This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

[Module] Let's Encrypt
#11
RE: [Module] Let's Encrypt
Additional, i don't provide SSL certs for www. Subdomains.

The problem is (and it is a standard and default behavior), that root domains (e.g. example.com) will be redirected to www.example.com or recursive way (www to non-www). Subdomains doesn't have www. Sub- sub- sub- sub- (you can stretch it long, if you like!) subdomain prefixes. www-subdomains are only from users, there have no experiences or an standard.

Quote:Relying on a third-party list seems a bit unreliable to me - especially as it slowly goes out of date and would need an update...
But here you have no disadvantages. Why? You have an official suffix list from Mozilla - Here you get only changes if ICANN start to publish new TLD's, the file can be cached.

What is your default behavior without these Feature? Yes, you using Regular Expression or check the End of Domain with your knowing TLD's. And if you forgot someone, you must edit these function each time if you register new domain names.

Quote:As Sentora already separates domains from subdomains, surely the above conditional that I suggested could be applied to only domains (and not any subdomains)? Sentora will always add a www alias to any domains added to the system, so why not just follow this behaviour and keep it simple?
Thats a great idea, but on other systems (for sample Debian), here you can curiously add Subdomains as Domain names - That is not that, what the Certcreation want. But i can provide a configuration for that, you can set your option what you want.
Reply
Thanks given by:
#12
RE: [Module] Let's Encrypt
(03-22-2019, 10:30 PM)Bizarrus Wrote: You have an official suffix list from Mozilla - Here you get only changes if ICANN start to publish new TLD's, the file can be cached.

That is exactly what I am talking about - as soon as new TLDs come along, the file is out of date unless everyone downloads an update to your module when that happens, or your module automatically downloads the list each time it runs, which seems wasteful.

Anyway, I am only making suggestions so if you do not think they are valid then ignore them Big Grin

Keith.
Reply
Thanks given by:
#13
RE: [Module] Let's Encrypt
Quote:That is exactly what I am talking about - as soon as new TLDs come along, the file is out of date unless everyone downloads an update to your module when that happens, or your module automatically downloads the list each time it runs, which seems wasteful.

That is, why i had talking about an caching Wink And no, the List is not served by the module, the list will be fetched.
Reply
Thanks given by:
#14
RE: [Module] Let's Encrypt
(03-23-2019, 02:12 AM)Bizarrus Wrote: That is, why i had talking about an caching Wink And no, the List is not served by the module, the list will be fetched.

Ok, I look forward to seeing it in action!

Keith.
Reply
Thanks given by:
#15
RE: [Module] Let's Encrypt
i don't have much time to test why but i get a HTTP ERROR 500 on one of my servers.
CentOS release 6.10 (Final)
Sentora: 1.0.3
Apache Version: 2.2.15
PHP Version: 5.6.39
MySQL Version: 5.5.62

My Sentora DemoMy GithubAuxio Github
Zentora themeS-Type themeCstyleX theme
flat-color-iconssmall-n-flat-icons

Sentora's development takes way too long, so i'm transitioning to HestiaCP.
Reply
Thanks given by:
#16
RE: [Module] Let's Encrypt
You can check the log files. With no informations, i can't help out.

Which apache modules are installed?

My first thought: open basedir restrictions

On simple test with an online sandbox (http://sandbox.onlinephpfunctions.com/) with PHP 5.6.29, i've got following error:
Quote:Warning:  dirname() has been disabled for security reasons in [...][...] on line 2

And i think, that's the problem. I will try to solve these for older PHP versions.

Can you try to modify following lines to solve the problem?
/etc/sentora/panel/modules/letsencrypt/code/controller.ext.php
PHP Code:
// From
require_once(dirname(__FILE__1) . '/ACMECert.php');
require_once(
dirname(__FILE__1) . '/TLD.php');
require_once(
dirname(__FILE__1) . '/LetsEncrypt.php');

// To
require_once('ACMECert.php');
require_once(
'TLD.php');
require_once(
'LetsEncrypt.php'); 
Reply
Thanks given by:
#17
RE: [Module] Let's Encrypt
Here is a status update of the development process with screenshots.

As Admin, you get the Settings-Tab. Here you can edit some configurations, depends on last disscussion's posts by Keith Smile

[Image: le1nujmv.png]

And here are some other screenshots:
[Image: le2j0jll.png]
[Image: le3wvjja.png][Image: le4e9kjx.png][Image: le5zqjgj.png]

The development process of wildcard certificates is currently somewhat ongoing. It will surely take until tomorrow until I release version 1.0.4 here.

