IP Konfiguration in der Cloud (Google, Aws,..)

[Thomas Privat]

Hallo,

ich habe gerade ein Problem mit der Erstellung von Letsencrypt Zertifikaten.

Mein Froxlor läuft auf einer VM in einer Cloud. Bei den meisten Clouds ist es ja so das die VMs interne IP Adressen bekommen. Man kann dann eine Public IP auf die interne natten.

Welche IP Adresse muss ich dann im Froxlor Konfigurieren ? Für Port 80 funktioniert es wenn die interne IP (10.x.x.x) unter IPsandPorts  konfiguriert ist, Der Traffic wird dann einfach durchgenattet.

Für SSL funktioniert das nicht, wenn ich die interne IP eintrage, bekomme ich wenn ich SSL für eine Domain aktivieren möchte einen Fehler das diese IP nicht im DNS eingetragen ist (logisch weil intern).

Ich hab jetzt die interne und die public IP als SSL IP konfiguriert und eingetragen und der Domain zugewiesen, leider werden keine Zertifikate generiert.

Wie ist denn die IP Konfiguration korrekt wenn man hinter einem Loadbalancer oder in der Cloud mit private IP ist ?

 

Hier schonmal die Ausgabe von  froxlor_master_cronjob.php --letsencrypt --debug
Aktuell schlägt das Rate Limit zu, ich denke aber das ist von den fehlgeschlagenen Requests ?

