Hello, I'm here again .. I have some problems with Let's Encrypt Renew of some domains. For example, the server is mail.sofihacloud.com.ar This certificate is OK! But, with other domains, such as laviruta.com and tesauro.com.ar are invalid or expired, How is the write way for renew them, Because ---------- Forwarded message ---------- From: Mail Delivery System < <Link: mailto:[email protected]> [email protected]> To: < <Link: mailto[email protected]> [email protected]> Cc: Bcc: Date: Wed, 24 Oct 2018 13:34:28 -0300 Subject: Mail delivery failed: returning message to sender This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: <Link: mailto[email protected]> [email protected] host <Link: http://mail.laviruta.com> mail.laviruta.com [96.126.115.158] SMTP error from remote mail server after RCPT TO:< <Link: mailto[email protected]> [email protected]>: 450 4.7.25 Client host rejected: cannot find your hostname, [216.224.178.66]: retry timeout exceeded NOTE: Qualys SSL Report: mail.laviruta.com This server's certificate is not trusted, see below for details. 2600:3c00:0:0:f03c:91ff:fe70:19fd Certificate not valid for domain name - Alternative names - INVALID - Trusted No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows 96.126.115.158 mail.sofihacloud.com.ar Certificate not valid for domain name - Alternative names - INVALID - Trusted No NOT TRUSTED (Why?) Mozilla Apple Android Java Windows Thanks, for all Nestor Mazza
Host timeouts / host not found on smtp has nothing to do with letsencrypt or certificates at all. Check the DNS entries for the domains and the RDNS entries for the corresponding ip addresses.
Helo Thanks, for your quicky answer I think exactly the same, but I don’t Know about certifícates renew for this domains If I use in a Mobile, the mail.laviruta.com The mail dosn’t work , not send , because , the problem is the certificate Thanks
That's a different problem to the one you mentioned but may have the same cause. Please run the renew command manually to see why it fails. Depending on your setup it might be "certbot renew" or "letsencrypt renew" or "/opt/eff.org/certbot/venv/bin/letsencrypt renew".
I test, recently My IspConfig installed is ISPConfig 3.1.11 /opt/eff.org/certbot/venv/bin/letsencrypt renew root@mail:~# opt/eff.org/certbot/venv/bin/letsencrypt renew -su: opt/eff.org/certbot/venv/bin/letsencrypt: No such file or directory And ... certbot-renew and lestencrypt-renew with same result Let me show you ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/laviruta.com.conf ------------------------------------------------------------------------------- Cert not yet due for renewal ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/tesauro.com.ar.conf ------------------------------------------------------------------------------- Cert not yet due for renewal The following certs are not due for renewal yet: /etc/letsencrypt/live/laviruta.com.ar/fullchain.pem (skipped) /etc/letsencrypt/live/tesauro.com.ar/fullchain.pem (skipped) No renewals were attempted. I don't have idea why Doesn't work Another additional package must be install ? I don't use Monitor package Thank again for your time Nestor Mazza
Ok if they are not yet renewable it means that you seem to have copied them manually to be used by postfix/dovecot instead of symlinking them. Check the ca_* entries in dovecot.conf and the certificate paths in main.cf of postfix, then check the files mentioned in there if they are matching the current ones in /etc/letsencrypt/live/laviruta.com