Discussion in 'ISPConfig 3 Priority Support' started by babydunk, Jun 14, 2016.
i just seem to be going round in circles
here is my warn.log
heres is postconf -n
here is my master.cf
this is a freshly installed machine. i followed this guide for ssl which has never let me down before. https://www.howtoforge.com/securing-your-ispconfig-3-installation-with-a-free-class1-ssl-certificate-from-startssl
heads pickled going around in circles
thanks in advance
master.cf looks fine. The issue is most likely a corrupted or wrong ssl cert. Did it work before you added the startssl cert?
I never checked it to be honest. Just been trying to get everything back to normal and as quick as possible lol But it works for the domain.tld . When I visit the domain.tld . It is encrypted with the green padlock and say verifed startcom .
Best thing to do is reinstall the certificate from start to finish then.
Im out at a school play (daughters acting a munchkin ) it will be the first thing to try once I get back
which certificate do i use . startssl has changed since that tutorial was writen. i get a list of certificate apacheserver, iisserver, nginxserver, otherserver.
now the first time i placed the nginx version of the cert but it comes as 2 certs in the one file. i choose nginx as thats the server im running.
but if you check the tutorial their is just one cert within the ispserver.crt. so i change the cert to the apache version domain.tld.crt
its just the same as before . i get the grean padlock and verified by startcom ltd, when i connect to purftpd over tls the cert verified window pops up for to trust it . which states that its a cert from startcom.
but the emails still wont sent. have followed the tutorial to the T and i know that tutorial works. i have used it twice with a great outcomes.
it just hasnt been my best last couple of days lol
The certificate file has just to contain the ssl certifucate and no intermediate certs. Choose either the other cert or the apache cert and check that the file just contains one ssl cert. then restart postfix.
i still cant get out going mail to work. i have created 3 brand new certificates since your last message,i have been following the guide 100%
at present i am using the cert from otherserver and im using the 2_domain.tld.crt. i presume this is the correct cert, seen as its for the domain its registered for ?
if that is correct then their must be a problem else where .
i removed all files from /usr/local/ispconfig/interface/ssl/ and done
and continued on from their on the guide .
Please post the complete postfix main.cf file.
Good Morning Till, i hope your well
heres my main.cf
That looks fine so far. Please post the output of:
ls -la /usr/local/ispconfig/interface/ssl/startssl.chain.class1.server.crt
ls -la /etc/postfix/smtpd.cert
ls -la /etc/postfix/smtpd.key
these persmission look wrong, would that be right?
That's ok as these are symlinks. Follow the symlink by checking the crt and key file now:
ls -la /usr/local/ispconfig/interface/ssl/ispserver.crt
ls -la /usr/local/ispconfig/interface/ssl/ispserver.key
Maybe the rights are too "open" for postfix as the SSL key should not be world readable. Please try a:
chmod 600 /usr/local/ispconfig/interface/ssl/ispserver.key
and restart postfix.
Good Morning Till
im gonna be the bane of your life lol
that didnt work either im still getting the same errors
i changed permissions on ispserver.key
but that didnt work so i also changed permissions on ispserver.crt
both actions didnt change, still get errors
smtpd_use_tls = yes
in main.cf and restart postfix.
Still the same Till
are the permission correct for the rest of the Certs.
heres some mail.log's , i dont know if they will be any use
Please check the content of this file: /usr/local/ispconfig/interface/ssl/startssl.chain.class1.server.crt
According to the log, postfix is not able to read it or that its content is not correct.
You Are A Genius
this is how the first line looked
should this even be in the "startssl.chain.class1.server.crt"
many many thanks
Separate names with a comma.