Closed shmaltz closed 3 weeks ago
Can you show vhost conf and rewrite rules
I got it to work by disabling Cloudflare proxy. Is there any way for it to work if it's enabled?
I am trying to get an SSL for another domain and it's still not working (even though Cloudflare proxy is off).
Here is the info you requested:
VHost Conf docRoot $VH_ROOT/public_html vhDomain $VH_NAME vhAliases www.$VH_NAME adminEmails email@gmail.com enableGzip 1 enableIpGeo 1
index { useServer 0 indexFiles index.php, index.html }
errorlog $VH_ROOT/logs/$VH_NAME.error_log { useServer 0 logLevel WARN rollingSize 10M }
accesslog $VH_ROOT/logs/$VH_NAME.access_log {
useServer 0
logFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i""
logHeaders 5
rollingSize 10M
keepDays 10
compressArchive 1
}
scripthandler { add lsapi:myuser php }
extprocessor myuser { type lsapi address UDS://tmp/lshttpd/myuser.sock maxConns 10 env LSAPI_CHILDREN=10 initTimeout 600 retryTimeout 0 persistConn 1 pcKeepAliveTimeout 1 respBuffer 0 autoStart 1 path /usr/local/lsws/lsphp82/bin/lsphp extUser myuser extGroup myuser memSoftLimit 2047M memHardLimit 2047M procSoftLimit 400 procHardLimit 500 }
phpIniOverride { php_admin_value open_basedir "/tmp:$VH_ROOT" }
module cache { storagePath /usr/local/lsws/cachedata/$VH_NAME }
rewrite { enable 1 autoLoadHtaccess 1 }
context /.well-known/acme-challenge { location /usr/local/lsws/Example/html/.well-known/acme-challenge allowBrowse 1
rewrite { enable 0 } addDefaultCharset off
phpIniOverride {
} }
vhssl { keyFile /etc/letsencrypt/live/domain.com/privkey.pem certFile /etc/letsencrypt/live/domain.com/fullchain.pem certChain 1 sslProtocol 24 enableECDHE 1 renegProtection 1 sslSessionCache 1 enableSpdy 15 enableStapling 1 ocspRespMaxAge 86400 }
Rewrite Rules
RewriteEngine On RewriteCond %{HTTP_HOST} ^www.(.)$ RewriteRule ^(.)$ http://%1/$1 [L,R=301]
Disable open_basedir protection, it should be fine.
Thank you @usmannasir. Can we add a feature to automatically turn off and on open_basedir protection when renewing SSLs?
Also, when the SSL fails, can you please make it show an error, because currently it says it renewed successfully even when it fails. It would be nice to also be able to get an email when it fails to renew.
Thank you!
I'm using v2.3.5, and when I try to issue an SSL to a website, even when SSL fails to get issued, it still says it succeeded. It should instead say it failed, and it should show the error message.
Also, I noticed my SSLs never auto renew, and I have to do it manually. Is it supposed to be this way, or am I supposed to set up a cron?