[Module] Let's Encrypt

[fearworks]

Yep, on the next release, i will change this for only wildcards.

The problem is the mechanism:
Single-Domain certificates will be validated over an generated public file, there will placed into /.well-known/. Wildcard certificates will be validated over an TXT entry in DNS, because only the real domain owner has access to it.

Both processes have different methos. And that is, why the Wildcard process is little bit more tricky as single-domain certs.

So far everything seems good with the latest release. I have not had a reason to try the wildcard certificates yet, and none of the certificates I have created have renewed themselves yet - I wouldn't expect them to yet

I am looking at the source to see when the certificates will renew, but my brain hurts so can you tell me?

Keith.

[Bizarrus]

Check the OnDaemonRun.hook.php, Method: renewCerificates, second on the daemon logile/output.

/var/sentora/logs/daemon-last-run.log:

START Let's Encrypt Config Hook.
Renewing certificates...
Checking certificate for *************
Checking certificate for *************
Checking certificate for *************
Checking certificate for *************
Valid until: 06/22/2019 - 18:56:42
In Days: 85
Checking certificate for *************
Valid until: 06/21/2019 - 20:31:46
In Days: 84
Checking certificate for *************
Valid until: 06/22/2019 - 18:56:45
In Days: 85
Skipping Wildcard certificate for *************
Checking certificate for *************
Checking certificate for *************
Valid until: 06/22/2019 - 18:56:47
In Days: 85
Checking certificate for *************
Valid until: 06/22/2019 - 18:56:50
In Days: 85
Checking certificate for *************
Valid until: 06/24/2019 - 20:25:31
In Days: 87
Check Wildcard Requests...
Requesting Wildcard certificate for *************
ACME Challenges currently not deployed!
Check TLD List cache...
> fetch TLD List from https://publicsuffix.org/list/public_suffix_list.dat
> local cache file time: 03/29/2019 - 11:40:02
> is cache expired? No
> has the online list changes? No
> Finished.
job 1083 at Fri Mar 29 13:10:00 2019
Apache reload: suceeded
END Let's Encrypt Config Hook.

Domains are provided here as ************* for privacy policy

Take a look each Day, you will see, that the log-entry "In Days: 85" will changed. If you won't wait for ~90 days (that's the maximum of lifetime), you can change the condition of Line 86 (https://github.com/Bizarrus/Sentora-Lets...ok.php#L86) to false (for sample, change the < to >) for testing purposes.

[fearworks]

Check the OnDaemonRun.hook.php, Method: renewCerificates, second on the daemon logile/output.

/var/sentora/logs/daemon-last-run.log:

Domains are provided here as ************* for privacy policy

Take a look each Day, you will see, that the log-entry "In Days: 85" will changed. If you won't wait for ~90 days (that's the maximum of lifetime), you can change the condition of Line 86 (https://github.com/Bizarrus/Sentora-Lets...ok.php#L86) to false (for sample, change the < to >) for testing purposes.

I do indeed see the entry in the daemon log

May I suggest adding an admin option to select how many days before certificate expiry the renewal is performed? Perhaps within a limit so users cannot just put any number of days?

I know that quite a few commercial Let's Encrypt services will renew before expiry so that if there are any problems it has not been left until the "last minute" to sort it out. On my Windows servers with IIS I use:

https://github.com/PKISharp/win-acme/

which is a fantastic application and highly recommended for anyone who uses Windows. They have a default renewal of 55 days I think, so the certificates renew just before they are 2 months old. I personally feel this is too soon but users can change this and define their own renewal period. I would probably feel comfortable with a renewal attempt at 83 days, so approx. 7 days before the certificate expires, which gives me a week to sort out any possible issues.

Do you think it would be worth adding, maybe, a dropdown selection in the admin settings to select after how many days the certificate renews? For example, renew at 60 days, 70 days, 80 days, 90 days options?

