This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

[Module] Let's Encrypt
#31
RE: [Module] Let's Encrypt
(03-25-2019, 06:11 PM)Bizarrus Wrote: Yep, on the next release, i will change this for only wildcards.

The problem is the mechanism:
Single-Domain certificates will be validated over an generated public file, there will placed into /.well-known/. Wildcard certificates will be validated over an TXT entry in DNS, because only the real domain owner has access to it.

Both processes have different methos. And that is, why the Wildcard process is little bit more tricky as single-domain certs.

So far everything seems good with the latest release. I have not had a reason to try the wildcard certificates yet, and none of the certificates I have created have renewed themselves yet - I wouldn't expect them to yet Smile

I am looking at the source to see when the certificates will renew, but my brain hurts so can you tell me?

Keith.
Reply
Thanks given by:
#32
RE: [Module] Let's Encrypt
Check the OnDaemonRun.hook.php, Method: renewCerificates, second on the daemon logile/output.

/var/sentora/logs/daemon-last-run.log:
Quote: START Let's Encrypt Config Hook.
Renewing certificates...
Checking certificate for *************
Checking certificate for *************
Checking certificate for *************
Checking certificate for *************
Valid until: 06/22/2019 - 18:56:42
In Days: 85
Checking certificate for *************
Valid until: 06/21/2019 - 20:31:46
In Days: 84
Checking certificate for *************
Valid until: 06/22/2019 - 18:56:45
In Days: 85
Skipping Wildcard certificate for *************
Checking certificate for *************
Checking certificate for *************
Valid until: 06/22/2019 - 18:56:47
In Days: 85
Checking certificate for *************
Valid until: 06/22/2019 - 18:56:50
In Days: 85
Checking certificate for *************
Valid until: 06/24/2019 - 20:25:31
In Days: 87
Check Wildcard Requests...
Requesting Wildcard certificate for *************
ACME Challenges currently not deployed!
Check TLD List cache...
> fetch TLD List from https://publicsuffix.org/list/public_suffix_list.dat
> local cache file time: 03/29/2019 - 11:40:02
> is cache expired? No
> has the online list changes? No
> Finished.
job 1083 at Fri Mar 29 13:10:00 2019
Apache reload: suceeded
END Let's Encrypt Config Hook.

Domains are provided here as ************* for privacy policy Smile

Take a look each Day, you will see, that the log-entry "In Days: 85" will changed. If you won't wait for ~90 days (that's the maximum of lifetime), you can change the condition of Line 86 (https://github.com/Bizarrus/Sentora-Lets...ok.php#L86) to false (for sample, change the < to >) for testing purposes.
Reply
Thanks given by:
#33
RE: [Module] Let's Encrypt
(03-30-2019, 03:15 AM)Bizarrus Wrote: Check the OnDaemonRun.hook.php, Method: renewCerificates, second on the daemon logile/output.

/var/sentora/logs/daemon-last-run.log:

Domains are provided here as ************* for privacy policy Smile

Take a look each Day, you will see, that the log-entry "In Days: 85" will changed. If you won't wait for ~90 days (that's the maximum of lifetime), you can change the condition of Line 86 (https://github.com/Bizarrus/Sentora-Lets...ok.php#L86) to false (for sample, change the < to >) for testing purposes.

I do indeed see the entry in the daemon log Big Grin

May I suggest adding an admin option to select how many days before certificate expiry the renewal is performed? Perhaps within a limit so users cannot just put any number of days?

I know that quite a few commercial Let's Encrypt services will renew before expiry so that if there are any problems it has not been left until the "last minute" to sort it out. On my Windows servers with IIS I use:

https://github.com/PKISharp/win-acme/

which is a fantastic application and highly recommended for anyone who uses Windows. They have a default renewal of 55 days I think, so the certificates renew just before they are 2 months old. I personally feel this is too soon but users can change this and define their own renewal period. I would probably feel comfortable with a renewal attempt at 83 days, so approx. 7 days before the certificate expires, which gives me a week to sort out any possible issues.

Do you think it would be worth adding, maybe, a dropdown selection in the admin settings to select after how many days the certificate renews? For example, renew at 60 days, 70 days, 80 days, 90 days options?

It is sad to see that not many people have shown an interest in your module as I think this has been one of the most requested features in recent times for Sentora. I think news travels slowly in the world of Sentora these days but it WILL travel eventually and I think slowly, people will pick up on your module and realise how useful it will be.

P.S. I like the way the TLD operations work. I had my doubts about this but you have automated the process so that the list of TLDs stays up to date so I am very impressed with your work!

I wonder what @TGates makes of this? I know he was working on a module for LE but I think his time is limited so I am sure he will be relieved that there is someone else who has found the solution. I am sure he will also be very happy to see your activities as they will surely help keep the Sentora community alive!

