Comments (14)
Apologies for the confusion and bugs; we decided to switch the SSL/TLS stack to ACME.sh - since it's easier to maintain and is able to deal with newer functionality. There is no point in reinventing the wheel, if it's already been done in a very proper way.
However, some commands need to be rerouted and fixed. ACME.sh has a different syntax, so I'll adjust WordOps
to do some magic, in order to discover whether CF is being used or whether it's a primary domain or subdomain. I'll keep you up to date.
from wordops.
This doesn't work: wo site create/update site.com --le
But this works: ee site create/update site.com --le
Though of course the proxy has to be temporarily off in CF before running the command. I'd like to move all the sites to wo instead of ee but this is holding me back for now.
from wordops.
did you wo update domain.ltd --le with the active cloudflare proxy? this does not work
from wordops.
Hey juanpvh, it used to work on easyengine. Anyway I can have cf + letsencrypt on wordops?
from wordops.
you can use letsencrypt with cloudflare, but the proxy must be disabled to avoid causing conflict.
The best way to use the certificate is to use acme-cloudflare, you can use the certificate of the cloudflare itself with proxy and using full (strict) -Crypto option and the other cloudflare options. See this https://github.com/VirtuBox/ee-acme-sh
from wordops.
@juanpvh Sorry, I didn't understand.
So Basically I shoud use virtubox script, and getting the LE from there? Using the origin cert from cloudflare? Is that It?
I think figured it out about the error, cloudflare doesn't support ECDSA bigger than 256 bits, seems like wordops uses 364 bits.
Can you explain a little more what you mean with acme-cloudflare?
Can virtubox script generate a specific 256 ECDSA? I tought that it was only 364. Always...
from wordops.
acme will generate the certificate of the cloudflare itself and install on your server. Acme will do this integration between your server and cloudflare. The Cloudflare Certificate has more validity, I like that.
from wordops.
@manacim i tryed that. Didn't work. You mean using the wo alias se, or the "real" easyengine script.
Man that could be fixed if someone could refactor the virtubox ee-acme to emit a cloudflare compatible cypher. Somethin line --le256 or somethin.
from wordops.
@willkoga using the original EEv3 command works with Let's Encrypt and CloudFlare.
from wordops.
Just did a fresh install on Debian 8, error log shows:
2018-12-24 02:38:09,972 (DEBUG) wo : Running command: /usr/local/bin/wo-acme -s example.com --standalone
2018-12-24 02:38:09,974 (DEBUG) wo : Command Output: ,
Command Error: /bin/sh: 1: /usr/local/bin/wo-acme: not found
from wordops.
@jeroenops any news on that? I'm itching to try wordops
from wordops.
@jeroenops Also itching. And there is no activity on the Repo :( Everything all right?
from wordops.
tryed that. Didn't work. You mean using the wo alias se, or the "real" easyengine script.
Man that could be fixed if someone could refactor the virtubox ee-acme to emit a cloudflare compatible cypher. Somethin line --le256 or somethin.
This is not related to ECDSA keylength, I'm using 384 Bits certs with Cloudflare on several sites without problem. I think it was probably due to nginx ssl_ciphers suite, or to missing ssl_ecdh_curve directive.
from wordops.
After running tests with the new nginx build and 384 bits ECDSA certificates with Cloudflare proxy enabled, there isn't any issue anymore.
So I'm closing this issue.
from wordops.
Related Issues (20)
- Http2.pro error: "ALPN: No ALPN, No NPN" HOT 2
- [Request] TCP Fast Open Support HOT 4
- problems with codes/commads HOT 2
- cannot import name 'distro' after upgrade to latest version HOT 7
- Cert expired, and not renewed HOT 1
- more_set_headers X-Powered-By : WordOps HOT 6
- Weird 301 redirection to my old domain HOT 3
- Getting ERR_INVALID_REDIRECT after update to v3.21.0 HOT 3
- Error after upgrading WO HOT 13
- Quic Protocol Error on Elementor Frontend.min.js asset HOT 8
- QUIC connection could not be established HOT 1
- Restarting Nginx [OK] Oops Something went wrong HOT 6
- eXtplorer is not working properly HOT 3
- Run "wo log show site.com" get error "UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 2326: invalid start byte" HOT 2
- Admin Dashboard displays no interface, only code HOT 2
- Error in all installing, updating or upgrading commands HOT 1
- After purging php8.1, it continues to try to be loaded
- http2" directive is deprecated
- Installation Failure on Ubuntu 24.04 LTS HOT 3
- Many resources are not being served via HTTP/3 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wordops.