Forum

Bizarrus · (This post was last modified: 03-22-2019, 11:13 PM by Bizarrus.)

Additional, i don't provide SSL certs for www. Subdomains.

The problem is (and it is a standard and default behavior), that root domains (e.g. example.com) will be redirected to www.example.com or recursive way (www to non-www). Subdomains doesn't have www. Sub- sub- sub- sub- (you can stretch it long, if you like!) subdomain prefixes. www-subdomains are only from users, there have no experiences or an standard.

Quote:Relying on a third-party list seems a bit unreliable to me - especially as it slowly goes out of date and would need an update...

But here you have no disadvantages. Why? You have an official suffix list from Mozilla - Here you get only changes if ICANN start to publish new TLD's, the file can be cached.

What is your default behavior without these Feature? Yes, you using Regular Expression or check the End of Domain with your knowing TLD's. And if you forgot someone, you must edit these function each time if you register new domain names.

Quote:As Sentora already separates domains from subdomains, surely the above conditional that I suggested could be applied to only domains (and not any subdomains)? Sentora will always add a www alias to any domains added to the system, so why not just follow this behaviour and keep it simple?

Thats a great idea, but on other systems (for sample Debian), here you can curiously add Subdomains as Domain names - That is not that, what the Certcreation want. But i can provide a configuration for that, you can set your option what you want.

fearworks · 03-23-2019, 02:05 AM

(03-22-2019, 10:30 PM)Bizarrus Wrote: You have an official suffix list from Mozilla - Here you get only changes if ICANN start to publish new TLD's, the file can be cached.

That is exactly what I am talking about - as soon as new TLDs come along, the file is out of date unless everyone downloads an update to your module when that happens, or your module automatically downloads the list each time it runs, which seems wasteful.

Anyway, I am only making suggestions so if you do not think they are valid then ignore them Big Grin

Keith.

Bizarrus · 03-23-2019, 02:12 AM

Quote:That is exactly what I am talking about - as soon as new TLDs come along, the file is out of date unless everyone downloads an update to your module when that happens, or your module automatically downloads the list each time it runs, which seems wasteful.

That is, why i had talking about an caching Wink

And no, the List is not served by the module, the list will be fetched.

fearworks · 03-23-2019, 03:20 AM

(03-23-2019, 02:12 AM)Bizarrus Wrote: That is, why i had talking about an caching And no, the List is not served by the module, the list will be fetched.

Ok, I look forward to seeing it in action!

Keith.

Ron-e · 03-23-2019, 04:22 PM

i don't have much time to test why but i get a HTTP ERROR 500 on one of my servers.
CentOS release 6.10 (Final)
Sentora: 1.0.3
Apache Version: 2.2.15
PHP Version: 5.6.39
MySQL Version: 5.5.62

Bizarrus · (This post was last modified: 03-23-2019, 07:19 PM by Bizarrus.)

You can check the log files. With no informations, i can't help out.

Which apache modules are installed?

My first thought: open basedir restrictions

On simple test with an online sandbox (http://sandbox.onlinephpfunctions.com/) with PHP 5.6.29, i've got following error:

Quote:Warning: dirname() has been disabled for security reasons in [...][...] on line 2

And i think, that's the problem. I will try to solve these for older PHP versions.

Can you try to modify following lines to solve the problem?
/etc/sentora/panel/modules/letsencrypt/code/controller.ext.php

PHP Code:
// From
require_once(dirname(__FILE__, 1) . '/ACMECert.php');
require_once(dirname(__FILE__, 1) . '/TLD.php');
require_once(dirname(__FILE__, 1) . '/LetsEncrypt.php');

// To
require_once('ACMECert.php');
require_once('TLD.php');
require_once('LetsEncrypt.php'); 

Bizarrus · (This post was last modified: 03-24-2019, 06:17 AM by Bizarrus.)

Here is a status update of the development process with screenshots.

As Admin, you get the Settings-Tab. Here you can edit some configurations, depends on last disscussion's posts by Keith Smile

And here are some other screenshots:
[Image: le2j0jll.png]

The development process of wildcard certificates is currently somewhat ongoing. It will surely take until tomorrow until I release version 1.0.4 here.

