search

ddavness / power-mailinabox

A Mail-in-a-Box with extra capabilities and more customizability. Not just for power users!
Creative Commons Zero v1.0 Universal
172 stars 32 forks source link

v56.5 Install Certificate button broken? #55

Open nameduser0 opened 2 years ago

nameduser0 commented 2 years ago

When I go to the TLS (SSL) Certificates page and try the Install Certificate button, nothing appears to happen except the page scrolls to the top?

Version: v56.5

Is this supposed to request and install a Let's Encrypt certificate?

I prefer doing each cert separately rather than the Provision button because there are domains in the list that are dealt with elsewhere on the server (I have a frontend nginx proxy outside the container).

Workaround: From the power-maininabox git working copy run: management/ssl_certificates.py <domain name>

Not sure if this was caused by the refactor? https://github.com/ddavness/power-mailinabox/pull/41

ddavness commented 2 years ago

But it is working for me, though? I'll need more information to reproduce the issue. _(To be able to get the button again - delete all files in /home/user-data/ssl/ except the /home/user-data/ssl/lets_encrypt/ folder, also delete all files in /etc/nginx/conf.d/, then re-run the setup accordingly)_

image

I prefer doing each cert separately rather than the Provision button because there are domains in the list that are dealt with elsewhere on the server (I have a frontend nginx proxy outside the container).

I recognize that as an niche-ier use-case (as the majority will definitely want to provision the certificates on all domains), but I'd probably accept a PR for it regardless. You can't go wrong with multiple ways to be able to do something important. :)

nameduser0 commented 2 years ago

So is the Install Certificate button linked with the external cert import form at the bottom?

ddavness commented 2 years ago

Ah... hold up - we were talking about different things. The Install Certificate button allows you to import a certificate from somewhere else manually. It's not related to Let's Encrypt.

casesolved-co-uk commented 2 years ago

I recognize that as an niche-ier use-case (as the majority will definitely want to provision the certificates on all domains), but I'd probably accept a PR for it regardless. You can't go wrong with multiple ways to be able to do something important. :)

Yeah I've just run into problems with this. I think it's a massive problem that if one host fails in a dns zone, the server refuses to provision anything.

It's a bit of a problem to fix though, because it tries to auto-provision anything that resolves to the server. It really needs an external request for each hostname.

I think a good fail-safe measure would be to do a second letsencrypt provision pass which excludes any failed hosts. So we'd essentially be using letsencrypt to do the external request check. If all hosts pass for a zone, the 2nd pass would be skipped. What do you think?