Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check certificate for expiration #1035

Open
JB1985 opened this issue Jun 4, 2022 · 9 comments
Open

Check certificate for expiration #1035

JB1985 opened this issue Jun 4, 2022 · 9 comments

Comments

@JB1985
Copy link
Contributor

JB1985 commented Jun 4, 2022

Is your feature request related to a problem? Please describe.

I keep having the problem that certificates are not renewed. I just don't know why.

Describe the solution you'd like

A check of the expiry date of the certificates and if a certificate expires in X days send email to the admin.

Describe alternatives you've considered

The alternative would be that the customer report that his certificate has expired and then be angry.

@DaDenniX
Copy link

DaDenniX commented Jun 8, 2022

Would love to have a notification if a certificate didn't get renewed and is only 1-2 days before expiration

@jucajuca
Copy link

jucajuca commented Jul 3, 2022

can confirm the issue. certs are not being renewed

@d00p
Copy link
Member

d00p commented Jul 3, 2022

can confirm the issue. certs are not being renewed

As already discussed on discord and forum, it's acme.sh related. Renew is done by acme and froxlor just synchronizes

@drexlma
Copy link
Contributor

drexlma commented Aug 12, 2022

same problem here

@drexlma
Copy link
Contributor

drexlma commented Aug 12, 2022

workaround: cronjob with mail notification

mysql -u froxlor -pxxxxxxx froxlor -e "SELECT domainid, (SELECT domain FROM panel_domains WHERE id = domainid) FROM domain_ssl_settings where expirationdate < NOW() + interval 5 day" > /opt/docker/expirationdate_ssl

if [ -s /opt/docker/expirationdate_ssl ]
then
	cat /opt/docker/expirationdate_ssl | mail -s "!! SSL expirationdate" [email protected]
	rm /opt/docker/expirationdate_ssl
else
    echo "NO expirationdate_ssl"
fi


@jucajuca
Copy link

I had to

  1. update acme.sh
  2. Th delete the certs in the froxlor panel
  3. Eventually also remove the cert files from amce.sh
  4. renew the certs through the terminal: /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --force

@drexlma
Copy link
Contributor

drexlma commented Aug 12, 2022

I had to

  1. update acme.sh
  2. Th delete the certs in the froxlor panel
  3. Eventually also remove the cert files from amce.sh
  4. renew the certs through the terminal: /usr/bin/php -q /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --force

Yes, I have to do that too. But I will soon build a shell script for this because this problem occurs on several servers and more often.

@d00p
Copy link
Member

d00p commented Aug 12, 2022

Froxlor automatically runs acme.sh --upgrade before issueing / synchronizing certificates, see https://github.com/Froxlor/Froxlor/blob/master/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php#L633

@drexlma
Copy link
Contributor

drexlma commented Aug 19, 2022

my Workaround

<pre><?php
// https://github.com/Froxlor/Froxlor/blob/master/doc/example/create_customer.php
$accessip = 'xxx.xxx.xxx.xxx';
$lifetimecheck = 60*60*24*7;

if($_SERVER['REMOTE_ADDR'] != $accessip){
	die('no Access!');
}

require __DIR__ . '/doc/example/FroxlorAPI.php';
$fapi = new FroxlorAPI('https://froxlor.your-host.tld/api.php', 'your-api-key', 'your-api-secret');


$fapi->request('Certificates.listing');

if (! empty($fapi->getLastError())) {
	echo "Error: " . $fapi->getLastError();
	exit();
}

$request = $fapi->getLastResponse();


foreach($request['list'] as $cert){
	$timetodie = strtotime($cert['expirationdate'])- time();
	
	if($timetodie < $lifetimecheck){
		
		$fapi->request('Certificates.delete', array('id' => $cert['id']));
		#print_r($fapi->getLastResponse());
		echo "[Warning] ";
		#exit;
	} else{
		continue; // Optional
		echo "[OK] "; // Optional
	}
	echo "(#".$cert['id'].") ".$cert['domain'] .' '.$timetodie;
	
	echo "\n";
	
	
}
echo 'finish';

php /var/www/froxlor/scripts/froxlor_master_cronjob.php --letsencrypt --debug

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants