ajenti-letsencrypt icon indicating copy to clipboard operation
ajenti-letsencrypt copied to clipboard

Published 20 hours ago verified publisher icon herooutoftime

Doesn't work with Ajenti V

Open jakobfdev opened this issue 8 years ago • 5 comments

Hi, assuming Ajenti V is of concern, I wanna point out some problems that will occur, just in case someone tries to use this plugin in combination with Ajenti V.

Since Ajenti V creates nginx config (server statement) for each "hosting" (including multiple domain names) and this plugin creates another server statement, the server_name definition overlaps and nginx return

conflicting server name "example.com" on 0.0.0.0:80, ignored

since either the Ajenti V server config, or this plugin's config is loaded first. Either way, the last config with duplicate server_name gets ignored. This makes it impossible to have this global config, that opens up the acme-challenge folder for the configured domains.

This is either a flaw in the logic of this plugin, or it definitely is not compatible with Ajenti V or other nginx-config creating plugins.

Can someone confirm this?

Also after creating the config (when saving the Letsencrypt form), the nginx config gets created, but nginx is not told to reload, therefore the changes do not take effect...

I'm willing to make suggestions or participate in improving the plugin. Just let me know if you want to keep developing this

jakobfdev avatar Jan 29 '17 22:01 jakobfdev

@jBOKA May I add you as a collaborator?

herooutoftime avatar Feb 01 '17 08:02 herooutoftime

Go ahead

Andreas Bilz [email protected] schrieb am Mi., 1. Feb. 2017, 09:23:

@jBOKA https://github.com/jBOKA May I add you as a collaborator?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/herooutoftime/ajenti-letsencrypt/issues/4#issuecomment-276599019, or mute the thread https://github.com/notifications/unsubscribe-auth/AINVhqrW7cn1DjYc5JHFxDGitCCKhKOrks5rYEEbgaJpZM4Lw7rm .

jakobfdev avatar Feb 01 '17 08:02 jakobfdev

Since the letsencrypt.sh submodule wasn't really installing itself and it looks to me this is not the best dependency I thought about a new approach.

I tried integrating certbot instead https://certbot.eff.org/about/ which is a python based letsencrypt client. The project seems to be in active development.

The integration eventually worked out pretty nicely. A dependency for certbot should be added, so that ajenti knows when to activate it. For the current state see my fork...

With the approach you took @herooutoftime and simultaneously serving websites with ajenti-v it wouldn't be possible to validate certificates without restarting and deactivating the other configs.

There actually is a workaround, by adding adding a nginx location directives in the custom field of the ajenti-v website settings, but this would have to be done for each website entry in ajenti-v. At least this allows for making certbot work without any nginx restarts.

bildschirmfoto von 2017-02-01 21-58-47

Best solution would be the integration into ajenti-v, but I don't know about their plugin structure.

Are you still up to putting effort into this?

jakobfdev avatar Feb 01 '17 21:02 jakobfdev

Just saw, proper setup would by via corresponding static entries under Content

jakobfdev avatar Feb 02 '17 00:02 jakobfdev

Hey there, I showed up today trying to fork @jBOKA's master and some issues I had on an Ubuntu 16.01.2 LTS. I tried to follow along with certbot's instructions to get it installed but wasn't able to follow along or really get what the purpose of each option was in relation to the setup procedure, and saving and requesting or setting up the cron didn't put anything anywhere.

But it also didn't raise an error like the the current master does.

EntranceJew avatar Feb 01 '18 19:02 EntranceJew