Comments (14)
Apologies for the confusion and bugs; we decided to switch the SSL/TLS stack to ACME.sh - since it's easier to maintain and is able to deal with newer functionality. There is no point in reinventing the wheel, if it's already been done in a very proper way.
However, some commands need to be rerouted and fixed. ACME.sh has a different syntax, so I'll adjust WordOps
to do some magic, in order to discover whether CF is being used or whether it's a primary domain or subdomain. I'll keep you up to date.
from wordops.
This doesn't work: wo site create/update site.com --le
But this works: ee site create/update site.com --le
Though of course the proxy has to be temporarily off in CF before running the command. I'd like to move all the sites to wo instead of ee but this is holding me back for now.
from wordops.
did you wo update domain.ltd --le with the active cloudflare proxy? this does not work
from wordops.
Hey juanpvh, it used to work on easyengine. Anyway I can have cf + letsencrypt on wordops?
from wordops.
you can use letsencrypt with cloudflare, but the proxy must be disabled to avoid causing conflict.
The best way to use the certificate is to use acme-cloudflare, you can use the certificate of the cloudflare itself with proxy and using full (strict) -Crypto option and the other cloudflare options. See this https://github.com/VirtuBox/ee-acme-sh
from wordops.
@juanpvh Sorry, I didn't understand.
So Basically I shoud use virtubox script, and getting the LE from there? Using the origin cert from cloudflare? Is that It?
I think figured it out about the error, cloudflare doesn't support ECDSA bigger than 256 bits, seems like wordops uses 364 bits.
Can you explain a little more what you mean with acme-cloudflare?
Can virtubox script generate a specific 256 ECDSA? I tought that it was only 364. Always...
from wordops.
acme will generate the certificate of the cloudflare itself and install on your server. Acme will do this integration between your server and cloudflare. The Cloudflare Certificate has more validity, I like that.
from wordops.
@manacim i tryed that. Didn't work. You mean using the wo alias se, or the "real" easyengine script.
Man that could be fixed if someone could refactor the virtubox ee-acme to emit a cloudflare compatible cypher. Somethin line --le256 or somethin.
from wordops.
@willkoga using the original EEv3 command works with Let's Encrypt and CloudFlare.
from wordops.
Just did a fresh install on Debian 8, error log shows:
2018-12-24 02:38:09,972 (DEBUG) wo : Running command: /usr/local/bin/wo-acme -s example.com --standalone
2018-12-24 02:38:09,974 (DEBUG) wo : Command Output: ,
Command Error: /bin/sh: 1: /usr/local/bin/wo-acme: not found
from wordops.
@jeroenops any news on that? I'm itching to try wordops
from wordops.
@jeroenops Also itching. And there is no activity on the Repo :( Everything all right?
from wordops.
tryed that. Didn't work. You mean using the wo alias se, or the "real" easyengine script.
Man that could be fixed if someone could refactor the virtubox ee-acme to emit a cloudflare compatible cypher. Somethin line --le256 or somethin.
This is not related to ECDSA keylength, I'm using 384 Bits certs with Cloudflare on several sites without problem. I think it was probably due to nginx ssl_ciphers suite, or to missing ssl_ecdh_curve directive.
from wordops.
After running tests with the new nginx build and 384 bits ECDSA certificates with Cloudflare proxy enabled, there isn't any issue anymore.
So I'm closing this issue.
from wordops.
Related Issues (20)
- Robots.txt not editable via Hook Filter "robots_txt" HOT 2
- wo site update --phpXx doesn't do anything to vhost config HOT 2
- Install stack without Database HOT 3
- Remove Anemometer Package - Potential Vulnerability HOT 2
- [Suggestion]Redis compatible cache alternative HOT 11
- Wordops installtaion fails on arm64 HOT 2
- Was Ngxblocker removed from wordops? HOT 4
- Following #549 can we have a .mustache template for /etc/nginx/conf.d/force-ssl-?.com.conf HOT 9
- `wo update` fails on Debian 11 due to deprecation error HOT 5
- Installing PHP 8.3 fails on Debian 10 due to missing Xdebug package HOT 7
- Error: Access denied; you need (at least one of) the SUPER privilege(s) for this operation - MYSQL HOT 2
- File has unexpected size HOT 4
- Incorrectly detects `PHP8.2-FPM is not installed` HOT 3
- Wo log show does not work HOT 3
- Unable to update or install latest php HOT 3
- Issue regarding logging sensitive information HOT 4
- Potential TOCTOU Attack Surface HOT 5
- Let'sEncrypt certificate overwrite between subdomains. HOT 5
- Nginx -t gives me errors and website is crashing HOT 1
- Feat: make WordOps more resilient by adding `Restart=on-failure RestartSec=5s` HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wordops.