Here is the current ToDo list, which will be implemented until tomorrow:
  • [OK] Fix open_basedir restrictions on PHP's require
  • [OK] Adding some admin settings
  • [OK, must be Tested] Create installation/deinstallation/update process
  • [OK] Check TLD by public TLD list or only via database
  • [OK] Create Caching (1 week) for public TLD list (see admin settings)
  • [Not Finished] Create cronjob on Sentora Daemon
  • [OPEN] Remove certificates if domain was deleted
  • [OPEN] Remove all necessary certificate files on revoke
  • [OK] If cert is available, change the displayed text of outdated certs
  • [OK] Adding renewing button on list
  • [OK] Adding renewing process
  • [OPEN] Adding CAA entry on DNS for letsencrypt.org (see CAA Mandated by CA/Browser Forum)
  • [OK] UI: Beautify
  • [OK] UI: adding Tabs for normal certificates and wildcard certificates
  • [OK] UI: change alerts depends on their state (error, info, success,...)
  • [OPEN] Restore domains (and delete certificates) on module deinstallation process
  • [OK] Fix VHost template with chain file for a valid SSL configuration
  • [OPEN] Create autoresolver on Cronjob (before Apache-Reload) to check if mod_ssl defaults listen the port 443
  • [Not Finished] Create Wildcard support
  • [OPEN] If wildcard revoked, delete all VHost settings on subdomains
  • [OPEN] Cronjob: If wildcard created, add VHost settings on subdomains
For version 1.0.5, as upcoming features:
  • User can select if the domain will be redirected to the port (depends on the VHost settings Port OverrideForward Port 80 to Overriden Port)
  • Show & Download generated Certificates
Reply
Thanks given by:
#18
RE: [Module] Let's Encrypt
(03-24-2019, 06:13 AM)Bizarrus Wrote: Here is a status update of the development process with screenshots.

As Admin, you get the Settings-Tab. Here you can edit some configurations, depends on last disscussion's posts by Keith Smile

[Image: le1nujmv.png]

And here are some other screenshots:
[Image: le2j0jll.png]
[Image: le3wvjja.png][Image: le4e9kjx.png][Image: le5zqjgj.png]

The development process of wildcard certificates is currently somewhat ongoing. It will surely take until tomorrow until I release version 1.0.4 here.

Here is the current ToDo list, which will be implemented until tomorrow:
  • [OK] Fix open_basedir restrictions on PHP's require
  • [OK] Adding some admin settings
  • [OK, must be Tested] Create installation/deinstallation/update process
  • [OK] Check TLD by public TLD list or only via database
  • [OK] Create Caching (1 week) for public TLD list (see admin settings)
  • [Not Finished] Create cronjob on Sentora Daemon
  • [OPEN] Remove certificates if domain was deleted
  • [OPEN] Remove all necessary certificate files on revoke
  • [OK] If cert is available, change the displayed text of outdated certs
  • [OK] Adding renewing button on list
  • [OK] Adding renewing process
  • [OPEN] Adding CAA entry on DNS for letsencrypt.org (see CAA Mandated by CA/Browser Forum)
  • [OK] UI: Beautify
  • [OK] UI: adding Tabs for normal certificates and wildcard certificates
  • [OK] UI: change alerts depends on their state (error, info, success,...)
  • [OPEN] Restore domains (and delete certificates) on module deinstallation process
  • [OK] Fix VHost template with chain file for a valid SSL configuration
  • [OPEN] Create autoresolver on Cronjob (before Apache-Reload) to check if mod_ssl defaults listen the port 443
  • [Not Finished] Create Wildcard support
  • [OPEN] If wildcard revoked, delete all VHost settings on subdomains
  • [OPEN] Cronjob: If wildcard created, add VHost settings on subdomains

Looks like you've made some good progress Big Grin

Is this latest version available to download anywhere yet? GitHub shows the latest commit as two days ago.

Keith
Reply
Thanks given by:
#19
RE: [Module] Let's Encrypt
(03-24-2019, 06:17 AM)fearworks Wrote: Looks like you've made some good progress Big Grin

Is this latest version available to download anywhere yet? GitHub shows the latest commit as two days ago.

Keith

The current changes are not stable yet. I will commit these updates tomorrow. The update will be published if i had tested all the functions.

But if you like, i can send you the current files via private message as ZIP package.
Reply
Thanks given by:
#20
RE: [Module] Let's Encrypt
(03-24-2019, 06:19 AM)Bizarrus Wrote: The current changes are not stable yet. I will commit these updates tomorrow. The update will be published if i had tested all the functions.

But if you like, i can send you the current files via private message as ZIP package.

I don't mind waiting until you are ready to release it.

Also, it would be nice if you made the "Adding CAA entry on DNS for letsencrypt.org" optional within the admin settings as some people may not want their DNS messing with without permission Big Grin

I have already modified the DNS Bind module on my servers to include the CAA (TYPE257) certificate in my domain DNS, and I imagine some others may already have this in place too. This is because I have previously been using a manual method of creating and adding Let's Encrypt certificates via SSH, so I needed it in place already Smile

Thanks for your efforts!

Keith.
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
[Module] ELFileManager (build on elfinder) Diablo925 94 289 ,120 05-30-2024, 05:25 AM
Last Post: TGates
[MODULE] phpMyAdmin-AU (Auto-Update) TGates 14 44 ,938 06-15-2021, 06:54 AM
Last Post: TGates
[MODULE] SenBrand - Basic Branding module for Sentora TGates 20 49 ,449 06-04-2021, 11:47 AM
Last Post: ccr1969

Forum Jump:


Users browsing this thread: 2 Guest(s)