Here is the current ToDo list, which will be implemented until tomorrow:

[OK] Fix open_basedir restrictions on PHP's require
[OK] Adding some admin settings
[OK, must be Tested] Create installation/deinstallation/update process
[OK] Check TLD by public TLD list or only via database
[OK] Create Caching (1 week) for public TLD list (see admin settings)
[Not Finished] Create cronjob on Sentora Daemon
[OPEN] Remove certificates if domain was deleted
[OPEN] Remove all necessary certificate files on revoke
[OK] If cert is available, change the displayed text of outdated certs
[OK] Adding renewing button on list
[OK] Adding renewing process
[OPEN] Adding CAA entry on DNS for letsencrypt.org (see CAA Mandated by CA/Browser Forum)
[OK] UI: Beautify
[OK] UI: adding Tabs for normal certificates and wildcard certificates
[OK] UI: change alerts depends on their state (error, info, success,...)
[OPEN] Restore domains (and delete certificates) on module deinstallation process
[OK] Fix VHost template with chain file for a valid SSL configuration
[OPEN] Create autoresolver on Cronjob (before Apache-Reload) to check if mod_ssl defaults listen the port 443
[Not Finished] Create Wildcard support
[OPEN] If wildcard revoked, delete all VHost settings on subdomains
[OPEN] Cronjob: If wildcard created, add VHost settings on subdomains

For version 1.0.5, as upcoming features:

User can select if the domain will be redirected to the port (depends on the VHost settings Port Override & Forward Port 80 to Overriden Port)
Show & Download generated Certificates

fearworks · 03-24-2019, 06:17 AM

(03-24-2019, 06:13 AM)Bizarrus Wrote: Here is a status update of the development process with screenshots.

As Admin, you get the Settings-Tab. Here you can edit some configurations, depends on last disscussion's posts by Keith

And here are some other screenshots:

The development process of wildcard certificates is currently somewhat ongoing. It will surely take until tomorrow until I release version 1.0.4 here.

Here is the current ToDo list, which will be implemented until tomorrow:
[OK] Fix open_basedir restrictions on PHP's require

[OK] Adding some admin settings

[OK, must be Tested] Create installation/deinstallation/update process

[OK] Check TLD by public TLD list or only via database

[OK] Create Caching (1 week) for public TLD list (see admin settings)

[Not Finished] Create cronjob on Sentora Daemon

[OPEN] Remove certificates if domain was deleted

[OPEN] Remove all necessary certificate files on revoke

[OK] If cert is available, change the displayed text of outdated certs

[OK] Adding renewing button on list

[OK] Adding renewing process

[OPEN] Adding CAA entry on DNS for letsencrypt.org (see CAA Mandated by CA/Browser Forum)

[OK] UI: Beautify

[OK] UI: adding Tabs for normal certificates and wildcard certificates

[OK] UI: change alerts depends on their state (error, info, success,...)

[OPEN] Restore domains (and delete certificates) on module deinstallation process

[OK] Fix VHost template with chain file for a valid SSL configuration

[OPEN] Create autoresolver on Cronjob (before Apache-Reload) to check if mod_ssl defaults listen the port 443

[Not Finished] Create Wildcard support

[OPEN] If wildcard revoked, delete all VHost settings on subdomains

[OPEN] Cronjob: If wildcard created, add VHost settings on subdomains

Looks like you've made some good progress Big Grin

Is this latest version available to download anywhere yet? GitHub shows the latest commit as two days ago.

Keith

Bizarrus · 03-24-2019, 06:19 AM

(03-24-2019, 06:17 AM)fearworks Wrote: Looks like you've made some good progress

Is this latest version available to download anywhere yet? GitHub shows the latest commit as two days ago.

Keith

The current changes are not stable yet. I will commit these updates tomorrow. The update will be published if i had tested all the functions.

But if you like, i can send you the current files via private message as ZIP package.

fearworks · 03-24-2019, 06:32 AM

(03-24-2019, 06:19 AM)Bizarrus Wrote: The current changes are not stable yet. I will commit these updates tomorrow. The update will be published if i had tested all the functions.

But if you like, i can send you the current files via private message as ZIP package.

I don't mind waiting until you are ready to release it.

Also, it would be nice if you made the "Adding CAA entry on DNS for letsencrypt.org" optional within the admin settings as some people may not want their DNS messing with without permission Big Grin

I have already modified the DNS Bind module on my servers to include the CAA (TYPE257) certificate in my domain DNS, and I imagine some others may already have this in place too. This is because I have previously been using a manual method of creating and adding Let's Encrypt certificates via SSH, so I needed it in place already Smile

Thanks for your efforts!

Keith.

Possibly Related Threads…
Thread	Author	Replies	Views	Last Post
[Module] ELFileManager (build on elfinder)	Diablo925	94	288 ,711	05-30-2024, 05:25 AM Last Post: TGates
[MODULE] phpMyAdmin-AU (Auto-Update)	TGates	14	44 ,850	06-15-2021, 06:54 AM Last Post: TGates
[MODULE] SenBrand - Basic Branding module for Sentora	TGates	20	49 ,334	06-04-2021, 11:47 AM Last Post: ccr1969