Many thanks for your time and efforts!

Keith.
Reply
Thanks given by:
#34
RE: [Module] Let's Encrypt
Yeah sure, that a great idea Smile Im currently not finished with the wildcard certificates. I will see to it that I process the whole ToDo as quickly as possible.

It is also possible that I rearrange the classes (especially from the controller), because this is getting a bit confusing. Then updates are a bit easier to incorporate.

I already had contact with the maintainer of the ACMECert class. There was also an update here, where the wildcard certificates are encapsulated, so that they can be checked via DNS before. This simplifies deploying enormously, even if it was just a small change!

Another idea (for problems) is, to add an sepeate logfile for the module. Later i will add some logfile viewer on the administration.  This makes it easier to solve problems without having to search for logfiles explicitly via the shell.
Reply
Thanks given by:
#35
RE: [Module] Let's Encrypt
(03-30-2019, 06:35 PM)Bizarrus Wrote: Yeah sure, that a great idea Smile Im currently not finished with the wildcard certificates. I will see to it that I process the whole ToDo as quickly as possible.

It is also possible that I rearrange the classes (especially from the controller), because this is getting a bit confusing. Then updates are a bit easier to incorporate.

I already had contact with the maintainer of the ACMECert class. There was also an update here, where the wildcard certificates are encapsulated, so that they can be checked via DNS before. This simplifies deploying enormously, even if it was just a small change!

Another idea (for problems) is, to add an sepeate logfile for the module. Later i will add some logfile viewer on the administration.  This makes it easier to solve problems without having to search for logfiles explicitly via the shell.

Just wondering how you are getting on with this module?

Keith.
Reply
Thanks given by:
#36
RE: [Module] Let's Encrypt
(03-23-2019, 04:22 PM)Hi, did u found any solution ? i had the same issue HTTP ERROR 500 trying to access to letsencrypt module on sentora panel.thanks u in advance  Ron-e Wrote: i don't have much time to test why but i get a HTTP ERROR 500 on one of my servers.
CentOS release 6.10 (Final)
Sentora: 1.0.3
Apache Version: 2.2.15
PHP Version: 5.6.39
MySQL Version: 5.5.62
Reply
Thanks given by:
#37
RE: [Module] Let's Encrypt
Please provide some error logs where i can see some problems. Without, i can only puzzle.
Reply
Thanks given by:
#38
RE: [Module] Let's Encrypt
(05-08-2019, 04:00 AM)Bizarrus Wrote: Please provide some error logs where i can see some problems. Without, i can only puzzle.

Hi,

Did you miss my last message?

I asked how you are getting on with this module and the suggestions I made, etc.?

I hope you're still around Smile

Keith
Reply
Thanks given by:
#39
RE: [Module] Let's Encrypt
Install error

Code:
[root@beta ~]# zppy install letsencrypt
Module to be installed letsencrypt
--2019-08-04 14:05:14--  http://sentcrypt.tk/letsencrypt.zpp
Resolving sentcrypt.tk... 185.249.199.122
Connecting to sentcrypt.tk|185.249.199.122|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 100242 (98K)
Saving to: “letsencrypt.zpp”

100%[==========================================================>] 100,242     96.4K/s   in 1.0s

2019-08-04 14:05:16 (96.4 KB/s) - “letsencrypt.zpp” saved [100242/100242]


Parse error: syntax error, unexpected '[' in /etc/sentora/panel/modules/letsencrypt/deploy/install.run on line 7
uninstall error

Code:
[root@beta ~]# zppy remove letsencrypt
Removing "letsencrypt" will delete the module folder and drop any tables used by the module!
Please confirm you want to remove this module? [y/N]y
Removing letsencrypt module..

Parse error: syntax error, unexpected '[', expecting ')' in /etc/sentora/panel/modules/letsencrypt/code/Installer.php on line 28




Can you fix it asap
Reply
Thanks given by:
#40
RE: [Module] Let's Encrypt
Hi,

I have installed the extension. However, getting some error. Please see the screenshot below

https://ibb.co/x82ZFh8

PHP : 5.6

Also can us use PHP 7.3 with this extention?
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
[Module] ELFileManager (build on elfinder) Diablo925 94 289 ,127 05-30-2024, 05:25 AM
Last Post: TGates
[MODULE] phpMyAdmin-AU (Auto-Update) TGates 14 44 ,945 06-15-2021, 06:54 AM
Last Post: TGates
[MODULE] SenBrand - Basic Branding module for Sentora TGates 20 49 ,449 06-04-2021, 11:47 AM
Last Post: ccr1969

Forum Jump:


Users browsing this thread: 1 Guest(s)