here is my master.cf this is a freshly installed machine. i followed this guide for ssl which has never let me down before. https://www.howtoforge.com/securing-your-ispconfig-3-installation-with-a-free-class1-ssl-certificate-from-startssl heads pickled going around in circles thanks in advance
master.cf looks fine. The issue is most likely a corrupted or wrong ssl cert. Did it work before you added the startssl cert?
I never checked it to be honest. Just been trying to get everything back to normal and as quick as possible lol But it works for the domain.tld . When I visit the domain.tld . It is encrypted with the green padlock and say verifed startcom . Best thing to do is reinstall the certificate from start to finish then. Im out at a school play (daughters acting a munchkin ) it will be the first thing to try once I get back Cheers Till
which certificate do i use . startssl has changed since that tutorial was writen. i get a list of certificate apacheserver, iisserver, nginxserver, otherserver. now the first time i placed the nginx version of the cert but it comes as 2 certs in the one file. i choose nginx as thats the server im running. but if you check the tutorial their is just one cert within the ispserver.crt. so i change the cert to the apache version domain.tld.crt its just the same as before . i get the grean padlock and verified by startcom ltd, when i connect to purftpd over tls the cert verified window pops up for to trust it . which states that its a cert from startcom. but the emails still wont sent. have followed the tutorial to the T and i know that tutorial works. i have used it twice with a great outcomes. it just hasnt been my best last couple of days lol
The certificate file has just to contain the ssl certifucate and no intermediate certs. Choose either the other cert or the apache cert and check that the file just contains one ssl cert. then restart postfix.
i still cant get out going mail to work. i have created 3 brand new certificates since your last message,i have been following the guide 100% at present i am using the cert from otherserver and im using the 2_domain.tld.crt. i presume this is the correct cert, seen as its for the domain its registered for ? if that is correct then their must be a problem else where . i removed all files from /usr/local/ispconfig/interface/ssl/ and done and continued on from their on the guide .
That looks fine so far. Please post the output of: ls -la /usr/local/ispconfig/interface/ssl/startssl.chain.class1.server.crt ls -la /etc/postfix/smtpd.cert ls -la /etc/postfix/smtpd.key
hi Till as requested these persmission look wrong, would that be right? /etc/postfix/smtpd.key /etc/postfix/smtpd.cert
That's ok as these are symlinks. Follow the symlink by checking the crt and key file now: ls -la /usr/local/ispconfig/interface/ssl/ispserver.crt ls -la /usr/local/ispconfig/interface/ssl/ispserver.key
Maybe the rights are too "open" for postfix as the SSL key should not be world readable. Please try a: chmod 600 /usr/local/ispconfig/interface/ssl/ispserver.key and restart postfix.
Good Morning Till im gonna be the bane of your life lol that didnt work either im still getting the same errors i changed permissions on ispserver.key but that didnt work so i also changed permissions on ispserver.crt both actions didnt change, still get errors
Please check the content of this file: /usr/local/ispconfig/interface/ssl/startssl.chain.class1.server.crt According to the log, postfix is not able to read it or that its content is not correct.
You Are A Genius this is how the first line looked should this even be in the "startssl.chain.class1.server.crt" many many thanks Chris
