XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Home
    2. peb2
    P
    • Profile
    • Following 0
    • Followers 0
    • Topics 1
    • Posts 4
    • Groups 0

    peb2

    @peb2

    0
    Reputation
    4
    Profile views
    4
    Posts
    0
    Followers
    0
    Following
    Joined
    Last Online
    peb2 Unfollow Follow

    Latest posts made by peb2

    • RE: XOA letsencrpyt module not setting acmeDomain

      @john-c

      Thank you!

      I switched the provider over to 'letsencrypt/production' and now everything is working. The 90 day renewal isn't an issue for me since the server renews automatically.

      posted in Advanced features
      P
      peb2
    • RE: XOA letsencrpyt module not setting acmeDomain

      @john-c

      I'm running the appliance, XOA version 5.95.1, stable release channel.

      I'm also seeing this error in the journal:

      Jul 29 15:33:59 xoa xo-server[3893]: 2024-07-29T19:33:59.287Z xo:mixins:sslCertificate WARN couldn't renew ssl certificate {
Jul 29 15:33:59 xoa xo-server[3893]:   acmeDomain: 'www.mydomain.com',
Jul 29 15:33:59 xoa xo-server[3893]:   error: Error: The request must include a value for the "externalAccountBinding" field

      So it looks like there may be some letsencrypt account setup I need to do before this will work.

      posted in Advanced features
      P
      peb2
    • RE: XOA letsencrpyt module not setting acmeDomain

      @john-c Thanks for your help sofar! The FQDN and email fields were changed for the post online, they're corrected in the actual config.toml.

      I tried adding the hostname line with the FQDN to both the #basic HTTP and #basic HTTPS sections but it still doesn't seem to be grabbing the acmeDomain correctly.

      This is what the Certificate says when I view it:

      Common Name (CN) <Not Part Of Certificate>
      Organization (O) Internet Widgits Pty Ltd
      Organizational Unit (OU) <Not Part Of Certificate>

      There doesn't seem to be a manpage for xo-server, is there somewhere I can see the full set of configuration options?

      edit: nevermind I found the journal entries and it looks like the problem is:

      Jul 29 15:33:40 xoa xo-server[3893]: strict mode: required property "discoveryURL" is not defined at "#/anyOf/0" (strictRequired)

      posted in Advanced features
      P
      peb2
    • XOA letsencrpyt module not setting acmeDomain

      Hello,

      I'm new to Xen and XOA (migrating from Vmware) and I was wondering if anyone could help me with a problem.

      I'm trying to use the Letsencrypt module as specified in:

      https://github.com/vatesfr/xen-orchestra/blob/master/%40xen-orchestra/mixins/docs/SslCertificate.md?ref=xen-orchestra.com

      However, the XOA doesn't seem to be passing the variable for 'acmeDomain' so I get a certificate without a CN.

      Has anyone else seen this problem or know what my mistake may be?

      Here's my /etc/xo-server/config.toml:

      #=====================================================================

# HTTP proxy configuration used by xo-server to fetch resources on the
# Internet.
#
# See: https://github.com/TooTallNate/node-proxy-agent#maps-proxy-protocols-to-httpagent-implementations
#httpProxy = 'http://jsmith:qwerty@proxy.lan:3128'

# Configuration of the embedded HTTP server.
[http]
# If set to true, all HTTP traffic will be redirected to the first
# HTTPs configuration.

redirectToHttps = true

# Basic HTTP.
[[http.listen]]
# Port on which the server is listening on.
port = 80


# Basic HTTPS.
[https]
#
# You can find the list of possible options there https://nodejs.org/docs/latest/api/tls.html#tls.createServer
#
# The only difference is the presence of the certificate and the
# key.

hostname = '0.0.0.0'

[[http.listen]]
port = 443

# Whether to autogenerate a self signed certificate if the `cert` and `file`
# entries could not be found.
#
# Default: true
#autoCert = false
autoCert = true

# File containing the certificate (PEM format).
#
# If a chain of certificates authorities is needed, you may bundle
# them directly in the certificate.
#
# Note: the order of certificates does matter, your certificate
# should come first followed by the certificate of the above
# certificate authority up to the root.
#cert = '/etc/ssl/cert.pem'
cert = '/etc/ssl/xoa.cert.pem'

# File containing the private key (PEM format).
#
# If the key is encrypted, the passphrase will be asked at
# server startup.
#key = '/etc/ssl/key.pem'
key = '/etc/ssl/xoa.key.pem'

# ACME (e.g. Let's Encrypt, ZeroSSL) CA directory
#
# Specifies the URL to the ACME CA's directory.
#
# A identifier `provider/directory` can be passed instead of a URL, see the
# list of supported directories here: https://www.npmjs.com/package/acme-client#directory-urls
#
# Note that the application cannot detect that this value has changed.
#
# In that case delete the certificate and the key files, and restart the
# application to generate new ones.
#
# Default is 'letsencrypt/production'
acmeCa = 'zerossl/production'

# Domain for which the certificate should be created.
#
# This entry is required.
acmeDomain = 'xoa.mydomain.com'

# Optional email address which will be used for the certificate creation.
#
# It will be notified of any issues.
acmeEmail = 'myemail@mydomain.com'
      posted in Advanced features
      P
      peb2