Jump to content
Froxlor Forum
  • 0

Froxlor 0.10.29.1 (DB: 202109040) New domain no letsencrypt => error!


MeinerEiner

Question

Hello,

 

i was unable to add a new domain with froxlor version 0.10.29.1. No own dns server is used, instead external 1.1.1.1 and 1.0.0.1 is used. I got an error:

he domains DNS does not include any of the chosen IP addresses. Let's Encrypt certificate generation not possible.

other domains that created before with version 0.10.28.x are working and in .acme/... certificates are created, also they are available in /etc/ssl/custom-froxlor. So what's happend?

Setting the panel-domain tables entry for domian letsencrypt and run

php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug

creates the certificates in /root/.acme.sh, but they are not present in /etc/ssl/custom-froxlor.

 

Any suggestions?

Untitled.jpg

Link to comment
Share on other sites

4 answers to this question

Recommended Posts

  • 0

This also happened to me. What I did was first create the domain without SSL, and once done, this will add a A record for the new domain to the DNS and then I was able to create the certificate SSL with Let's encrypt.

So basically I have to do it in two steps, this behavior I think is different when Froxlor was using certbot, I remember creating my previous domains and SSL certificates in one step. It's not a big deal but I just thought it was worth to mention.

Is it also your case @d00p?

Thanks,

 

Link to comment
Share on other sites

  • 0

I am also having some trouble to understand this.

Actually my web server is on an internal network and there is a proxy/router/port-forwarder in front of it. So the public IP (listed in DNS A record) will never be assigned to the webserver.

How does this prevent getting a let's encrypt certificate?

As of my understanding it's a challange-response where let's encrypt is fetching some token from my webserver (which will work). Just Froxlor does not know the actual public IP. In my case it's even a dynamic IP so the DNS A record is changing every now and then.

Link to comment
Share on other sites

  • 0
3 minutes ago, Rainer Meier said:

I am also having some trouble to understand this.

Actually my web server is on an internal network and there is a proxy/router/port-forwarder in front of it. So the public IP (listed in DNS A record) will never be assigned to the webserver.

How does this prevent getting a let's encrypt certificate?

As of my understanding it's a challange-response where let's encrypt is fetching some token from my webserver (which will work). Just Froxlor does not know the actual public IP. In my case it's even a dynamic IP so the DNS A record is changing every now and then.

Actually just digged in the code in the hope to be able to override the check and found it in lib/Froxlor/Api/Commands/Domains.php:284. Turns out the check can be disabled also in settings. So I found the related switch in Settings -> SSL Settings => "Validate DNS of domains when using Let's Encrypt".

Turn off this option and it will work.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...