how to hide LetsEncrypt menu entry in Client Area?

  • - IMSCP: 1.5.3

    - Distribution: Debian 9

    - Proftpd

    - PHP FPM

    - MariaDB 10.1

    - Dovecot

    - Roundcube

    - Web2FTP

    - Plugins:

    PMA Captcha, RoundCubePlugins, SpamAssassin , LetsEncrypt, PHPswitcher


    I have to hide LetsEncrypt for the customers, because there is a malfunction somewhere atm.

    There are no indications of errors in the debugger and I can not find anything in the logs, maybe Fail2ban, UFW or IP_set blocked the IP addresses of Letsencrypt servers or something else is broken.

    Is there's a way to hide the Letsencrypt menu entry for the customers, so they are no longer able to create new certs? (cronjobs for cert renewals should stay).

    An incorrectly created certificate crashes my PHPswitcher (PHP Versions) at least 2 times a day and I have to delete and recreate it and all related customers settings. again & again ...

    For now I see no other option so I need to hide the menu entry currently I can not perform a reinstallation or upgrade due to illness.

  • You should fix the problem instead of playing too much...

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • I use some exernal blacklist scripts (github etc) and it seems that someone (an idiot) added a few letsencrypt IP addresses to the blacklists ... however I have already found one and now it start to work when requesting a new cert.

    thanks for reply!

  • yep, the letsencrypt IP address is blacklisted (Spamhaus SBL-XBL Combined Block List) ... if anyone uses ip-set blacklists you should whitelist 64.78.149.164

    http://multirbl.valli.org/lookup/64.78.149.164.html


    Code
    1. 64.78.149.164 - - [04/Mar/2019:10:14:06 +0100] "GET /.well-known/acme-challenge/spx1448aEpmFztj0kBCis5VLOKgrfjuH8ty28JdYJRA HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
    2. 64.78.149.164 - - [04/Mar/2019:10:14:06 +0100] "GET /.well-known/acme-challenge/6TMquHMqNbH6eGIC2WUxwFkdY4t3EtYaoF9tiL3GZmM HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"



  • yep, the letsencrypt IP address is blacklisted (Spamhaus SBL-XBL Combined Block List) ... if anyone uses ip-set blacklists you should whitelist 64.78.149.164

    http://multirbl.valli.org/lookup/64.78.149.164.html


    Code
    1. 64.78.149.164 - - [04/Mar/2019:10:14:06 +0100] "GET /.well-known/acme-challenge/spx1448aEpmFztj0kBCis5VLOKgrfjuH8ty28JdYJRA HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
    2. 64.78.149.164 - - [04/Mar/2019:10:14:06 +0100] "GET /.well-known/acme-challenge/6TMquHMqNbH6eGIC2WUxwFkdY4t3EtYaoF9tiL3GZmM HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"



    I'm sorry but this has nothing to do with our plugin... Do you have a FW which rely on Spamhaus SBL-XBL to block an IP? Please elaborate a bit more because I don't get you right.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • it's an ip-set blacklist which make use of some major BL too f.ex. Spamhaus ... attacking IP addresses are set to reject and in this case the letsencrypt verification server was blocked. It's not a plugin issue but maybe this information helps when using external blacklists or fail2ban RBL rejects too.

  • it's an ip-set blacklist which make use of some major BL too f.ex. Spamhaus ... attacking IP addresses are set to reject and in this case the letsencrypt verification server was blocked. It's not a plugin issue but maybe this information helps when using external blacklists or fail2ban RBL rejects too.

    That's what I wanted to know. Basically put, you have a 3rd-party software which consume external services to seed your netfilter. Doing this can be a bit tedious as you saw. I prefer to blacklist IP addresses based on other euristics than a 3rd-party service like RBL.


    Thank you for your explanation anyway.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206