Jump to content
Froxlor Forum
  • 0

Froxlor 0.10.29.1 (DB: 202109040) New domain no letsencrypt => error!


Question

Posted

Hello,

 

i was unable to add a new domain with froxlor version 0.10.29.1. No own dns server is used, instead external 1.1.1.1 and 1.0.0.1 is used. I got an error:

he domains DNS does not include any of the chosen IP addresses. Let's Encrypt certificate generation not possible.

other domains that created before with version 0.10.28.x are working and in .acme/... certificates are created, also they are available in /etc/ssl/custom-froxlor. So what's happend?

Setting the panel-domain tables entry for domian letsencrypt and run

php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug

creates the certificates in /root/.acme.sh, but they are not present in /etc/ssl/custom-froxlor.

 

Any suggestions?

Untitled.jpg

4 answers to this question

Recommended Posts

  • 0
Posted

This also happened to me. What I did was first create the domain without SSL, and once done, this will add a A record for the new domain to the DNS and then I was able to create the certificate SSL with Let's encrypt.

So basically I have to do it in two steps, this behavior I think is different when Froxlor was using certbot, I remember creating my previous domains and SSL certificates in one step. It's not a big deal but I just thought it was worth to mention.

Is it also your case @d00p?

Thanks,

 

  • 0
Posted

I am also having some trouble to understand this.

Actually my web server is on an internal network and there is a proxy/router/port-forwarder in front of it. So the public IP (listed in DNS A record) will never be assigned to the webserver.

How does this prevent getting a let's encrypt certificate?

As of my understanding it's a challange-response where let's encrypt is fetching some token from my webserver (which will work). Just Froxlor does not know the actual public IP. In my case it's even a dynamic IP so the DNS A record is changing every now and then.

  • 0
Posted
3 minutes ago, Rainer Meier said:

I am also having some trouble to understand this.

Actually my web server is on an internal network and there is a proxy/router/port-forwarder in front of it. So the public IP (listed in DNS A record) will never be assigned to the webserver.

How does this prevent getting a let's encrypt certificate?

As of my understanding it's a challange-response where let's encrypt is fetching some token from my webserver (which will work). Just Froxlor does not know the actual public IP. In my case it's even a dynamic IP so the DNS A record is changing every now and then.

Actually just digged in the code in the hope to be able to override the check and found it in lib/Froxlor/Api/Commands/Domains.php:284. Turns out the check can be disabled also in settings. So I found the related switch in Settings -> SSL Settings => "Validate DNS of domains when using Let's Encrypt".

Turn off this option and it will work.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...