[information] Checking for LetsEncrypt client upgrades before renewing certificates:
[Fri Mar 11 15:00:27 UTC 2022] Already uptodate!
[Fri Mar 11 15:00:27 UTC 2022] Upgrade success!
[Fri Mar 11 15:00:27 UTC 2022] Installing cron job
1 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[information] Requesting 2 new Let's Encrypt certificates
[information] Creating certificate for xxxxx.info
[information] Adding common-name: xxxxx.info
[information] Adding SAN entry: www. xxxxx.info
[information] Validating DNS of xxxxx.info
[information] Validating DNS of www. xxxxx.info
[Fri Mar 11 15:00:27 UTC 2022] Lets find script dir.
[Fri Mar 11 15:00:27 UTC 2022] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri Mar 11 15:00:27 UTC 2022] _script='/root/.acme.sh/acme.sh'
[Fri Mar 11 15:00:27 UTC 2022] _script_home='/root/.acme.sh'
[Fri Mar 11 15:00:27 UTC 2022] Using default home:/root/.acme.sh
[Fri Mar 11 15:00:27 UTC 2022] Using config home:/root/.acme.sh
[Fri Mar 11 15:00:27 UTC 2022] Using server: https://acme-v02.api.letsencrypt.org/directory
[Fri Mar 11 15:00:27 UTC 2022] Running cmd: issue
[Fri Mar 11 15:00:27 UTC 2022] _main_domain=' xxxxx.info'
[Fri Mar 11 15:00:27 UTC 2022] _alt_domains='www. xxxxx.info'
[Fri Mar 11 15:00:27 UTC 2022] Using config home:/root/.acme.sh
[Fri Mar 11 15:00:27 UTC 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri Mar 11 15:00:27 UTC 2022] DOMAIN_PATH='/root/.acme.sh/ xxxxx.info'
[Fri Mar 11 15:00:27 UTC 2022] Le_NextRenewTime
[Fri Mar 11 15:00:27 UTC 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri Mar 11 15:00:27 UTC 2022] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri Mar 11 15:00:27 UTC 2022] GET
[Fri Mar 11 15:00:27 UTC 2022] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri Mar 11 15:00:27 UTC 2022] timeout=
[Fri Mar 11 15:00:27 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri Mar 11 15:00:28 UTC 2022] ret='0'
[Fri Mar 11 15:00:28 UTC 2022] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri Mar 11 15:00:28 UTC 2022] ACME_NEW_AUTHZ
[Fri Mar 11 15:00:28 UTC 2022] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Mar 11 15:00:28 UTC 2022] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri Mar 11 15:00:28 UTC 2022] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri Mar 11 15:00:28 UTC 2022] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Fri Mar 11 15:00:28 UTC 2022] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri Mar 11 15:00:28 UTC 2022] _on_before_issue
[Fri Mar 11 15:00:28 UTC 2022] _chk_main_domain=' xxxxx.info'
[Fri Mar 11 15:00:28 UTC 2022] _chk_alt_domains='www. xxxxx.info'
[Fri Mar 11 15:00:28 UTC 2022] Le_LocalAddress
[Fri Mar 11 15:00:28 UTC 2022] d=' xxxxx.info'
[Fri Mar 11 15:00:28 UTC 2022] Check for domain=' xxxxx.info'
[Fri Mar 11 15:00:28 UTC 2022] _currentRoot='/var/www/html'
[Fri Mar 11 15:00:28 UTC 2022] d='www. xxxxx.info'
[Fri Mar 11 15:00:28 UTC 2022] Check for domain='www. xxxxx.info'
[Fri Mar 11 15:00:28 UTC 2022] _currentRoot='/var/www/html'
[Fri Mar 11 15:00:28 UTC 2022] d
[Fri Mar 11 15:00:28 UTC 2022] _saved_account_key_hash is not changed, skip register account.
[Fri Mar 11 15:00:28 UTC 2022] Read key length:4096
[Fri Mar 11 15:00:28 UTC 2022] Using config home:/root/.acme.sh
[Fri Mar 11 15:00:28 UTC 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri Mar 11 15:00:28 UTC 2022] Use length 4096
[Fri Mar 11 15:00:28 UTC 2022] Using RSA: 4096
[Fri Mar 11 15:00:28 UTC 2022] _createcsr
[Fri Mar 11 15:00:28 UTC 2022] d='www. xxxxx.info'
[Fri Mar 11 15:00:29 UTC 2022] d
[Fri Mar 11 15:00:29 UTC 2022] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Mar 11 15:00:29 UTC 2022] payload='{"identifiers": [{"type":"dns","value":" xxxxx.info"},{"type":"dns","value":"www. xxxxx.info"}]}'
[Fri Mar 11 15:00:29 UTC 2022] RSA key
[Fri Mar 11 15:00:29 UTC 2022] HEAD
[Fri Mar 11 15:00:29 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri Mar 11 15:00:29 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
[Fri Mar 11 15:00:29 UTC 2022] _ret='0'
[Fri Mar 11 15:00:29 UTC 2022] POST
[Fri Mar 11 15:00:29 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Mar 11 15:00:29 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri Mar 11 15:00:30 UTC 2022] _ret='0'
[Fri Mar 11 15:00:30 UTC 2022] code='429'
[Fri Mar 11 15:00:30 UTC 2022] Le_LinkOrder
[Fri Mar 11 15:00:30 UTC 2022] Le_OrderFinalize
[Fri Mar 11 15:00:30 UTC 2022] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Fri Mar 11 15:00:30 UTC 2022] pid
