Comments (33)
For the Let's Encrypt issue, is becuase UI will not send CA name when using placeholder default, and I also though the default acme server in backend will be production LE (but it actually is staging LE)
Line 68 in 83f574e
we can fix it by changing frontend CA name to LE when not exist, or/and change backend default ACME server (it also related to #47), I can submit pr for frontend patch, and should can be merge into 2.6.7.
before then, #61 (comment) workaround can temporary be used (another workaround can be use custom ACME server with LE production url)
For the multidomain issue, is also UI issue, the logic seems not handle when input is multidomain, and it also not remove the button state when error
zoraxy/src/web/snippet/acme.html
Lines 329 to 340 in 83f574e
backend seems ok for multidomain
from zoraxy.
Wow that solved it! I used your second advice, changing to "Custom ACME Server" and then selecting Lets Encrypt again, solved it.
from zoraxy.
Thank you a lot for that fast help! I send you some Coffees :)
I'm really happy to finally use your proxy, coming from NPM.
from zoraxy.
Domains (I also tried with no spaces in the commas):
REDACTED.duckdns.org, jellyfin.REDACTED.duckdns.org, guacamole.REDACTED.duckdns.org, synology.REDACTED.duckdns.org, dashboard.REDACTED.duckdns.org
Matching rule:
REDACTED.duckdns.org
from zoraxy.
@yeungalan Can you take a look at this real quick?
from zoraxy.
Hi @Xpl0itU
Although I am not in charge of the acme module, but from what I see in the source code, it is not possible to use the staging directory unless it is generated via the test case
As you can see here, the link are hardcoded and embedded into the binary
Line 40 in 83f574e
Which is referring to this link
Line 3 in 83f574e
Might I know how you build this binary and what version of Zoraxy you are using?
from zoraxy.
I used the Zoraxy script from here to setup my container
from zoraxy.
Here's the output of zoraxy -info:
root@ct-zoraxy:/opt/zoraxy/src# ./zoraxy -info
{
"Name": "Zoraxy",
"Desc": "Dynamic Reverse Proxy Server",
"Group": "Network",
"IconPath": "zoraxy/img/small_icon.png",
"Version": "2.6.6",
"StartDir": "zoraxy/index.html",
"SupportFW": true,
"LaunchFWDir": "zoraxy/index.html",
"SupportEmb": false,
"LaunchEmb": "",
"InitFWSize": [
1080,
580
],
"InitEmbSize": null,
"SupportedExt": null
}
from zoraxy.
@Xpl0itU Can I see the public key of your cert? I am guessing you didn't setup your root domain TLS certificate correctly and zoraxy is loading its internal dummy cert.
from zoraxy.
Here's some interesting output from the logs:
root@ct-zoraxy:/opt/zoraxy# journalctl -xau zoraxy.service | grep encrypt
Sep 03 11:39:11 ct-zoraxy zoraxy[159]: 2023/09/03 11:39:11 [INFO] Using https://acme-v02.api.letsencrypt.org/directory for CA Directory URL
Sep 03 11:39:12 ct-zoraxy zoraxy[159]: 2023/09/03 11:39:12 [INFO] [*.REDACTED] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/260957064906
Sep 03 11:39:13 ct-zoraxy zoraxy[159]: 2023/09/03 11:39:13 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/260957064906
Sep 03 11:40:37 ct-zoraxy zoraxy[159]: 2023/09/03 11:40:37 [INFO] Using Default ACME https://acme-staging-v02.api.letsencrypt.org/directory for CA Directory URL
Sep 03 11:40:38 ct-zoraxy zoraxy[159]: 2023/09/03 11:40:38 [INFO] [*.REDACTED] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/8078103754
