Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - devloraa

Pages: [1] 2
1
CentOS 7 Problems / /cwpsrv/conf
« on: November 01, 2024, 07:35:28 PM »
I am wondering how the files located in
/usr/local/cwpsrv/conf
are managed.
I have noticed that if I change something in one of those files, especially apache related. The modification will not take effect unless I reboot the server.  My guess is that there is some build at one point ( at boot time for sure , but maybe some other way to trigger this build).
Am I wrong?
My goal is to protect pma behind a .htpasswd file, but will the .conf file be overridden on updates?

Thank you

2
As I point out, the folder /root/.acme.sh/cwp_certs, was the key here.

After reading the log file in /root/.acme.sh/acme.sh.log , it is clear to me (it would need confirmation from someone who really knows how cwp handle cert with acme.sh), that the parameter "home" in the cron task, indicates to acme.sh where to start is renewal work.

Code: [Select]
/root/.acme.sh/acme.sh --cron --home /root/.acme.sh/cwp_certs > /dev/null
Every domain has its own folder in cwp_certs folder. In every of these folders, there is a file that ends ending with .conf (ex: www.mydomain.com.conf).
In these files, you'll find many var, some of them are used by acme.sh to decide if it will or not, renew the domain.

Quick fix :
Go to the folder given as parameter 'home' to the cron task, and delete the folder of the domain.

This is not a bug fix.

CWP should have deleted these folders when we removed the domain from CWP panel.  This is the bug, and the provided "fix" does not repair the bug.

3
Hello,
for the record, I have never doubted the certificates were located there.

My point is, acme.sh does not base is renew to do list on the files in this folder.

Thank you for trying, I'll post the fix when I found it .

4
LP Jon,
I don't think you are talking about the same problem that I have, because this is not a DNS problem I have.
Please provide more details if I misunderstood or remove your comment so the thread stay clean.
Thank you

5
Starburst,
acme.sh must check a list of the domain to renew. It is definitely not based on the file in the folder you mentioned, because the files are not there and acme.sh still try to renew the cert for the domain.

This list of domains that acme.sh renew is managed by CWP, I have never touched any settings linked to acme.sh/let's encrypt outside of the interface provided by CWP.  I have never called acme.sh directly from the command line neither.

How does CWP tell acme.sh to generate a certificate (and to renew it)? That would be a good starting point for me to find and remove these domains from acme.sh config, and help others who'll end up in the same situation.

Edit:
Additionnaly, I see that folders of the probelamatic old domain still exsits in /root/.acme.sh/cwp_certs
So cleeearly there is something going on with cwp.
Rejecting the fact that this is not a cwp bug was not the right answer.


6
The cert does not exists in the folder, thus I can't delete them, thus this does not fix the problem.

7
Hello,

Where would be located those files on the server?

Why would I need to restart the web browser for something that happens in a cron job on the server?  This makes me think I am still not understood.

8
Hello,
thank you for your answer but, respectfully, you do not understand the problem.
The domain does not exist anymore, I removed it. There is no domain pointing to the server, because there are no more of this site. It’s down. Out. We won’t ever use it again.

The problem : Let's encrypt try to renew a domain that does not exist.  It's OK it fails, the domain do not exist and do not point to the server. 
What should happen (and what is not happening) : Let's encrypt stop trying renewing any certificate of a domain that is removed from cwp.

Hopefully I have manage to explain the problem clearerly now?

9
Hello,
I don't manage DNS with CWP, they are all manage outside the server, and they point to the server.
I could give you a domain, but it won't exist anymore, that's the point.  Still need one?

Just to make sure I was clear enough :
- Domain was pointed to the server, the certificate was working.
- Delete the domain from the DNS, and remove the domain from CWP. 
- Let's Encrypt try, and fail (because the domain is not pointed to the domain anymore) to renew the cert.

10
Lately, I have started to receive some logs by mail about acme.sh trying to renew certificate that no longer exists on the server.
Every domain, or subdomain that I removed, that previously was previously on the server with Let's Encrypt certificates to autorenew, will fall into that bug.
This is the log I receive, for every domain or subdomain falling into that situation.

[Wed Mar 20 00:17:12 EDT 2024] Invalid status, [domain_name]:Verify error detail:no valid A records found for  [domain_name]; no valid AAAA records found for  [domain_name]
[Wed Mar 20 00:17:12 EDT 2024] Please check log file for more details: /[complete_path_to]/acme.sh.log
[Wed Mar 20 00:17:13 EDT 2024] Error renew  [domain_name].ca_ecc.

Two things here
1-it's a bug and should be fixed.
2-What should I do to prevent acme.sh trying to renew these certs?

CWPpro version: 0.9.8.1177 |


Thank you

11
Information / Monit alert - upoload byte exceeded public
« on: May 12, 2021, 01:57:32 PM »
Hi there,
I am confused about that message, and I can't find any doc anywhere.
CWP PRO have monit monitoring activated.
I keep receiving this email

My question is. What does "upload" means.

Does it mean the server itself is uploading data somewhere else?
Or
does it mean someone somewhere is uploading data TO the server.

Thanks.
_______________

title : monit alert -- Upload bytes exceeded public

Upload bytes exceeded Service public

 Date: [alert date]
 Action: alert
 Host: [My Server address]
 Description: total upload [some gigabyte] GB matches limit [upload rate > 1 GB in last 1 hour]

Your faithful employee,
Monit

_______________-

12
CWPpro version: 0.9.8.979
Distro Name: CentOS Linux release 7.6.1810 (Core)
Kernel Version: 3.10.0-957.12.1.el7.x86_64
Platform: x86_64 kvm

Only way to access anything on the machine when csf is running is by whitelisting ips.
If the  0.0.0.0/0 whitelist was overridden by blacklisted IPs.  I wouldn't mind whitelisting all IPs, but that's not the case.

13
CentOS-WebPanel Bugs / NEW Backup (beta) - found a bug
« on: May 22, 2020, 06:47:06 PM »
I have set up an automatic backup daily "Per Package".
When I run it Manual, all accounts in the package are backed up.
But when the automatic execution runs, it always, only the first account of the selected package that is backed up (order by the account name­), no email is sent.

I know it's beta, I am not complaining, but Betas are meant to be broken ;).

Love CWP, will never switch to something else.

14
Found anything on that?

15
Backup / Re: remote backup-> only folder created
« on: August 01, 2018, 04:07:32 PM »
Thank you with the log I was easily able to see that my backup server did not had rsyn installed!


Pages: [1] 2