It is sad to see that not many people have shown an interest in your module as I think this has been one of the most requested features in recent times for Sentora. I think news travels slowly in the world of Sentora these days but it WILL travel eventually and I think slowly, people will pick up on your module and realise how useful it will be.

P.S. I like the way the TLD operations work. I had my doubts about this but you have automated the process so that the list of TLDs stays up to date so I am very impressed with your work!

I wonder what @TGates makes of this? I know he was working on a module for LE but I think his time is limited so I am sure he will be relieved that there is someone else who has found the solution. I am sure he will also be very happy to see your activities as they will surely help keep the Sentora community alive!

Many thanks for your time and efforts!

Keith.

[Bizarrus]

Yeah sure, that a great idea Im currently not finished with the wildcard certificates. I will see to it that I process the whole ToDo as quickly as possible.

It is also possible that I rearrange the classes (especially from the controller), because this is getting a bit confusing. Then updates are a bit easier to incorporate.

I already had contact with the maintainer of the ACMECert class. There was also an update here, where the wildcard certificates are encapsulated, so that they can be checked via DNS before. This simplifies deploying enormously, even if it was just a small change!

Another idea (for problems) is, to add an sepeate logfile for the module. Later i will add some logfile viewer on the administration.  This makes it easier to solve problems without having to search for logfiles explicitly via the shell.

[fearworks]

Yeah sure, that a great idea Im currently not finished with the wildcard certificates. I will see to it that I process the whole ToDo as quickly as possible.

It is also possible that I rearrange the classes (especially from the controller), because this is getting a bit confusing. Then updates are a bit easier to incorporate.

I already had contact with the maintainer of the ACMECert class. There was also an update here, where the wildcard certificates are encapsulated, so that they can be checked via DNS before. This simplifies deploying enormously, even if it was just a small change!

Another idea (for problems) is, to add an sepeate logfile for the module. Later i will add some logfile viewer on the administration.  This makes it easier to solve problems without having to search for logfiles explicitly via the shell.

Just wondering how you are getting on with this module?

Keith.

[andresfmg]

i don't have much time to test why but i get a HTTP ERROR 500 on one of my servers.
CentOS release 6.10 (Final)
Sentora: 1.0.3
Apache Version: 2.2.15
PHP Version: 5.6.39
MySQL Version: 5.5.62

[Bizarrus]

Please provide some error logs where i can see some problems. Without, i can only puzzle.

[fearworks]

Please provide some error logs where i can see some problems. Without, i can only puzzle.

Hi,

Did you miss my last message?

I asked how you are getting on with this module and the suggestions I made, etc.?

I hope you're still around

Keith

[goldenfish]

Install error

Code:

[root@beta ~]# zppy install letsencrypt
Module to be installed letsencrypt
--2019-08-04 14:05:14--  http://sentcrypt.tk/letsencrypt.zpp
Resolving sentcrypt.tk... 185.249.199.122
Connecting to sentcrypt.tk|185.249.199.122|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 100242 (98K)
Saving to: “letsencrypt.zpp”

100%[==========================================================>] 100,242     96.4K/s   in 1.0s

2019-08-04 14:05:16 (96.4 KB/s) - “letsencrypt.zpp” saved [100242/100242]


Parse error: syntax error, unexpected '[' in /etc/sentora/panel/modules/letsencrypt/deploy/install.run on line 7

uninstall error

Code:

[root@beta ~]# zppy remove letsencrypt
Removing "letsencrypt" will delete the module folder and drop any tables used by the module!
Please confirm you want to remove this module? [y/N]y
Removing letsencrypt module..

Parse error: syntax error, unexpected '[', expecting ')' in /etc/sentora/panel/modules/letsencrypt/code/Installer.php on line 28

Can you fix it asap

[vishnupc]

Hi,

I have installed the extension. However, getting some error. Please see the screenshot below

https://ibb.co/x82ZFh8

PHP : 5.6

Also can us use PHP 7.3 with this extention?