Hello, when sending email in either Outlook or Thunderbird I get 'Unknown Identity' error. When I view my certificate it shows my correct server name in the Common Name field but it shows DE as the country. I am in USA. I ran the 'common-issues' php and listed below is the report. Any help would be appreciated. Thank you! Tom ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Ubuntu 24.04.2 LTS [INFO] uptime: 10:12:33 up 19:59, 3 users, load average: 0.01, 0.02, 0.00 [INFO] memory: total used free shared buff/cache available Mem: 31Gi 2.7Gi 26Gi 152Mi 2.8Gi 28Gi Swap: 4.0Gi 0B 4.0Gi [INFO] systemd failed services status: UNIT LOAD ACTIVE SUB DESCRIPTION 0 loaded units listed. [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.12p1 ##### VERSION CHECK ##### [INFO] php (cli) version is 8.3.19 [INFO] php-cgi (used for cgi php in default vhost!) is version 8.3.19 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### [WARN] I found no "smtps" entry in your postfix master.cf [INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this. ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 955) [INFO] I found the following mail server(s): Postfix (PID 2279) [INFO] I found the following pop3 server(s): Dovecot (PID 1954) [INFO] I found the following imap server(s): Dovecot (PID 1954) [INFO] I found the following ftp server(s): PureFTP (PID 1245) ##### LISTENING PORTS ##### (only () Local (Address) [anywhere]:4190 (1954/dovecot) ***.***.***.***:53 (617/named) ***.***.***.***:53 (617/named) ***.***.***.***:53 (617/named) ***.***.***.***:53 (617/named) ***.***.***.***:53 (617/named) ***.***.***.***:53 (617/named) ***.***.***.***:53 (617/named) ***.***.***.***:53 (617/named) [localhost]:11334 (1957/rspamd [localhost]:11332 (1957/rspamd [localhost]:11333 (1957/rspamd [anywhere]:587 (2279/master) [anywhere]:995 (1954/dovecot) [anywhere]:993 (1954/dovecot) [anywhere]:143 (1954/dovecot) [anywhere]:21 (1245/pure-ftpd) [anywhere]:25 (2279/master) [anywhere]:110 (1954/dovecot) [anywhere]:465 (2279/master) [localhost]:11211 (616/memcached) [localhost]:10023 (576/postgrey) [anywhere]:3306 (769/mariadbd) [localhost]:6379 (628/redis-server) ***.***.***.***:53 (514/systemd-resolve) ***.***.***.***:53 (514/systemd-resolve) [localhost]:53 (617/named) [localhost]:53 (617/named) [localhost]:53 (617/named) [localhost]:53 (617/named) [localhost]:53 (617/named) [localhost]:53 (617/named) [localhost]:53 (617/named) [localhost]:53 (617/named) [localhost]:953 (617/named) [localhost]:953 (617/named) [localhost]:953 (617/named) [localhost]:953 (617/named) [localhost]:953 (617/named) [localhost]:953 (617/named) [localhost]:953 (617/named) [localhost]:953 (617/named) *:*:*:*::*:4190 (1954/dovecot) *:*:*:*::*:10023 (576/postgrey) *:*:*:*::*:11211 (616/memcached) *:*:*:*::*:8081 (955/apache2) *:*:*:*::*:8080 (955/apache2) *:*:*:*::*:11334 (1957/rspamd *:*:*:*::*:11332 (1957/rspamd *:*:*:*::*:11333 (1957/rspamd *:*:*:*::*:587 (2279/master) *:*:*:*::*:995 (1954/dovecot) *:*:*:*::*:993 (1954/dovecot) [localhost]43 (1954/dovecot) *:*:*:*::*:22 (1/init) *:*:*:*::*:21 (1245/pure-ftpd) *:*:*:*::*:25 (2279/master) [localhost]10 (1954/dovecot) *:*:*:*::*:80 (955/apache2) *:*:*:*::*:443 (955/apache2) *:*:*:*::*:465 (2279/master) *:*:*:*::**:*:*:*::*53 (617/named) *:*:*:*::**:*:*:*::*53 (617/named) *:*:*:*::**:*:*:*::*53 (617/named) *:*:*:*::**:*:*:*::*53 (617/named) *:*:*:*::**:*:*:*::*53 (617/named) *:*:*:*::**:*:*:*::*53 (617/named) *:*:*:*::**:*:*:*::*53 (617/named) *:*:*:*::**:*:*:*::*53 (617/named) *:*:*:*::*:3306 (769/mariadbd) *:*:*:*::*:953 (617/named) *:*:*:*::*:953 (617/named) *:*:*:*::*:953 (617/named) *:*:*:*::*:953 (617/named) *:*:*:*::*:953 (617/named) *:*:*:*::*:953 (617/named) *:*:*:*::*:953 (617/named) *:*:*:*::*:953 (617/named) *:*:*:*::*:53 (617/named) *:*:*:*::*:53 (617/named) *:*:*:*::*:53 (617/named) *:*:*:*::*:53 (617/named) *:*:*:*::*:53 (617/named) *:*:*:*::*:53 (617/named) *:*:*:*::*:53 (617/named) *:*:*:*::*:53 (617/named) *:*:*:*::*:6379 (628/redis-server) ##### LET'S ENCRYPT ##### acme.sh is installed in /root/.acme.sh/acme.sh
