Froxlor icon indicating copy to clipboard operation
Froxlor copied to clipboard

Published 20 hours ago verified publisher icon froxlor

Check certificate for expiration

Open JB1985 opened this issue 2 years ago • 9 comments

Is your feature request related to a problem? Please describe.

I keep having the problem that certificates are not renewed. I just don't know why.

Describe the solution you'd like

A check of the expiry date of the certificates and if a certificate expires in X days send email to the admin.

Describe alternatives you've considered

The alternative would be that the customer report that his certificate has expired and then be angry.

JB1985 avatar Jun 04 '22 07:06 JB1985

Would love to have a notification if a certificate didn't get renewed and is only 1-2 days before expiration

DaDenniX avatar Jun 08 '22 09:06 DaDenniX

can confirm the issue. certs are not being renewed

jucajuca avatar Jul 03 '22 16:07 jucajuca

can confirm the issue. certs are not being renewed

As already discussed on discord and forum, it's acme.sh related. Renew is done by acme and froxlor just synchronizes

d00p avatar Jul 03 '22 17:07 d00p

same problem here

drexlma avatar Aug 12 '22 06:08 drexlma

workaround: cronjob with mail notification

mysql -u froxlor -pxxxxxxx froxlor -e "SELECT domainid, (SELECT domain FROM panel_domains WHERE id = domainid) FROM domain_ssl_settings where expirationdate < NOW() + interval 5 day" > /opt/docker/expirationdate_ssl

if [ -s /opt/docker/expirationdate_ssl ]
then
	cat /opt/docker/expirationdate_ssl | mail -s "!! SSL expirationdate" [email protected]
	rm /opt/docker/expirationdate_ssl
else
    echo "NO expirationdate_ssl"
fi

drexlma avatar Aug 12 '22 06:08 drexlma

I had to

  1. update acme.sh
  2. Th delete the certs in the froxlor panel
  3. Eventually also remove the cert files from amce.sh
  4. renew the certs through the terminal: /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --force

jucajuca avatar Aug 12 '22 08:08 jucajuca

I had to

  1. update acme.sh
  2. Th delete the certs in the froxlor panel
  3. Eventually also remove the cert files from amce.sh
  4. renew the certs through the terminal: /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --force

Yes, I have to do that too. But I will soon build a shell script for this because this problem occurs on several servers and more often.

drexlma avatar Aug 12 '22 08:08 drexlma

Froxlor automatically runs acme.sh --upgrade before issueing / synchronizing certificates, see https://github.com/Froxlor/Froxlor/blob/master/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php#L633

d00p avatar Aug 12 '22 08:08 d00p

my Workaround

<pre><?php
// https://github.com/Froxlor/Froxlor/blob/master/doc/example/create_customer.php
$accessip = 'xxx.xxx.xxx.xxx';
$lifetimecheck = 60*60*24*7;

if($_SERVER['REMOTE_ADDR'] != $accessip){
	die('no Access!');
}

require __DIR__ . '/doc/example/FroxlorAPI.php';
$fapi = new FroxlorAPI('https://froxlor.your-host.tld/api.php', 'your-api-key', 'your-api-secret');


$fapi->request('Certificates.listing');

if (! empty($fapi->getLastError())) {
	echo "Error: " . $fapi->getLastError();
	exit();
}

$request = $fapi->getLastResponse();


foreach($request['list'] as $cert){
	$timetodie = strtotime($cert['expirationdate'])- time();
	
	if($timetodie < $lifetimecheck){
		
		$fapi->request('Certificates.delete', array('id' => $cert['id']));
		#print_r($fapi->getLastResponse());
		echo "[Warning] ";
		#exit;
	} else{
		continue; // Optional
		echo "[OK] "; // Optional
	}
	echo "(#".$cert['id'].") ".$cert['domain'] .' '.$timetodie;
	
	echo "\n";
	
	
}
echo 'finish';

php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug

drexlma avatar Aug 19 '22 18:08 drexlma