Sep 03 11:40:39 ct-zoraxy zoraxy[159]: 2023/09/03 11:40:39 [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/8078103754
Sep 03 11:54:37 ct-zoraxy zoraxy[159]: 2023/09/03 11:54:37 [INFO] Using Default ACME https://acme-staging-v02.api.letsencrypt.org/directory for CA Directory URL
Sep 03 11:54:38 ct-zoraxy zoraxy[159]: 2023/09/03 11:54:38 [INFO] [REDACTED] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/8078278344
Sep 03 11:55:54 ct-zoraxy zoraxy[159]: 2023/09/03 11:55:54 [INFO] Using Default ACME https://acme-staging-v02.api.letsencrypt.org/directory for CA Directory URL
Sep 03 11:55:55 ct-zoraxy zoraxy[159]: 2023/09/03 11:55:55 [INFO] [dashboard.REDACTED] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/8078292654
Sep 03 12:00:55 ct-zoraxy zoraxy[159]: 2023/09/03 12:00:55 [INFO] Using Default ACME https://acme-staging-v02.api.letsencrypt.org/directory for CA Directory URL
Sep 03 12:00:56 ct-zoraxy zoraxy[159]: 2023/09/03 12:00:56 [INFO] [REDACTED] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/8078352314
And here's the public key:
Modulus (2048 bits):
DC B2 A4 19 58 AE E0 AF 62 7C B7 E3 A8 61 71 0C
22 F8 0A F2 25 4B E6 D1 19 68 6F 0F 94 4F A0 D7
7F 88 E2 B6 47 5E E7 7F DD 56 7E F3 A9 31 A6 8A
84 A7 F2 4F 35 66 6E 44 48 85 A9 CC 7A CC CD EE
EA D2 9F 97 52 26 C3 61 3C 2C 1D 61 44 10 AE 0C
3C D4 89 CF D9 2C 79 AC 97 0C 9F 26 2B C8 F4 9D
87 4D 64 62 8A 37 86 80 6B 76 18 A1 9E 61 D1 3F
0C 21 D0 08 7A 32 87 1C C2 FD 46 0D 7C F2 FA 77
91 D8 E5 44 27 D5 B8 60 06 28 B7 3B 38 1E 4B 98
99 AF 4E CF 6C F0 A5 6B FA 43 EB AA 55 A1 4A 03
4E 9E 21 82 EF 12 AF 21 AD 23 0D 39 FC 1F 95 DB
70 BF B3 DB 3B 14 36 AD 86 CF 5A 94 46 9D FA 29
7B 98 5E EC 7B 32 E6 CF 1D 41 A3 DB 68 02 23 FD
E9 5F 34 C1 2B A5 F9 62 FC F0 7E 29 E1 58 5E FB
9C 37 55 85 9B E6 CA C3 21 60 58 01 A5 4F 6A 87
39 07 55 9A DB F1 AD F0 46 8B 63 69 22 23 4D 9F
Public Exponent (17 bits):
01 00 01
from zoraxy.
@Xpl0itU Thanks for the input. I think this is a much deeper bug in the acme module. I will let @yeungalan take over from here.
from zoraxy.
Any Update here? i'm complete new to this. I got everything up and running, but cant use it, because the certificates are not trusted.
from zoraxy.
@dexer12 Sadly no. None of our collaborator can reproduce this issue without further info. Can you give me the link to your website so I can take a look at it real quick?
from zoraxy.
Sure, you can use mydomain for example right now.
Firefox shows, that its not trusting that page because the certificate is not from a trusted ventor.
let me know if you need any further information
from zoraxy.
@daluntw @yeungalan Can you guys help take a look at this? I think this might be issue caused by the acme section related to recent PRs.
from zoraxy.
Wilco, looks like is json problem
from zoraxy.
Wilco, looks like is json problem
I have taken a look at the json files. It didn't have any recent change that might causes this issue.
The only way a production build can create a stating cert is it got critical error and fallback to the default ACME link (which is the staging directory for Let's Encrypt).
from zoraxy.
@Xpl0itU @dexer12 I have updated the release for v2.6.6.
Can you try download the new release and overwrite the one you have and see if the problem is fixed?
from zoraxy.
