[Module] Let's Encrypt

[Bizarrus]

Also, it would be nice if you made the "Adding CAA entry on DNS for letsencrypt.org" optional within the admin settings as some people may not want their DNS messing with without permission

I think, i will create two options:

• In admin settings, you can enable/disable these feature completely
  
• If it's enabled, the user can select/deselect these option for the domain
  

About your idea, i will move this ToDo entry to version 1.0.5, because here i will implement a better handling for creation with these settings.

[Ron-e]

You can check the log files. With no informations, i can't help out.

Which apache modules are installed?

My first thought: open basedir restrictions

On simple test with an online sandbox (http://sandbox.onlinephpfunctions.com/) with PHP 5.6.29, i've got following error:

And i think, that's the problem. I will try to solve these for older PHP versions.

Can you try to modify following lines to solve the problem?
/etc/sentora/panel/modules/letsencrypt/code/controller.ext.php

PHP Code:

// From
require_once(dirname(__FILE__, 1) . '/ACMECert.php');
require_once(dirname(__FILE__, 1) . '/TLD.php');
require_once(dirname(__FILE__, 1) . '/LetsEncrypt.php');

// To
require_once('ACMECert.php');
require_once('TLD.php');
require_once('LetsEncrypt.php'); 


yep this worked, but there was no TLD.php included so i guess that's part of the section your working on?

[Bizarrus]

yep this worked, but there was no TLD.php included so i guess that's part of the section your working on?

Oh, yep  thats my bad!

[Bizarrus]

Now, i have rolled out the Version 1.0.4!

Changelog: https://github.com/Bizarrus/Sentora-Lets.../README.md
Current ToDo: https://github.com/Bizarrus/Sentora-Lets....4/ToDo.md

The Wildcard features are currently EXPERIMENTAL, because its hard work with the performance. Let's Encrypt can only resumed, when the _acme-challenges are published on DNS. The implementation will take several days in advance, it's to complex for a development process in few hours! More Informations on the Changelog (GitHub)

[fearworks]

Now, i have rolled out the Version 1.0.4!

Changelog: https://github.com/Bizarrus/Sentora-Lets.../README.md
Current ToDo: https://github.com/Bizarrus/Sentora-Lets....4/ToDo.md

The Wildcard features are currently EXPERIMENTAL, because its hard work with the performance. Let's Encrypt can only resumed, when the _acme-challenges are published on DNS. The implementation will take several days in advance, it's to complex for a development process in few hours! More Informations on the Changelog (GitHub)

I am wondering what the point of the "Nameservers" section is? For one of my domains it tells me:

Code:

The domain example.co.uk is not managed by the name server ns1.example.co.uk, ns2.example.co.uk!
NS 1: ns1.mydns.com
NS 2: ns2.mydns.com
NS 3: ns3.mydns.com

and suggests that something is incorrect, using red text etc.

I am not sure what this has to do with Let's Encrypt certificates anyway, but there is nothing wrong with my DNS configuration.

Also I would like to suggest a few spelling/language corrections to some of the messages in the "controller.ext.php" file, and I hope you don't mind  :

Code:

The SSL certificate has been created.
The wildcard certificate has been requested. It takes up to 24 hours for the wildcard certificate to be delivered.
The wildcard certificate already exists.
The wildcard certificate has already been requested.
The SSL certificate already exists.
You can\'t revoke the certificate, it doesn\'t exist.
Error retrieving the Let\'s Encrypt certificate.
Error retrieving the Let\'s Encrypt wildcard certificate.
The SSL certificate has been revoked.
The SSL certificate can\'t be revoked. There was an internal error.
You can\'t renew the certificate as it doesn\'t exist.
The certificate can\'t be renewed.
The settings have been saved.
You do not have permission to perform this action!

Keith.

[Bizarrus]

This is only for Wildcards!
The domain must be managed by Sentora's DNS, otherwise the plugin cant manage the _acme-challenges of the domain for validation.External Nameservers are not supported, because when the wildcard certificate will be requested, you must add cryptographic tokens as an TXT record. Thats not possible on external DNS. A manual update by the user will break the process and generates much of overhead, because the script must wait if the TXT records available - See here: https://github.com/skoerfgen/ACMECert/is...-475924357

By default, the Nameserver configuration for Sentora's DNS ist n1./ns2.$domain.

Thanks for fix some typos, if you like, you can edit these directly on GitHub

[fearworks]

This is only for Wildcards!
The domain must be managed by Sentora's DNS, otherwise the plugin cant manage the _acme-challenges of the domain for validation.External Nameservers are not supported, because when the wildcard certificate will be requested, you must add cryptographic tokens as an TXT record. Thats not possible on external DNS. A manual update by the user will break the process and generates much of overhead, because the script must wait if the TXT records available - See here: https://github.com/skoerfgen/ACMECert/is...-475924357

By default, the Nameserver configuration for Sentora's DNS ist n1./ns2.$domain.

Thanks for fix some typos, if you like, you can edit these directly on GitHub

Ah OK, forgive me. I have not done much with wildcard LE certificates but that makes sense. Perhaps it would be worth adding something to make it clear that this matters only for wildcard certificates?

Keith

[Bizarrus]

Yep, on the next release, i will change this for only wildcards.

The problem is the mechanism:
Single-Domain certificates will be validated over an generated public file, there will placed into /.well-known/. Wildcard certificates will be validated over an TXT entry in DNS, because only the real domain owner has access to it.

Both processes have different methos. And that is, why the Wildcard process is little bit more tricky as single-domain certs.

[drrob]

Hi, trying to install gives me an error on Centos6:
Parse error: syntax error, unexpected '[' in /etc/sentora/panel/modules/letsencrypt/deploy/install.run on line 7

[Bizarrus]

Which PHP version do you run? Seems, you've run the PHP with very old versions under 5.4/5.6