Hello, Another distribution, now Debian 9, exactly the same problem in CentOS 7 I followed, tutorial https://www.howtoforge.com/tutorial/securing-ispconfig-3-with-a-free-lets-encrypt-ssl-certificate/ cat ispserver.{key,crt} > ispserver.pem after that create an empty ipserver.pem Error create, because key and crt now are with other names .bak Then .. ln -s /etc/letsencrypt/live/mail.sofihacloud.com.ar/fullchain.pem ispserver.crt ln -s /etc/letsencrypt/live/mail.sofihacloud.com.ar/privkey.pem ispserver.key but theare no mail.sofihacloud.com.ar in /etc/letsencrypt/live /etc/letsencrypt/live sofihacloud.com.ar sofiha.com.ar tesauro.com.ar and finally Not working for me. Dovecot not working, never restart. /etc/postfix/main.cf smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key /etc/dovecot/dovecot.conf ssl_cert = </etc/postfix/smtpd.cert ssl_key = </etc/postfix/smtpd.key Thanks for any help Nestor Mazza
The guide does work, I have used it a few times. If a step fails, the previous step was not done correctly. Try doing it again carefully. There is lots of discussions about that guide, perhaps the errors you see are explained already.
I used the guide myself and it works fine, so no reason to blame the guide here and the problem is nowhere related to the creation of the .bak files that you mentioned, the .bak files are the backup of the old notn letsencrypt ssl certs. When you do not receive an SSL cert from let's encrypt, then the services like dovecot must fail when you reconfigure them to use a non-existing ssl cert. So the reason for your problem is neither the tutorial nor the used Linux distribution, the reason for the problem is that let's encrypt did not issue and SSL cert for your mail subdomain. So that's what you have to fix, does this subdomain exist in dns and does it point to your server?
Hello, So that's what you have to fix, does this subdomain exist in dns and does it point to your server? Yes, the three domains exists in dns and they are pointed to my server. My dns systems are in dns linode, not in ISPConfig. Let me show you sofihacloud.com.ar zone DNS Manager » sofihacloud.com.ar » Zone dump ; sofihacloud.com.ar [1063700] $TTL 86400 @ IN SOA ns1.linode.com. dominios.sofiha.com.ar. 2018042732 14400 14400 1209600 86400 @ NS ns1.linode.com. @ NS ns2.linode.com. @ NS ns3.linode.com. @ NS ns4.linode.com. @ NS ns5.linode.com. @ MX 10 mail.sofihacloud.com.ar. @ TXT "v=spf1 ip4:96.126.115.158 a mx ptr ~all" _dmarc TXT "v=DMARC1\059 p=none\059 adkim=s\059 aspf=s\059 pct=100\059 rua=mailto:[email protected]" @ A 96.126.115.158 mail A 96.126.115.158 www A 96.126.115.158 @ AAAA 2600:3c00::f03c:91ff:fe70:19fd mail AAAA 2600:3c00::f03c:91ff:fe70:19fd www AAAA 2600:3c00::f03c:91ff:fe70:19fd direct CNAME sofihacloud.com.ar. server1 CNAME sofihacloud.com.ar. IPv6, without selection in ISPConfig -> Sites And if I use ping from my computer C:\Users\nrmazza>ping sofihacloud.com.ar Haciendo ping a sofihacloud.com.ar [96.126.115.158] con 32 bytes de datos: Respuesta desde 96.126.115.158: bytes=32 tiempo=171ms TTL=50 Respuesta desde 96.126.115.158: bytes=32 tiempo=172ms TTL=50 Respuesta desde 96.126.115.158: bytes=32 tiempo=171ms TTL=50 Respuesta desde 96.126.115.158: bytes=32 tiempo=173ms TTL=50 Estadísticas de ping para 96.126.115.158: Paquetes: enviados = 4, recibidos = 4, perdidos = 0 (0% perdidos), Tiempos aproximados de ida y vuelta en milisegundos: Mínimo = 171ms, Máximo = 173ms, Media = 171ms I had checked, from the first step some times, but I don't now what's wrong Thanks Nestor Mazza
Thanks, let me offer you the following.. Step by step the results, hostname -f mail.sofihacloud.com.ar cd /usr/local/ispconfig/interface/ssl/ (ok) mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak (ok) mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak (ok) mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak ( ignored, I don't have ipserver.pem) ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt, replaced $(hostname -f) ln -s /etc/letsencrypt/live/mail.sofihacloud.com.ar/fullchain.pem ispserver.crt (??, not exist mail.sofihacloud.com.ar, only exist sofihacloud.com.ar) ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key, replaced $(hostname -f) ln -s /etc/letsencrypt/live/mail.sofihacloud.com.ar/privkey.pem ispserver.key (??, not exist mail.sofihacloud.com.ar, only exist sofihacloud.com.ar) cat ispserver.{key,crt} > ispserver.pem ( create an empty ipserver.pem) chmod 600 ispserver.pem (ok, but over an empty ipserver.pem) cd /etc/postfix/ (ok) mv smtpd.cert smtpd.cert-$(date +"%y%m%d%H%M%S").bak (ok) mv smtpd.key smtpd.key-$(date +"%y%m%d%H%M%S").bak (ok) ln -s /usr/local/ispconfig/interface/ssl/ispserver.crt smtpd.cert (ok) ln -s /usr/local/ispconfig/interface/ssl/ispserver.key smtpd.key (ok) service postfix restart (ok) service dovecot restart (never restart) What's wrong in my steps, I don't have any idea? Do you think, I do again and offer you what's dovecot says after reset in service dovecot status ? Thanks for help me Nestor Mazza
The error is before the first command you posted. You don't have an SSL cert for mail.sofihacloud.com.ar and that's why you cannot configure services to use it. Are you sure that you created a website mail.sofihacloud.com.ar in ISPConfig, that you enabled SSL and letsencrypt for this website and that you are able to reach this website in a browser with https? Because that's the prerequisite (and described in the tutorial) before you even start configuring the other services for SSL.
Hello, Till I added services for mail.sofihacloud.com.ar and now is working fine Thanks for help me Nestor Mazza