[Fri Mar 11 15:00:30 UTC 2022] No need to restore nginx, skip.
[Fri Mar 11 15:00:30 UTC 2022] _clearupdns
[Fri Mar 11 15:00:30 UTC 2022] dns_entries
[Fri Mar 11 15:00:30 UTC 2022] skip dns.
[Fri Mar 11 15:00:30 UTC 2022] _on_issue_err
[Fri Mar 11 15:00:30 UTC 2022] Please add '--debug' or '--log' to check more details.
[Fri Mar 11 15:00:30 UTC 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Fri Mar 11 15:00:30 UTC 2022] socat doesn't exist.
[Fri Mar 11 15:00:30 UTC 2022] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.1f  31 Mar 2020
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
[debug] https://github.com/acmesh-official/acme.sh
v3.0.2
[Fri Mar 11 15:00:28 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Mar 11 15:00:28 UTC 2022] Creating domain key
[Fri Mar 11 15:00:28 UTC 2022] The domain key is here: /root/.acme.sh/ xxxxx.info/ xxxxx.info.key
[Fri Mar 11 15:00:28 UTC 2022] Multi domain='DNS: xxxxx.info,DNS:www. xxxxx.info'
[Fri Mar 11 15:00:28 UTC 2022] Getting domain auth token for each domain
[error] Could not find file ' xxxxx.info.cer' in '/root/.acme.sh/ xxxxx.info/'
[error] Could not find file 'ca.cer' in '/root/.acme.sh/ xxxxx.info/'
[error] Could not find file 'fullchain.cer' in '/root/.acme.sh/ xxxxx.info/'
[error] Could not get Let's Encrypt certificate for xxxxx.info:
https://github.com/acmesh-official/acme.sh
v3.0.2
[Fri Mar 11 15:00:28 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Mar 11 15:00:28 UTC 2022] Creating domain key
[Fri Mar 11 15:00:28 UTC 2022] The domain key is here: /root/.acme.sh/ xxxxx.info/ xxxxx.info.key
[Fri Mar 11 15:00:28 UTC 2022] Multi domain='DNS: xxxxx.info,DNS:www. xxxxx.info'
[Fri Mar 11 15:00:28 UTC 2022] Getting domain auth token for each domain
[information] Creating certificate for dev. xxxxx.info
[information] Adding common-name: dev. xxxxx.info
[information] Adding SAN entry: www.dev. xxxxx.info
[information] Validating DNS of dev. xxxxx.info
[information] Validating DNS of www.dev. xxxxx.info
[Fri Mar 11 15:00:30 UTC 2022] Lets find script dir.
[Fri Mar 11 15:00:30 UTC 2022] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri Mar 11 15:00:30 UTC 2022] _script='/root/.acme.sh/acme.sh'
[Fri Mar 11 15:00:30 UTC 2022] _script_home='/root/.acme.sh'
[Fri Mar 11 15:00:30 UTC 2022] Using default home:/root/.acme.sh
[Fri Mar 11 15:00:30 UTC 2022] Using config home:/root/.acme.sh
[Fri Mar 11 15:00:30 UTC 2022] Using server: https://acme-v02.api.letsencrypt.org/directory
[Fri Mar 11 15:00:30 UTC 2022] Running cmd: issue
[Fri Mar 11 15:00:30 UTC 2022] _main_domain='dev. xxxxx.info'
[Fri Mar 11 15:00:30 UTC 2022] _alt_domains='www.dev. xxxxx.info'
[Fri Mar 11 15:00:30 UTC 2022] Using config home:/root/.acme.sh
[Fri Mar 11 15:00:30 UTC 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri Mar 11 15:00:30 UTC 2022] DOMAIN_PATH='/root/.acme.sh/dev. xxxxx.info'
[Fri Mar 11 15:00:30 UTC 2022] Le_NextRenewTime
[Fri Mar 11 15:00:30 UTC 2022] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri Mar 11 15:00:30 UTC 2022] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri Mar 11 15:00:30 UTC 2022] GET
[Fri Mar 11 15:00:30 UTC 2022] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri Mar 11 15:00:30 UTC 2022] timeout=
[Fri Mar 11 15:00:30 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri Mar 11 15:00:30 UTC 2022] ret='0'
[Fri Mar 11 15:00:30 UTC 2022] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri Mar 11 15:00:30 UTC 2022] ACME_NEW_AUTHZ
[Fri Mar 11 15:00:30 UTC 2022] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Mar 11 15:00:30 UTC 2022] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri Mar 11 15:00:30 UTC 2022] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri Mar 11 15:00:30 UTC 2022] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Fri Mar 11 15:00:30 UTC 2022] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri Mar 11 15:00:31 UTC 2022] _on_before_issue
[Fri Mar 11 15:00:31 UTC 2022] _chk_main_domain='dev. xxxxx.info'
[Fri Mar 11 15:00:31 UTC 2022] _chk_alt_domains='www.dev. xxxxx.info'
[Fri Mar 11 15:00:31 UTC 2022] Le_LocalAddress
[Fri Mar 11 15:00:31 UTC 2022] d='dev. xxxxx.info'
[Fri Mar 11 15:00:31 UTC 2022] Check for domain='dev. xxxxx.info'
[Fri Mar 11 15:00:31 UTC 2022] _currentRoot='/var/www/html'
[Fri Mar 11 15:00:31 UTC 2022] d='www.dev. xxxxx.info'
[Fri Mar 11 15:00:31 UTC 2022] Check for domain='www.dev. xxxxx.info'
