froxlor vhost not getting LE cert?

[sporkman]

Trying to figure out what's going on with this one...

Was running an older version that I guess had some issues with Let's Encrypt renewals, and back then to "fix" it the easiest option was to nuke existing certs and let the panel/ACME.sh recreate them. After nuking the cert for the panel itself, froxlor seems to no longer be able to create a config for the "Enable Let's Encrypt for the froxlor vhost" option.

I've toggled it on and off, but that hasn't done anything.

Here's a debug run of the cron job:

[root@php8 /usr/local/www]# /usr/local/bin/php -q /usr/local/www/froxlor/bin/froxlor-cli froxlor:cron 'tasks' --debug --force
Checking froxlor file permissions...OK
Running "tasks" job (forced) (debug)
[information] TasksCron: Searching for tasks to do
[information] Running Let's Encrypt cronjob prior to regenerating webserver config files
[information] Checking for LetsEncrypt client upgrades before renewing certificates:
[Sun Sep 10 19:02:01 EDT 2023] Already uptodate!
[Sun Sep 10 19:02:01 EDT 2023] Upgrade success!
[Sun Sep 10 19:02:01 EDT 2023] Installing cron job
59 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[Sun Sep 10 19:02:01 EDT 2023] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
[error] Could not find file 'example1.com.cer' in '/root/.acme.sh/example1.com/'
[error] Could not find file 'ca.cer' in '/root/.acme.sh/example1.com/'
[error] Could not find file 'fullchain.cer' in '/root/.acme.sh/example1.com/'
[error] Could not find file 'example1.com.csr' in '/root/.acme.sh/example1.com/'
[error] Could not get Let's Encrypt certificate for sprickman.com:

[information] Updated Let's Encrypt certificate for example2.com
[information] Let's Encrypt certificates have been updated
[information] apache::createIpPort: creating ip/port settings for  10.10.10.10:80
[debug] 216.220.96.55:80 :: inserted vhostcontainer
[information] apache::createIpPort: creating ip/port settings for  10.10.10.10:443
[debug] 216.220.96.55:443 :: inserted vhostcontainer
[information] apache::createVirtualHosts: creating vhost container for domain 4, customer example2
[information] apache::createVirtualHosts: creating vhost container for domain 5, customer example3
[information] apache::createVirtualHosts: creating vhost container for domain 2, customer example1
[information] apache::createVirtualHosts: creating vhost container for domain 6, customer example3
[information] apache::createVirtualHosts: creating vhost container for domain 1, customer example1
[information] apache::writeConfigs: rebuilding /usr/local/etc/apache24/froxlor-diropts/
[information] apache::writeConfigs: rebuilding /usr/local/etc/apache24/froxlor-htpasswd/
[information] apache::writeConfigs: rebuilding /usr/local/etc/apache24/froxlor-vhosts/
[information] Froxlor\Cron\Http\ApacheFcgi::reload: running service php-fpm restart
[10-Sep-2023 19:02:01] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful

[10-Sep-2023 19:02:01] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful

[information] Froxlor\Cron\Http\ApacheFcgi::reload: reloading Froxlor\Cron\Http\ApacheFcgi
Syntax OK
Syntax OK
[notice] Checking system's last guid
[root@php8 /usr/local/www]#

Removing and adding an SSL cert for a test user/domain works fine. No changes to the froxlor panel vhost after this though.

I'm digging around in the db, but not yet seeing anything obvious there to recreate this.

[d00p]

after removing the certiticate from froxlor try also removing it from acme.sh itself (for a fresh restart):

/root/.acme.sh/acme.sh --remove -d [domain]

 

[sporkman]

Didn't get a chance to try that, I instead pulled an old db backup and grabbed the "domain_ssl_settings" table and inserted the old froxlor vhost entry from there. That seems to have fixed things.

Perhaps that cert shouldn't have a "delete" option next to it if there's no (simple) path to recovery?

[sporkman]

Did you want any other info or no?

[d00p]

No, all good. The delete option for let's encrypt certificates will be removed (they are removed when deactivated)