Beiträge von ñull

Manuell geht das schon aber ich würde gerne wissen wie man es automatisiert.

I think the idea behind Let's Encrypt was that no-one would need to be without certificate and therefore they donate the certificates. However LE is not that easy to implement, and some would still go without valid certificate to save money. That must have been also the reason why LC supports it, to make it easier to implement.

I wonder therefore why Let's Encrypt certificate management is not available in Basic license and that you have to spend some 7€/month more for Standard license, bringing it again out of reach for many users. In comparison for the price difference of €84 per year you can have either an extensive certificate or you can buy a longer validity. Also the disappointment effect of discovering that LC supports it but then seeing the price that is needed.

That is contrary to the idea of LE. Could you please reconsider this matter? In line with the reasoning to make certificates easy and available for all, wouldn't it be more logical to make it available in all LC licenses? It might give you even a boost in sales when you can market Basic as the most affordable control panel supporting Let's Encrypt!

I don't have a problem that there is a MX record. I do have problem that I cannot override it per domain. In principle this domain needs MX service but not with the local mail server. I don't want it to disappear, I want to override automatic (hidden) behaviour and change the MX to another. If the automatic behaviour would write the MX in the DNS manager then I could change it, but now it is hidden I felt obliged to report this as my complaint.

When you have a mail server with the name mx123.thisserver.com, then with active DNS management, every domain you add to this machine will automatically have mx123.thisserver.com as default MX record that will be visible in the zone file or with this query

dig thisserver.com @localhost mx

Please change this imposing behaviour to default behaviour. A way to do it is by changing from "Custom DNS records" TAB to "DNS Records" and show there the proposed MX record editable. This would allow us to put a different mailserver per domain, more my idea of management.

Small exceptions like this now generate a lot of extra administration time or simply not using LC to manage the DNS at all. This cannot be the intention of the author.

Had to do with bootstrapping ns A and AAAA registers. Bind kept asking for these records and the bind failure also interrupts the rewriting of the bind configuration.

bind.LOCALOPTIONS = {
['allow-recursion'] = "{ trusted; xx.xx.xx.xx; }",
['also-notify'] = "{ xx.xx.xx.xx; }"
}

This does seem to be picked up by the lua script.

When a user saves his password (securely in a encrypted container) in the browser then the OTP will cause the save password dialogue to pop-up every time you log-in. To prevent this I think the OTP should be in a separate field, not appended to the MTP (=More Time Password).

I think I must retract this question. I notice now you can create a certificate at admin level and then assign it to a reseller's end user, which apparently in this case I did. I changed the end user instance of this certificate from Start SSL to Let's Encrypt, but I should have done that on admin level. I tried now to do it on admin level and it seems to have "taken over" the certificate management although there could be a conflict there.

First of this seems all very confusing and at end user level it should be clearer who in fact really owns the certificate. When admin made certificate then I thing the end user should not be able to touch it or when he does, it should break the dependency chain (remove it from admin).

Secondly I think it should be clearer in the user interface what is really going on here. On the end user side I could not see that the certificate in fact was made on admin level and assigned to the end user (you can only see this on the admin side). This lead me to make the mistake.

I cut and paste the certificates from end user to admin now and it was accepted and then enabled the ACME management on it. I don't know if Let's Encrypt will now accept that management was taken over by the new ID. If this is not possible without errors, LC should warn me or make it impossible to do so (instructing me how to do it right). I then disabled the ACME management at the end user side. I now wait and see what happens next renewal attempt, if it will error out because of ID change.

I created a ACME managed certificate for domain mail.example.com of User A but now I want to use it as mail server certificate. This is impossible because the admin user is not owning and therefore cannot see the certificate of user A. Obviously I want the certificate to work now and being updated automatically when it expires (the old one is expiring soon).

What is the appropriate procedure to migrate this certificate to the admin account where I can then use it as mail server certificate? What happens when I delete the certificate? Can I then request the same domain again under the Admin account? Or will it be revoked / blocked until expiry?

Please note that this is not only moving ACME certificate from one subscription to another but also from one LE ID to another. LC does not allow to re-use a LE ID between different subscriptions, which I experience as a great disadvantage.

As company I manage admin, my clients under a reseller account and my hosting domains under a normal hosting account. In this set up I would need only one Let's Encrypt ID for all my certificates, but LC does not allow me and tells me the ID is already in use.

I would like the Certificate management to be centered around the Let's Encrypt ID, not around the LC subscription. Now I have several different LE IDs in several contracts and they cannot be used between each other. The whole questions I ask here are a result of this.

Sometimes you don't want to put a personal first and last name when the contact is a company. However in the list of users the company name never appears. The user name for security reasons might not clearly identify the company, nor the name of a person.

Could you please do something to improve this? May be you could also list the company name when the associated Contact Type is "Company/Organisation"?

inet_protocols configuration is in fact correctly used by LC and I oversaw that. Except for SPF (DNS still propagating) all seems ready after I followed your suggestion. Already delivered to Gmail via IPv6. Thanks for your encouragement!