Has the certificate been issued by Let's Encrypt? If not, then you probably did not have the correct DNS records set up at the time you installed the system, which means you created a self-signed SSL certificate instead of a Let#s Encrypt certificate. Also, be sure to connect with the server hostname, not your email domain or a subdomain like mail.yourdomain.tld. See email guide: https://www.howtoforge.com/ispconfig-email-account/
Hey Till, yes I have Let's Encrypt successfully installed for all web sites and maybe the correct DNS records were not setup at the time of install. I don't know. How can I fix this? Everything I see indicates that I am using a self signed certificate. Can I create a Let's Encrypt certificate for my email without effecting my web sites? I am currently connecting with my email domain. I will change it to connect with my server hostname. Thanks, Tom
Run an ISPConfig update with: ispconfig_update.sh --force choose reconfigure services and then choose to recreate the SSL certificate when the updater asks for it.
I ran the update and below is a portion of the output. Can you please review it and let me know if it looks ok? Thank you! Tom Create new ISPConfig SSL certificate (yes,no) [no]: yes Checking / creating certificate for server2025.domain.com Using certificate path /root/.acme.sh/server2025.domain.com sh: 1: cannot open /dev/tcp/127.0.0.1/80: No such file Using apache for certificate validation acme.sh is installed, overriding certificate path to use /root/.acme.sh/server2025.domain.com Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: y Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: n Reconfigure Crontab? (yes,no) [yes]: Updating Crontab Restarting services ... Update finished.
The ispconfig update resolved my certificate issues but also locked me out of Ispconfig with wrong user name or password: To regain access to Ispconfig I did the following in SSH: 1) nano cat /usr/local/ispconfig/server/lib/mysql_clientdb.conf $clientdb_password = ‘Password’; Save the listed password 2) mysql -h localhost -p dbispconfig Use the saved password 3) UPDATE sys_user SET passwort = md5('YourNewPassword') WHERE username = 'admin'; FLUSH PRIVILEGES; quit; 4) restart MySQL sudo systemctl restart mysql
Till, I was locked out of Ispconfig immediately after running the update. It is my understanding that changes to SSL could effect my ability to login. The above fix worked for me and I am now logged into Ispconfig. Is it possible to backup the Ispconfig settings? Is there a better way to reset the Ispconfig login/password?
No, that's two different things. SSL secures your connection, which is independent of your login. As I mentioned, the login does not change with an update. It's okay that it worked after you did that, even if it's very unlikely that this was the actual solution to the problem. I just mentioned it so that no other user who might find this in the future expects that SSL and passwords are related or that passwords can be altered by an update or that updating the password was necessary after running an ISPConfig update. You should regularly back up your server. This will automatically include the ISPConfig settings. Besides that, ISPConfig backs up your settings on any update and with ISPConfig 3.3, it will back up settings nightly. You copied the steps from the official ISPConfig FAQ page that I posted on that topic: https://www.faqforge.com/linux/cont...et-the-administrator-password-in-ispconfig-3/ But the FAQ mentions also an easier way, which you could have used.