I redeployed the docker container let him pull the latest image and renewed the certificate for this domain. But it seems still the same problem. Or should i do it in some other way?
from zoraxy.
@dexer12 Can you try run it natively in your host OS? I guess the docker routine is not updated as it is not a new release.
Alternatively, as I found this is a UI bug, in the CA section, you can pick "Custom ACME server" after the dropdown retracted, open it again to select "Let's Encrypt". It should do the job as well.
from zoraxy.
Wow that solved it! I used your second advice, changing to "Custom ACME Server" and then selecting Lets Encrypt again, solved it.
Cool! This is probably one of the most interesting bug fix method I ever discovered XD
from zoraxy.
Can confirm that the latest 2.6.6 fixes this issue, but now wildcard certificates aren't generated at all, just for the base domain
from zoraxy.
Can confirm that the latest 2.6.6 fixes this issue, but now wildcard certificates aren't generated at all, just for the base domain
I think this is normal as DNS challenge is still in @yeungalan's to-do list. In my personal setup, I apply a cert that contains all of the sub-domains instead of using a wildcard one.
from zoraxy.
That's what I'm currently trying, but it seems to get stuck? No indication of any progress in the logs either
from zoraxy.
That's what I'm currently trying, but it seems to get stuck? No indication of any progress in the logs either
Are there anything in the browser's JavaScript terminal? If no, then it is probably due to networking problems and it is really hard for me debug it remotely for you.
from zoraxy.
No indications in the JS terminal, and I'm next to the router in a gigabit connection, so it's probably not a connection issue
from zoraxy.
No indications in the JS terminal, and I'm next to the router in a gigabit connection, so it's probably not a connection issue
Maybe it is an outbound connection issue or other complex networking issues. If there are no error log from both front / backend terminal, I guess you really need to figure it yourself...
from zoraxy.
Funny thing is, I can generate a single certificate just fine, I can't do multiple, is it done in parallel or sequentially the multi certificate generation?
from zoraxy.
It generate one certificate that contains all of the subdomains instead of running the single generation thing in a loop. Can you show me your settings for multi-domain cert generation?
from zoraxy.
I guess you gonna need to wait for @yeungalan, the original author of the ACME module, to figure it out.
from zoraxy.
Had to generate a certificate for each domain separately as a workaround
from zoraxy.
since the pr merged, we should be ok the closed this one up ?
from zoraxy.
since the pr merged, we should be ok the closed this one up ?
Will close this after the next release ๐๐ป
from zoraxy.
Related Issues (20)
- [BUG] Very high CPU usage HOT 6
- [ENHANCEMENTS] Multiple Subdomains in Single Rule HOT 2
- [BUG] Uptime Monitor shows old port
- [BUG]SMTP without auth HOT 2
- [QUESTION] Wildcard lets'encrypt certificat HOT 16
- [ENHANCEMENTS] SMTP without Auth and port 25
- [ENHANCEMENTS] Dark Theme
- [Help Wanted] Unable to create ACME cert behind opnsense and proxmox HOT 4
- [ENHANCEMENTS] "getting started" in documentation HOT 1
- [ENHANCEMENTS] Multi account accรจs webmin page HOT 1
- [BUG] BAD HANDSHAKE HOT 2
- [BUG] Uptime Page probleme "Downstream proxy server is online with misconfigured settings" HOT 6
- Force Renew SSL Certificate [ENHANCEMENTS] HOT 1
- [BUG]Send X-forwarder-ip or X-real-ip ? HOT 8
- [ENHANCEMENTS] SSH Tunnel Forwarding Management HOT 1
- [ENHANCEMENTS] Restructure the proxy functions HOT 6
- [QUESTION] Redirect domaine and not the subdomain HOT 6
- [ENHANCEMENTS] Add comment to IP whitelist entry HOT 1
- [QUESTION] Difference between/Purpose of Proxy Root and Inbound Port HOT 7
- sudomain with virtual directories [ENHANCEMENTS] HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zoraxy.