Effectively. I manually added smtp_address_preference = ipv4 and from then on emails arrived normally like before.

In LC mail server setting I see the select box outbound IPv6 address. One of the options is no outbound IPv6 I would expect that then smtp_address_preference = ipv4 is added to /etc/postfix/main.cf but I cannot find it there. I believe my mails are marked spam because recently ipv6 was activated on my vServer and may be postfix is using IPv6 now.

See also http://serverfault.com/questio…ix-use-ipv6-and-when-ipv4

There is a minor inconvenience and confusion for users when they add a new database. Just before submitting the form the user remembers that the database should be created under another subscription. Apparently the javascript counts on it that you follow the top-down order when filling out the form. When you change the subscription the other field content remains unchanged, which is good, but then the save button is greyed out! Apparently it "believes" that you should still fill out the other fields, but they are already, because the user simply decided to change the entry order, just correcting one error, namely the subscription.

The work around is that you add one character to the user name and then delete the added character again. The javascript will see the entry, validate the form and the save button becomes active. The fix would be that the form is not only validated when the text forms changed, but also when subscription changed.

Every time a new domain zone is created by LC, I need to manually create the zone on a secondary DNS servers. Is there no easy way to at least run some custom bash scripts every time a zone is created and deleted? That would be very helpful. My understanding of LUA script is not sufficient to suggest any solution.

I have this overriden in custom.lua:

function LC.users.addUser(user, group, home, shell)


  LC.log.print(LC.log.INFO, "Adding system account '", user, "'")


  if shell == "sh" then
    shell = "/bin/bash"
  elseif shell == "scponly" then
    if LC.fs.is_file("/usr/bin/rssh") then
      shell = "/usr/bin/rssh"
    else
      shell = "/usr/bin/scponly" 
    end
  elseif shell == "nologin" then
    if LC.fs.is_file("/sbin/nologin") then
      shell = "/sbin/nologin"
    else
      shell = "/usr/sbin/nologin" 
    end
  else
    shell = "/bin/false"
  end


  if LC.distribution.family == "Debian" then
    useradd = "/usr/sbin/useradd -m -d " .. home .. " -g " .. group .. " " .. "-s " .. shell .. " " .. user
  elseif LC.distribution.family == "SunOS" then
    useradd = "useradd -m -d " .. home .. " -g " .. group .. " " .. "-s " .. shell .. " " .. user
  elseif LC.distribution.family == "RedHat" then
    useradd = "/usr/sbin/useradd -m -d " .. home .. " -M -g " .. group .. " " .. "-s " .. shell .. " " .. user
  elseif LC.distribution.family == "SUSE" then
    useradd = "useradd -m -d " .. home .. " -g " .. group .. " " .. "-s " .. shell .. " " .. user
  elseif LC.distribution.family == "BSD" then
    useradd = "pw useradd " .. user .. "-m  -d " .. home .. " -g" .. group .. " -s" .. shell .. " -c ''" 
  elseif LC.distribution.family == "Gentoo" then
    useradd = "/usr/sbin/useradd -m -d " .. home .. " -g " .. group .. " " .. "-s " .. shell .. " " .. user
  end


  local rc = LC.exec(useradd)


  if rc ~= 0 then
    return false, "Error while adding user '" .. user .. "' (exit code: " .. rc .. ")"
  end


  if LC.hooks then
    LC.hooks.check("LC.users.addUser", user, group, home, shell)
  end


  return true


end

Could you please add this feature to users.lua in a next release? It is very useful because it will allow us administrators to use the /etc/skel to set some desired defaults, like relocating the HOME to priv etc.

Thank you!

Zitat von kk

It's up and running again.

By the way: thank you for your translations!

I'm used to open source and I gladly keep my promise to maintain my translations up-to-date as a small contribution to this unique hosting control panel.

I wanted to update Spanish and Dutch translation but got the 502 error.

Zitat von Beichti

Look to http://sfwall.de, here you find the Spam Firewall for incomming or for outgoing spam.

Outgoing is to expensive for me, sorry!

In the Wiki I find the instructions to migrate from Liveconfig using SQLite to using MySQL. I experience a problem in the third step:

Zitat

Schritt 3: Import der Daten
Importieren Sie nun die in Schritt 1 exportierten Daten in MySQL:

$ mysql -u liveconfig -p -h localhost LIVECONFIG < /root/dump.sql
Enter password: ************

I get the error ERROR at line 91: Unknown command '\\'. Line 91 is a very long line beginning with

INSERT INTO APPTEXTS (AT_ID, AT_REV, AT_APPID, AT_LANG, AT_TITLE, AT_DESC_SHORT, AT_DESC_LONG, AT_VENDOR_URL) VALUES

and it continues with all the values on the same line. 91. Likely the script lcdbdump needs some correction to avoid long long lines?