froxlor:validate-acme-webroot should be called/exposed outside upgrades as well #1231
Comments
In regards of changing server ip-addresses, see https://docs.froxlor.org/latest/admin-guide/cli-scripts/#switch-server-ip
You mean the acme.sh files in /root/.acme.sh/? It can't if you migrate the froxlor database with you where still valid certificates are in, you've created a inconsistency
Because that's where we've made the directory change...anything after 2.0 should already be converted /var/www/html/froxlor. if you put/re-add older files from another server to /root/.acme.sh/ you again create a kind of inconsistency
The cli script does not re-create the acme-config files, it just corrects the Le_Webroot path
Manually like open each config and fix the path? Or using https://docs.froxlor.org/latest/admin-guide/cli-scripts/#validate-acme-webroot ? |
I... kind of didn't want to "install" froxlor with traces of the old IPs, so I did it in the DB. Which is roughly what the command does as well. (Yes I know it does it more focussed whereas I used the shotgun method)
Yes this folder. Because I noticed Froxlor did not create them (guess because there are valid certs in its own database?), so I was thinking maybe it is missing so I put them in there because they were there (on the old server).
Fair enough.
Manually like a real dingus would do ;-) I didn't know about the valide-acme-webroot until now that I debugged it, I must have missed it when reading the docs (which I actually did!)
But that only happens if you are using apt, no? Because I am using the tarball and it did not move (or made me move) on update, and thus also never changed Le_Webroot either. Old and new server were both on 2.1.4 because I've tried to get as close as possible to the future configuration so the pain (and labour) for actually moving is as little as possible. What would be the right approach to such an endeavour? Like moving servers (maybe also with a newer distro on the target than on the source)? Would it not be at least handy to have a doc page for that? I can help, and I'd be willing to help writing one, but one'd have to point me to the right direction on where to start. |
|
Yes the directory-move is only done when using apt, as you can extract the tarball to wherever you want (and it works, it's not forced to be in /var/www/html/froxlor) And I agree, a docs-page for "Server migration" might be useful. You can contribute here: https://github.com/Froxlor/Documentation |
Is your feature request related to a problem? Please describe.
Just for clarification: I am not sure if that is a feature request or a bug report. I am leaning towards feature request tho because it kind of is my fault that we are where we are. In a way. Kind of sort of. You know.
I have a really old installation of froxlor that started out as syscp. Now over New Year's, I did some server stuff with upgrades and everything. And most of these servers were fresh installs, so I can compare what the defaults in Froxlor are "these days", and I set them to my old install as well.
Then I did the migration thing. For the lack of knowing a better method, I dumped some of MySQL's tables (used a text editor to cut out system users and databases and find-replaced the IPs, froxlor's database (also find-replace IPs), and all that, and when done, I told froxlor to re-create all config files, and have it configure all active (and configured) services. So that seemed easy enough (although a migration tool would be appreciated).
With that out of the way: Now I got a mail from the acme cronjob which fails to access .known_good for some domain that needs renewing. Turns out the problem is that Froxlor moved from
/var/www/froxlorto/var/www/html/froxlor. But in the .conf files for the domains, there still was the oldLe_Webroot=.(I copied over the old files from the old server because apparently, Froxlor also does not re-create them)
So I asked my friend Midnight Commander to look in the files where
Le_Webrootis set or better yet, updated. And it turns out, I have no idea, lol. But I foundFroxlor/Cli/ValidateAcmeWebroot.phpwhich apparently fixes those files. However, it seems to be only called on froxlor update to v2.0.Describe the solution you'd like
I'd like to see that froxlor does re-create acme config files when I click "Rebuild config files". Or on the configuration screen where no acme or SSL is present. But I feel "Rebuild config files" is where it should be as these folders for domains look more like say vhost config files, so it's more or less config files.
Describe alternatives you've considered
I've done this manually now but it is a bit tedious if you have like a non-trivial amount of domains.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: