ispConf 3 - certbot - LetsEncrypt

Discussion in 'Installation/Configuration' started by kameleon1er, Jun 20, 2022.

  1. kameleon1er

    kameleon1er Member

    Hi back, in the perfect server guide Buster , I see nothing oabout certbot? I think it's not installed.
    May I use it directly from terminal or must use ispConf panel to reinitialize certs etc…
    Thanks.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig uses acme.sh now instead of certbot now and will download it automatically, so do not install certbot manually. Just follow the guide without adding anything! The only situation where certbot should be installed manually before you install ISPConfig if you plan to migrate an old system over to this new one and the old one uses certbot and you want to keep the certbot certificates.
     
    Th0m and kameleon1er like this.
  3. kameleon1er

    kameleon1er Member

    Ok, so I see error SSL in my conf
    Code:
    [Sun Jun 19 20:04:47.397136 2022] [ssl:error] [pid 25481] AH02604: Unable to configure certificate srv-b.democrasite.com:8080:0 for stapling
    [Sun Jun 19 20:04:47.397547 2022] [ssl:warn] [pid 25481] AH01906: srv-b.democrasite.com:8081:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Sun Jun 19 20:04:47.397566 2022] [ssl:warn] [pid 25481] AH01909: srv-b.democrasite.com:8081:0 server certificate does NOT include an ID which matches the server name
    [Sun Jun 19 20:04:47.397665 2022] [ssl:error] [pid 25481] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: [email protected],CN=democrasite,OU=dev,O=democrasite.com,L=Paris,ST=France,C=FR / issuer: [email protected],CN=democrasite,OU=dev,O=democrasite.com,L=Paris,ST=France,C=FR / serial: 5D
    If I check/uncheck SSL in admin panel, error is still there. What can I do ton solve the issue ?
     
  4. ahrasis

    ahrasis Well-Known Member

    To me, it is always best for newbies to use ISPConfig autoinstaller to setup new server though the tutorial is also good for learning process.

    The basic is to follow the LE Error FAQ to troubleshoot LE problems (and also to read Please read before posting!)
     
  5. kameleon1er

    kameleon1er Member

    Hi @ahrasis ,
    I installed ispConfig 2 years ago with debian 9, I didn't know there was an auto-installer. Since then I have upgraded to debian 10 and I think something went wrong. I can't get my mailboxes to work properly anymore.

    I'm trying to find the problem.

    Thanks for the link.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Then the best procedure is to post the error messages and describe exactly the errors. and not mentioning that this is a system that was upgraded and did work before was yeah, not really helpful, as it does not lead to a solution.

    Please post the exact errors that you get in mail.log when you access one of the mailboxes, the errors that you might get in the mail.log when you restart dovecot and postfix and the error that you get in your mail client when accessing the mailbox.
     
  7. ahrasis

    ahrasis Well-Known Member

    If this is an upgrade from Debian 9 and not a new install, you should also determine which LE client you were using before whether it is acme.sh or certbot as @till already mentioned above i.e. if
    .
    From my basic understanding you could be using certbot before but it is no longer working.

    If this is true, uninstall old certbot, install snap and use snap to install latest certbot, then force update ISPConfig to ensure your server LE certs are updated and linked to all other services.

    Retest your mail and adding LE ssl to your websites again thereafter. Troubleshoot by following the LE error FAQ if the same problems still exist.
     
    till likes this.
  8. kameleon1er

    kameleon1er Member

    maybe it's dumber than I thought. Looks like the problem is more in Thunderbird. Because if I send the same emails from roundcube, they go out and arrive fine if I well read :
    Code:
    Jun 20 20:47:27 srv-b postfix/smtpd[20912]: connect from localhost[127.0.0.1]
    Jun 20 20:47:27 srv-b postfix/smtpd[20912]: 8A3DE80D33: client=localhost[127.0.0.1]
    Jun 20 20:47:27 srv-b postfix/cleanup[20876]: 8A3DE80D33: message-id=<[email protected]>
    Jun 20 20:47:27 srv-b postfix/smtpd[20912]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
    Jun 20 20:47:27 srv-b postfix/qmgr[1290]: 8A3DE80D33: from=<[email protected]>, size=3674, nrcpt=1 (queue active)
    Jun 20 20:47:27 srv-b amavis[25487]: (25487-13) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] [80.11.30.178] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: d3ma0FYziE7k, Hits: -0.19, size: 3214, queued_as: 8A3DE80D33, dkim_sd=20210112:gmail.com, 13288 ms
    Jun 20 20:47:27 srv-b postfix/lmtp[20877]: 5283280D2F: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=13, delays=0.11/0/0.01/13, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 8A3DE80D33)
    Jun 20 20:47:27 srv-b postfix/qmgr[1290]: 5283280D2F: removed
    
    But then why would smtp sending be blocked only from my local computer?
    And another oddity, why did some emails sent yesterday during my tests only arrive today?

