another amusing issue! (still non-threatening title) mail server cant talk TLS. says cert expired.

very odd think just happened. mail servers cant talk to me saying cert is expired.
but my mail server is ns10.cdbsystems.com its SSL cert is fine.
looking at postfix dir:
--snip--
rwxrwxrwx 1 root root 48 Sep 30 2020 smtpd.cert -> /usr/local/ispconfig/interface/ssl/ispserver.crt
-rw-r--r-- 1 root root 2106 Sep 29 2020 smtpd.cert-20200929192627.bak
lrwxrwxrwx 1 root root 48 Sep 29 2020 smtpd.cert-20200929194627.bak -> /usr/local/ispconfig/interface/ssl/ispserver.crt
lrwxrwxrwx 1 root root 48 Sep 29 2020 smtpd.cert-20200929195727.bak -> /usr/local/ispconfig/interface/ssl/ispserver.crt
lrwxrwxrwx 1 root root 48 Sep 29 2020 smtpd.cert-20200930092800.bak -> /usr/local/ispconfig/interface/ssl/ispserver.crt
lrwxrwxrwx 1 root root 48 Sep 30 2020 smtpd.key -> /usr/local/ispconfig/interface/ssl/ispserver.key
-rw------- 1 root root 3272 Sep 29 2020 smtpd.key-20200929192627.bak
lrwxrwxrwx 1 root root 48 Sep 29 2020 smtpd.key-20200929194627.bak -> /usr/local/ispconfig/interface/ssl/ispserver.key
lrwxrwxrwx 1 root root 48 Sep 29 2020 smtpd.key-20200929195727.bak -> /usr/local/ispconfig/interface/ssl/ispserver.key
lrwxrwxrwx 1 root root 48 Sep 29 2020 smtpd.key-20200930092800.bak -> /usr/local/ispconfig/interface/ssl/ispserver.key
--snip--
smtpd.cert points at /usr/local/ispconfig/interface/ssl/ispserver.crt as it should:
--snip--
lrwxrwxrwx 1 root root 55 Oct 1 2020 ispserver.crt -> /etc/letsencrypt/live/ns10.cdbsystems.com/fullchain.pem
lrwxrwxrwx 1 root root 53 Oct 1 2020 ispserver.key -> /etc/letsencrypt/live/ns10.cdbsystems.com/privkey.pem
-rwxr-x--- 1 root root 7188 Oct 1 2020 ispserver.pem
--snip--
and it points to letsencrypt for ns10.cdbsystems.com which is dated oct 1 and is fine.

output from your test script:

Code:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is CentOS Linux release 8.3.2011
 
[INFO] uptime:  12:18:39 up 39 days,  3:17,  1 user,  load average: 0.86, 0.67, 0.67
 
[INFO] memory:
              total        used        free      shared  buff/cache   available
Mem:          220Gi        19Gi        45Gi       5.3Gi       155Gi       193Gi
Swap:         4.0Gi          0B       4.0Gi
 
[INFO] systemd failed services status:
  UNIT             LOAD   ACTIVE SUB    DESCRIPTION                           
● fail2ban.service loaded failed failed Fail2Ban Service                     
● kdump.service    loaded failed failed Crash recovery kernel arming         
● mcelog.service   loaded failed failed Machine Check Exception Logging Daemon

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

3 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.2.5


##### VERSION CHECK #####

[INFO] php (cli) version is 7.4.19
[INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.19

##### PORT CHECK #####


##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
    Unknown process (httpd) (PID 2216)
[INFO] I found the following mail server(s):
    Postfix (PID 2315)
[INFO] I found the following pop3 server(s):
    Dovecot (PID 2407)
[INFO] I found the following imap server(s):
    Dovecot (PID 2407)
[INFO] I found the following ftp server(s):
    PureFTP (PID 2027)

##### LISTENING PORTS #####
(only        ()
Local        (Address)
[anywhere]:222        (151705/./jre/bin/ja)
[localhost]:223        (151705/./jre/bin/ja)
[localhost]:8481        (151705/./jre/bin/ja)
[anywhere]:993        (2407/dovecot)
[anywhere]:995        (2407/dovecot)
[localhost]:10023        (2090/postgrey)
[anywhere]:8008        (151705/./jre/bin/ja)
[localhost]:10024        (2458/amavisd)
[anywhere]:27017        (1929451/mongod)
[anywhere]:873        (2353/rsync)
[localhost]:10025        (2315/master)
[localhost]:10026        (2458/amavisd)
[localhost]:10027        (2315/master)
[anywhere]:587        (2315/master)
[anywhere]:110        (2407/dovecot)
[anywhere]:143        (2407/dovecot)
[anywhere]:465        (2315/master)
***.***.***.***:53        (2145/named)
[localhost]:53        (2145/named)
[anywhere]:21        (2027/pure-ftpd)
[anywhere]:22        (2009/sshd)
[localhost]:36825        (151705/./jre/bin/ja)
[anywhere]:25        (2315/master)
[localhost]:953        (2145/named)
*:*:*:*::*:443        (2216/httpd)
*:*:*:*::*:993        (2407/dovecot)
*:*:*:*::*:995        (2407/dovecot)
*:*:*:*::*:10023        (2090/postgrey)
*:*:*:*::*:873        (2353/rsync)
*:*:*:*::*:3306        (2144/mysqld)
*:*:*:*::*:587        (2315/master)
[localhost]10        (2407/dovecot)
[localhost]43        (2407/dovecot)
*:*:*:*::*:8080        (2216/httpd)
*:*:*:*::*:80        (2216/httpd)
*:*:*:*::*:8081        (2216/httpd)
*:*:*:*::*:465        (2315/master)
*:*:*:*::*:53        (2145/named)
*:*:*:*::*:21        (2027/pure-ftpd)
*:*:*:*::*:22        (2009/sshd)
*:*:*:*::*:25        (2315/master)
*:*:*:*::*:953        (2145/named)




##### IPTABLES #####
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         




##### LET'S ENCRYPT #####
Certbot is installed in /opt/eff.org/certbot/venv/bin/certbot

but mailservers are returning error and wont verify. it says the cert expired and under details seems expired Oct28 (as I recall).

any ideas?

and any ideas on my OTHER mail problem on a DIFFERENT server? Are we having fun yet?
cdb.

 

hmm this will happen with every certificate update? I thought we handled that automatically?

 

hmm dont think so. and this problem only just occurred - i've updated certs many times before. a glitch?

 

hmm just got this email: and I've NEVER received any email like this before?

--snip--
Your certificate (or certificates) for the names listed below will expire in 10 days (on 13 Nov 21 06:01 +0000). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.

We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide for details.

1stfamilyhomecareinc.com
aghshome.com
asoldiersgift-movie.com
lists.theeldestgeek.com
sitantiques.com
www.aghshome.com
www.asoldiersgift-movie.com
www.sitantiques.com

For any questions or support, please visit: https://community.letsencrypt.org Unfortunately, we can't provide support by email.
--snip--
thought renewing was automatic? why send me this email? anyone else getting this kind of email?