Froxlor
Froxlor copied to clipboard
froxlor
Problem renewing letsencrypt certificates (just doesnt even try)
Describe the bug A clear and concise description of what the bug is. Upgraded from froxlor 0.10.x in Mid march. This was also a new server. process was create new server, shutdown old system, sync files and copy database to new machine. installed the froxlor deb package, did update steps, change php version etc. All been working ok for last few months
I have a few 'dead' domains that need removing, but are deactivated.
I havent had any letsencrypt auto update since the update. I currently have many >20 that are expired including the panel vhost.
I run
root@froxlor:/var/www/html# /var/www/html/froxlor/bin/froxlor-cli froxlor:cron 'letsencrypt' -d -vvv
Checking froxlor file permissions...OK
Running "letsencrypt" job (debug)
[information] Checking for LetsEncrypt client upgrades before renewing certificates:
[Mon May 8 19:52:37 BST 2023] Already uptodate!
[Mon May 8 19:52:37 BST 2023] Upgrade success!
[Mon May 8 19:52:38 BST 2023] Installing cron job
24 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[Mon May 8 19:52:38 BST 2023] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
[information] No new certificates or certificate updates found
[notice] Checking system's last guid
if i run it with a -f
I then get extra in output
[error] Could not find certificate-folder '/root/.acme.sh/DOMAIN1/'
[error] Could not get Let's Encrypt certificate for DOMAIN1:
[error] Could not find certificate-folder '/root/.acme.sh/DOMAIN2/'
[error] Could not get Let's Encrypt certificate for DOMAIN2:
I have found that if I do the following it gets it to create a certificate in mysql erase the validtodate in the table with
update domain_ssl_settings set validtodate=null where domainid=DOMAINID limit 1 ;
It seems that the acme.sh script that gets installed in roots home doesnt have the domains except the ones Ive managed to wipe the valid date in the database, should it?
As said Ive had it regenerate them for a couple of urgent domains, but left it for others so that I can assist in resolving this.
Is there a step in an upgrade step that I have missed?
Will this renew correctly in July? when next due?
System information
- Froxlor version: 2.0.19
- Web server: apache2
- DNS server: Bind
- POP/IMAP server: Courier
- SMTP server: postfix
- FTP server: proftpd
- OS/Version: Ubuntu 22.04
To Reproduce Steps to reproduce the behavior: Happy to give mysql data etc to duplicate but as production system cant just wipe froxlor and redo so not sure how to describe further to allow 'reproducing'
settings for ssl key size 4096 not ecc/ecdsa had reuse certificates on and tried off validate dns names is off path to acme.sh: /root/.acme.sh/acme.sh path to acme snippet: /etc/apache2/conf-enabled/acme.conf acme environment letsencrypt live path for letsencrypt challenges: /var/www/html/froxlor
Expected behavior Lets Encrypt certificates to not expire but renew
Did you try running https://docs.froxlor.org/latest/admin-guide/cli-scripts/#validate-acme-webroot to check if the acme.sh configs are up-to-date with the new path
Just done that and it reports
[INFO] No domain configuration file found in '/root/.acme.sh'
several dozen times
and still same issue
if i then again blank the validtodate field and the cron job then runs and requests a certificate.
then rerunning the validate-acme-webroot lists an entry with getting info for and the domain name that i just blanked the field for
Yes, there is still a bug here.
You may have a domain where the certificate cannot be renewed and then the whole process will stop working after a short time until you have identified the defective domain.
Make a database query which domain either has an expired certificate or could not generate one
maybe : https://github.com/Froxlor/Froxlor/issues/1035
