how to hide LetsEncrypt menu entry in Client Area?

**fulltilt** · Mar 2nd 2019

- IMSCP: 1.5.3

- Distribution: Debian 9

- Proftpd

- PHP FPM

- MariaDB 10.1

- Dovecot

- Roundcube

- Web2FTP

- Plugins:

PMA Captcha, RoundCubePlugins, SpamAssassin , LetsEncrypt, PHPswitcher

I have to hide LetsEncrypt for the customers, because there is a malfunction somewhere atm.

There are no indications of errors in the debugger and I can not find anything in the logs, maybe Fail2ban, UFW or IP_set blocked the IP addresses of Letsencrypt servers or something else is broken.

Is there's a way to hide the Letsencrypt menu entry for the customers, so they are no longer able to create new certs? (cronjobs for cert renewals should stay).

An incorrectly created certificate crashes my PHPswitcher (PHP Versions) at least 2 times a day and I have to delete and recreate it and all related customers settings. again & again ...

For now I see no other option so I need to hide the menu entry currently I can not perform a reinstallation or upgrade due to illness.

**Nuxwin** · Mar 2nd 2019

You should fix the problem instead of playing too much...

**fulltilt** · Mar 2nd 2019

I use some exernal blacklist scripts (github etc) and it seems that someone (an idiot) added a few letsencrypt IP addresses to the blacklists ... however I have already found one and now it start to work when requesting a new cert.

thanks for reply!

**fulltilt** · Mar 4th 2019

yep, the letsencrypt IP address is blacklisted (Spamhaus SBL-XBL Combined Block List) ... if anyone uses ip-set blacklists you should whitelist 64.78.149.164

http://multirbl.valli.org/lookup/64.78.149.164.html

Code

64.78.149.164 - - [04/Mar/2019:10:14:06 +0100] "GET /.well-known/acme-challenge/spx1448aEpmFztj0kBCis5VLOKgrfjuH8ty28JdYJRA HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
64.78.149.164 - - [04/Mar/2019:10:14:06 +0100] "GET /.well-known/acme-challenge/6TMquHMqNbH6eGIC2WUxwFkdY4t3EtYaoF9tiL3GZmM HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

**Nuxwin** · Mar 4th 2019

Quote from fulltilt

yep, the letsencrypt IP address is blacklisted (Spamhaus SBL-XBL Combined Block List) ... if anyone uses ip-set blacklists you should whitelist 64.78.149.164

http://multirbl.valli.org/lookup/64.78.149.164.html

Code

64.78.149.164 - - [04/Mar/2019:10:14:06 +0100] "GET /.well-known/acme-challenge/spx1448aEpmFztj0kBCis5VLOKgrfjuH8ty28JdYJRA HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

64.78.149.164 - - [04/Mar/2019:10:14:06 +0100] "GET /.well-known/acme-challenge/6TMquHMqNbH6eGIC2WUxwFkdY4t3EtYaoF9tiL3GZmM HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

I'm sorry but this has nothing to do with our plugin... Do you have a FW which rely on Spamhaus SBL-XBL to block an IP? Please elaborate a bit more because I don't get you right.

**fulltilt** · Mar 4th 2019

it's an ip-set blacklist which make use of some major BL too f.ex. Spamhaus ... attacking IP addresses are set to reject and in this case the letsencrypt verification server was blocked. It's not a plugin issue but maybe this information helps when using external blacklists or fail2ban RBL rejects too.

**Nuxwin** · Mar 4th 2019

Quote from fulltilt

it's an ip-set blacklist which make use of some major BL too f.ex. Spamhaus ... attacking IP addresses are set to reject and in this case the letsencrypt verification server was blocked. It's not a plugin issue but maybe this information helps when using external blacklists or fail2ban RBL rejects too.

That's what I wanted to know. Basically put, you have a 3rd-party software which consume external services to seed your netfilter. Doing this can be a bit tedious as you saw. I prefer to blacklist IP addresses based on other euristics than a 3rd-party service like RBL.

Thank you for your explanation anyway.

how to hide LetsEncrypt menu entry in Client Area?

Share

Daily visitors