Posts by rcrave

    Hi folks,


    I recently received the following email from Let's Encrypt, about one of my servers not managed by i-MSCP:


    The linked article about certbot very strongly suggests that the minimum certbot version should be at least 0.28.0, and the latest version of certbot is in fact 0.30.2.
    However, the version installed by the Let's Encrypt plugin is 0.26.1.


    I realize that i-MSCP already uses the http-01 challenge, so the tls-sni-01 deprecation does not affect my i-MSCP server in that way. But I wanted to ask if it would make sense to update certbot to the newest version manually, or if maybe a new version of the LE plugin that includes the latest certbot is on the horizon anyway.


    Thanks in advance for your help. :)

    Note to the moderators: I hope I'm in the right section with this thread. Apologies if I'm not.


    The title says it all, really. I found out the hard way today that for some reason, on some of my older servers, I still had NJABL configured as one of the DNS blocklists. Wikipedia says:

    Quote

    As of March 1, 2013, NJABL is in the process of being shut down. The DNSBL zones have been emptied. [...] As of Jan 2, 2019, the domain name njabl.org was set to expire and dns servers were switched to tucows autorenew servers which would cause any lookups by servers still not having removed the configuration to have rejections.

    So if you still have NJABL in your DNSBL settings, your servers are now much more likely to reject valid messages as SPAM. To spare yourself angry calls from customers, remove NJABL from your policyd-weight.conf. It's not coming back.

    Hi community,


    I am looking for a way to set custom PHP.ini settings per domain. I know i-MSCP allows me to set a few choice settings via the GUI, but I need to set other things – like extending open_basedir and include_path, or setting default_charset for a legacy application. I also know that I can set these settings server-wide by adding them to i-MSCP's template files, but they really only should apply to some domains.


    So far, I've just set these settings by putting them into the respective files (like /etc/php5/fpm/php.ini and /etc/php5/fpm/pool.d/[domain].conf), and restoring them whenever i-MSCP overwrote them, but clearly that's not a long-term solution.


    Is there a way I can set these custom per-domain PHP.ini settings permanently?

    Hi everyone,


    I've noticed an issue when installing the Let's Encrypt 3.0.0 plugin in the following environment:

    • i-MSCP 1.3.16
    • Debian Jessie, all packages up-to-date

    After installing the Let's Encrypt plugin, I tried to request a cert for one of the domains in that i-MSCP instance and its www subdomain. Certificate issue failed with the message "Challenge failed for all domains."


    Inspecting Apache's access logs revealed that the challenge requests from Let's Encrypt's certificate system went to the domain's normal VHost instead of the plugin's special ACME VHost. Restarting Apache, then trying again to request certificates resolved the issue.


    This brings me to the following improvement suggestion: Please either make the Apache2 Restart part of the Let's Encrypt plugin's install script or mention it in the plugin's readme file.


    Thanks for this great plugin! :)

    Hi,


    I'm standing in front of a bit of a puzzling problem currently.


    I was able to generate a LetsEncrypt certificate for the panel as well as a customer domain. However, generating a certificate for the services domain fails with the following error status:



    Things I tried to resolve the issue:
    - Rebooting the machine, just to do a sanity check
    - Removing a customer account that had the same domain assigned to it as the services domain


    Tried to get a certificate issued again after each of these, but that didn't help.


    Environment info:


    OS: Debian Jessie (8.6), last dist-upgrade was today
    i-MSCP version: 1.3.14
    LetsEncrypt plugin version: 2.0.5


    I'm kind of stumped on what else to try. Would appreciate any help you folks can give me. :-)