    An error in the master.cf file ? relayhost or something ?

    What do you think?
     
  9. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Show mail.log entries for one of those blocked e-mails. That should reveal what happens.
    Where they delayed in the mail queue? Examine the full e-mail headers for those e-mails, the received -lines shows at what time they were at which point in their travel.
     
  10. kameleon1er

    kameleon1er Member

    Hi, for the bloqued mail of yesterday, I have to search deeper…

    but in roundcube last test, from today seems to be ok > full headers :
    Code:
    Jun 20 20:46:54 srv-b postfix/smtpd[20654]: 99AB280D2F: client=localhost[::1], sasl_method=LOGIN, [email protected]
    Jun 20 20:46:54 srv-b postfix/cleanup[20876]: 99AB280D2F: message-id=<[email protected]>
    Jun 20 20:46:54 srv-b postfix/qmgr[1290]: 99AB280D2F: from=<[email protected]>, size=611, nrcpt=1 (queue active)
    Jun 20 20:46:54 srv-b postfix/smtpd[20654]: disconnect from localhost[::1] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
    Jun 20 20:46:54 srv-b dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=20879, secured, session=<L3FNNOfhrI4AAAAAAAAAAAAAAAAAAAAB>
    Jun 20 20:46:54 srv-b dovecot: imap([email protected])<20879><L3FNNOfhrI4AAAAAAAAAAAAAAAAAAAAB>: Logged out in=458 out=729 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
    Jun 20 20:46:55 srv-b postfix/smtpd[20882]: connect from localhost[127.0.0.1]
    Jun 20 20:46:55 srv-b postfix/smtpd[20882]: 2970980D33: client=localhost[127.0.0.1]
    Jun 20 20:46:55 srv-b postfix/cleanup[20876]: 2970980D33: message-id=<[email protected]>
    Jun 20 20:46:55 srv-b postfix/qmgr[1290]: 2970980D33: from=<[email protected]>, size=1553, nrcpt=1 (queue active)
    Jun 20 20:46:55 srv-b postfix/smtpd[20882]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
    Jun 20 20:46:55 srv-b amavis[25696]: (25696-12) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: Xn76GLcZrGWc, Hits: -1, size: 611, queued_as: 2970980D33, dkim_new=default:kameleon.fr, 461 ms
    Jun 20 20:46:55 srv-b postfix/lmtp[20877]: 99AB280D2F: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.65, delays=0.15/0.02/0.03/0.44, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as 2970980D33)
    
    in mails.logs :
    Code:
    Jun 20 20:46:54 srv-b postfix/smtpd[20654]: 99AB280D2F: client=localhost[::1], sasl_method=LOGIN, [email protected]
    Jun 20 20:46:54 srv-b postfix/cleanup[20876]: 99AB280D2F: message-id=<[email protected]>
    Jun 20 20:46:54 srv-b postfix/qmgr[1290]: 99AB280D2F: from=<[email protected]>, size=611, nrcpt=1 (queue active)
    Jun 20 20:46:54 srv-b postfix/smtpd[20654]: disconnect from localhost[::1] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
    Jun 20 20:46:54 srv-b dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=20879, secured, session=<L3FNNOfhrI4AAAAAAAAAAAAAAAAAAAAB>
    Jun 20 20:46:54 srv-b dovecot: imap([email protected])<20879><L3FNNOfhrI4AAAAAAAAAAAAAAAAAAAAB>: Logged out in=458 out=729 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
    Jun 20 20:46:55 srv-b postfix/smtpd[20882]: connect from localhost[127.0.0.1]
    Jun 20 20:46:55 srv-b postfix/smtpd[20882]: 2970980D33: client=localhost[127.0.0.1]
    Jun 20 20:46:55 srv-b postfix/cleanup[20876]: 2970980D33: message-id=<[email protected]>
    Jun 20 20:46:55 srv-b postfix/qmgr[1290]: 2970980D33: from=<[email protected]>, size=1553, nrcpt=1 (queue active)
    Jun 20 20:46:55 srv-b postfix/smtpd[20882]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
    Jun 20 20:46:55 srv-b amavis[25696]: (25696-12) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: Xn76GLcZrGWc, Hits: -1, size: 611, queued_as: 2970980D33, dkim_new=default:kameleon.fr, 461 ms
    Jun 20 20:46:55 srv-b postfix/lmtp[20877]: 99AB280D2F: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.65, delays=0.15/0.02/0.03/0.44, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as 2970980D33)
    
    I'll publish the blocked mails later. Thanks guys.
     

Share This Page