Note that you only need one installation of acme-dns for any Neth or other servers you’d want to use it with. I have it installed on my main Neth server, and then all my internal stuff (pfSense, my two Proxmox hosts, my FreeNAS boxes, etc.), as well as my Phab VPS, connect with that instance to do DNS validation.
As to your error, check the virtual host template fragment which should be at /etc/e-smith/templates-custom/etc/httpd/conf.d/virtualhosts.conf/15_phabricator. Does it match what’s in the wiki?
either my mind currently is not fit or something else.
I just got confused on the acme setup…
Question, if a person has multiple domains to different servers for different scenarios. Yet have one anycast dns that is used for all domains being managed.
does that setup have to be setup for each domain for it to work, or is there a way to setup one acme for all domains if required at any given point.
When Let’s Encrypt attempts DNS validation for $FQDN, it looks for a DNS record for _acme-challenge.$FQDN. If there’s a TXT record there, Let’s Encrypt reads the value and determines if validation succeeds or fails. If there’s a CNAME record instead, Let’s Encrypt will follow that CNAME and see what its target says. So, if you have a record of _acme-challenge.$FQDN CNAME somethingelse.acme.$OTHERFQDN, Let’s Encrypt will query somethingelse.acme.$OTHERFQDN for the TXT record.
When you configure acme-dns, you’re setting it up as the authoritative DNS server for a subdomain of one of your domains. If you have a domain of example.com, the subdomain is acme.example.com. So the NS records above make ns{1|2}.acme.example.com the authoritative nameservers for that subdomain, and then set your external IP address is the IP address for both of them (it isn’t essential to set two nameservers, but it seems to be common practice).
The real magic happens in the CNAME records. The python hook script keeps track of which hostnames already have issued certs. When you request a cert for a hostname that you haven’t previously issued, it will ask you to create a CNAME record for that host, which you’ll only need to do once.
So, no, you don’t need to set the NS records for each domain. Set them for one (pick one, it doesn’t really matter, though I think my module works best if you use your primary domain). Then set CNAME records for all the other hostnames as you need them.
To summarize my last post, no. Set it for your primary domain. Then, as requested by the hook script, create CNAME records for any other domains you need. You can even bypass installing acme-dns entirely and use the author’s test server at https://auth.acme-dns.io (just enter that URL in the hook script instead of your own domain)–though that isn’t recommended, particularly for long-term use.
@danb35 I updated my configuration on /etc/e-smith/templates-custom/etc/httpd/conf.d/virtualhosts.conf/15_phabricator .
I was able to successfully renew my letsencrypt ssl.
The biggest problem I am facing is that, when I visit that page, I get the default nethserver page, instead of the phabricator login page.
but i guess there are many changes that need to be considered.
cd phabricator
bin/config set mysql.pass $(cat /var/lib/nethserver/secrets/mysql)
running the comman, i get the error: UPGRADE PHP: The installed version of PHP ("5.4.16") is too old to run Arcanist. Update PHP to at least the minimum required version ("5.5.0").