[Fri Mar 11 15:00:31 UTC 2022] _currentRoot='/var/www/html'
[Fri Mar 11 15:00:31 UTC 2022] d
[Fri Mar 11 15:00:31 UTC 2022] _saved_account_key_hash is not changed, skip register account.
[Fri Mar 11 15:00:31 UTC 2022] Read key length:4096
[Fri Mar 11 15:00:31 UTC 2022] Using config home:/root/.acme.sh
[Fri Mar 11 15:00:31 UTC 2022] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri Mar 11 15:00:31 UTC 2022] Use length 4096
[Fri Mar 11 15:00:31 UTC 2022] Using RSA: 4096
[Fri Mar 11 15:00:31 UTC 2022] _createcsr
[Fri Mar 11 15:00:31 UTC 2022] d='www.dev. xxxxx.info'
[Fri Mar 11 15:00:31 UTC 2022] d
[Fri Mar 11 15:00:31 UTC 2022] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Mar 11 15:00:31 UTC 2022] payload='{"identifiers": [{"type":"dns","value":"dev. xxxxx.info"},{"type":"dns","value":"www.dev. xxxxx.info"}]}'
[Fri Mar 11 15:00:31 UTC 2022] RSA key
[Fri Mar 11 15:00:31 UTC 2022] HEAD
[Fri Mar 11 15:00:31 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri Mar 11 15:00:31 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g  -I  '
[Fri Mar 11 15:00:32 UTC 2022] _ret='0'
[Fri Mar 11 15:00:32 UTC 2022] POST
[Fri Mar 11 15:00:32 UTC 2022] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Mar 11 15:00:32 UTC 2022] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Fri Mar 11 15:00:32 UTC 2022] _ret='0'
[Fri Mar 11 15:00:32 UTC 2022] code='429'
[Fri Mar 11 15:00:32 UTC 2022] Le_LinkOrder
[Fri Mar 11 15:00:32 UTC 2022] Le_OrderFinalize
[Fri Mar 11 15:00:32 UTC 2022] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Fri Mar 11 15:00:32 UTC 2022] pid
[Fri Mar 11 15:00:32 UTC 2022] No need to restore nginx, skip.
[Fri Mar 11 15:00:32 UTC 2022] _clearupdns
[Fri Mar 11 15:00:32 UTC 2022] dns_entries
[Fri Mar 11 15:00:32 UTC 2022] skip dns.
[Fri Mar 11 15:00:32 UTC 2022] _on_issue_err
[Fri Mar 11 15:00:32 UTC 2022] Please add '--debug' or '--log' to check more details.
[Fri Mar 11 15:00:32 UTC 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Fri Mar 11 15:00:32 UTC 2022] socat doesn't exist.
[Fri Mar 11 15:00:32 UTC 2022] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.1f  31 Mar 2020
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
[debug] https://github.com/acmesh-official/acme.sh
v3.0.2
[Fri Mar 11 15:00:31 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Mar 11 15:00:31 UTC 2022] Creating domain key
[Fri Mar 11 15:00:31 UTC 2022] The domain key is here: /root/.acme.sh/dev. xxxxx.info/dev. xxxxx.info.key
[Fri Mar 11 15:00:31 UTC 2022] Multi domain='DNS:dev. xxxxx.info,DNS:www.dev. xxxxx.info'
[Fri Mar 11 15:00:31 UTC 2022] Getting domain auth token for each domain
[error] Could not find file 'dev. xxxxx.info.cer' in '/root/.acme.sh/dev. xxxxx.info/'
[error] Could not find file 'ca.cer' in '/root/.acme.sh/dev. xxxxx.info/'
[error] Could not find file 'fullchain.cer' in '/root/.acme.sh/dev. xxxxx.info/'
[error] Could not get Let's Encrypt certificate for dev. xxxxx.info:
https://github.com/acmesh-official/acme.sh
v3.0.2
[Fri Mar 11 15:00:31 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Mar 11 15:00:31 UTC 2022] Creating domain key
[Fri Mar 11 15:00:31 UTC 2022] The domain key is here: /root/.acme.sh/dev. xxxxx.info/dev. xxxxx.info.key
[Fri Mar 11 15:00:31 UTC 2022] Multi domain='DNS:dev. xxxxx.info,DNS:www.dev. xxxxx.info'
[Fri Mar 11 15:00:31 UTC 2022] Getting domain auth token for each domain
[information] Let's Encrypt certificates have been updated
[notice] Creating passwd file
[notice] Writing 2 entries to passwd file
[notice] Succesfully wrote passwd file
[notice] Creating group file
[notice] Writing 1 entries to group file
[notice] Succesfully wrote group file
[notice] Creating shadow file
[notice] Writing 2 entries to shadow file
[notice] Succesfully wrote shadow file
[notice] Checking system's last guid

 

Viele Grüße, Thomas

 

 

 

[d00p]

11 minutes ago, Thomas Privat said:

Welche IP Adresse muss ich dann im Froxlor Konfigurieren ?

die Öffentliche...

[Thomas Privat]

Hi!

Da muss man wohl beide IP Adressen eintragen damit es funktioniert.

Die externe wird benötigt weil scheinbar überprüft wird ob diese IP im DNS eingetragen ist, das muss natürlich die externe sein.

Die interne wird benötigt das diese im SSL vhost konfiguriert wird, sonst wird kein SSL ausgegeben.

Grüße!

[d00p]

Du kannst, wenn du dir sicher bist das DNS technisch alles passt, die Prüfung auf DNS-Einträge für Let's Encrypt auch in den Einstellunge deaktivieren (Settings -> SSL Settings)