't think that's the problem. That is happening because my domains where being proxied by cloudflare. I disabled the DNS check on the settings and now it's not giving that warning again. Still, there is no sign of the hostname on the let's encrypt output:

 

[information] TasksCron: Searching for tasks to do
[information] Task4 started - Rebuilding froxlor_bind.conf
[information] Cleaning dns zone files from /etc/bind/domains/
[debug] domId    domain                                  ismainbutsubto parent domain                           list of child domain ids
[debug] 1        bruxiris.xyz                            0              -
[debug] 4        diogomartino.com                        0              -
[information] `/etc/bind/domains/bruxiris.xyz.zone` written
[debug] Generating dns config for bruxiris.xyz
[information] `/etc/bind/domains/diogomartino.com.zone` written
[debug] Generating dns config for diogomartino.com
[information] froxlor_bind.conf written
sh: 1: /etc/init.d/bind9: not found
[error] Error while running `/etc/init.d/bind9 reload`: exit code (127) - please check your system logs
[information] Task4 finished
[information] Running Let's Encrypt cronjob prior to regenerating webserver config files
[information] Checking for LetsEncrypt client upgrades before renewing certificates:
[Thu 22 Apr 2021 01:52:59 PM UTC] Already uptodate!
[Thu 22 Apr 2021 01:52:59 PM UTC] Upgrade success!
[Thu 22 Apr 2021 01:52:59 PM UTC] Installing cron job
3 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[information] Updated Let's Encrypt certificate for bruxiris.xyz
[information] Updated Let's Encrypt certificate for diogomartino.com
[information] Updated Let's Encrypt certificate for pma.diogomartino.com
[information] Updated Let's Encrypt certificate for roundcube.diogomartino.com
[information] Let's Encrypt certificates have been updated
[information] apache::createIpPort: creating ip/port settings for  185.11.167.250:80
[notice] 185.11.167.250:80 :: namevirtualhost-statement no longer needed for apache-2.4
[debug] 185.11.167.250:80 :: inserted vhostcontainer
[information] apache::createIpPort: creating ip/port settings for  185.11.167.250:443
[debug] 185.11.167.250:443 :: inserted vhostcontainer
[information] apache::createVirtualHosts: creating vhost container for domain 7, customer diogomartino
[information] apache::createVirtualHosts: creating vhost container for domain 9, customer diogomartino
[information] apache::createVirtualHosts: creating vhost container for domain 1, customer diogomartino
[information] apache::createVirtualHosts: creating vhost container for domain 4, customer diogomartino
[information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/
[information] apache::writeConfigs: rebuilding /etc/apache2/htpasswd/
[information] apache::writeConfigs: rebuilding /etc/apache2/sites-enabled/
[information] Froxlor\Cron\Http\Apache::reload: reloading Froxlor\Cron\Http\Apache
[notice] Checking system's last guid

 

Link to comment
Share on other sites

  • 0
6 minutes ago, Diogo Martino said:

Still, there is no sign of the hostname on the let's encrypt output:

Your settings for froxlorvhost and let's encrypt seem ok, check the ssl-certificates page whether there is something shown for the froxlor-hostname. If not, try disabling and re.-enabling the let's encrypt checkbox for froxlor itself and try re-running the cron. Maybe there was some confusion with the froxlor-hostname being added to the aliases-domain list or similar, no idea. Never had any issues with LE for froxlor

Link to comment
Share on other sites

  • 0
5 minutes ago, d00p said:

Your settings for froxlorvhost and let's encrypt seem ok, check the ssl-certificates page whether there is something shown for the froxlor-hostname. If not, try disabling and re.-enabling the let's encrypt checkbox for froxlor itself and try re-running the cron. Maybe there was some confusion with the froxlor-hostname being added to the aliases-domain list or similar, no idea. Never had any issues with LE for froxlor

Well, the panel hostname is painel.diogomartino.com, which is a subdomain of a customer domain. Can this be the cause? Also, I checked the certificates page and it's only showing domains and subdomains of the customers.

Link to comment
Share on other sites

  • 0
7 minutes ago, Diogo Martino said:

Well, the panel hostname is painel.diogomartino.com, which is a subdomain of a customer domain. Can this be the cause?

no, no problem, the customer is just not able to use the "painel" subdomain. I do this on almost all machines.

7 minutes ago, Diogo Martino said:

Also, I checked the certificates page and it's only showing domains and subdomains of the customers.

And did you ttry disabling/re-enabling? 

Link to comment
Share on other sites

  • 0
4 minutes ago, d00p said:

no, no problem, the customer is just not able to use the "painel" subdomain. I do this on almost all machines.

And did you ttry disabling/re-enabling? 

Ok, I think I just fixed it. Yes, I tried that but it didn't work. I was digging a little more and I found a folder named /root/.acme.sh/ which had some stuff related to Let's Encrypt. I deleted it and ran  php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force --debug again and it rebuilt all the certificates correctly. It's now working correctly! Thanks for your help and for the work put into Froxlor 😉

Link to comment
Share on other sites

  • 0

well....you should definetly NOT delete just some folder...that's the main working folder for acme.sh / Let's Encrypt on which froxlor relies on (and just redownloads it anyway if not found). But you just removed the information for existing certificates so there will be no renew for them and most likely some other things won't work as expected.

Link to comment
Share on other sites

  • 0
24 minutes ago, d00p said:

well....you should definetly NOT delete just some folder...that's the main working folder for acme.sh / Let's Encrypt on which froxlor relies on (and just redownloads it anyway if not found). But you just removed the information for existing certificates so there will be no renew for them and most likely some other things won't work as expected.

Fuck.... Yes, I'm seeing now that all the customers domains are missing from the folder but everything seems to be working fine by now. They all show in the certificates page. What should I do to "rebuild" the folders I deleted? Recreate the domains?

EDIT: I unticked and ticked let's encrypt on all domains and re-ran the cron. It created all the certs again correctly. Should I still be worried? 😅

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...