ISPconfig 3.1 mailserver certificate not built

Discussion in 'Installation/Configuration' started by kommid, Jul 28, 2022.

  1. kommid

    kommid New Member HowtoForge Supporter

    I seem to have a similar problem like in https://forum.howtoforge.com/threads/server-ssl-did-not-auto-update-expired.89225/ but on Debian 9. I followed the tutorial at https://www.howtoforge.com/tutorial...-9-stretch-apache-bind-dovecot-ispconfig-3-1/ to set up the server. Certbot is installed
    The server is used as a mailserver mainly, Outlook complains about expired certificates that expired July 27th 2022 and the ISPConfig control panel website shows a valid certificate which is valid from June 27th 2022. So it seems the Let's encrypt renewal works, but the newly issued certificates are not properly distributed to the mailserver.

    Test script output:
    Code:
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] OS version is Debian GNU/Linux 9.13 (stretch)
    
    [INFO] uptime:  09:02:31 up 63 days, 17:56,  1 user,  load average: 0,15, 0,10, 0,09
    
    [INFO] memory:
                  total        used        free      shared  buff/cache   available
    Mem:            11G        2,3G        1,4G        156M        8,1G        9,0G
    Swap:          3,7G         23M        3,7G
    
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.2.8p1
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.0.33-0+deb9u12
    [INFO] php-cgi (used for cgi php in default vhost!) is version 7.0.33
    [WARN] Your php-cgi in ' . /usr/bin/php-cgi . ' seems to be outdated and might contain known exploits.
    
    ##### PORT CHECK #####
    
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
            Apache 2 (PID 17364)
    [INFO] I found the following mail server(s):
            Postfix (PID 1483)
    [INFO] I found the following pop3 server(s):
            Dovecot (PID 835)
    [INFO] I found the following imap server(s):
            Dovecot (PID 835)
    [INFO] I found the following ftp server(s):
            PureFTP (PID 1808)
    
    ##### LISTENING PORTS #####
    Server)         ()
    Local           (Address)
    [anywhere]:993          (835/dovecot)
    [anywhere]:995          (835/dovecot)
    [localhost]:10023               (755/postgrey)
    [localhost]:10024               (1821/amavisd-new)
    [localhost]:10025               (1483/master)
    [localhost]:10026               (1821/amavisd-new)
    [localhost]:10027               (1483/master)
    [anywhere]:587          (1483/master)
    [localhost]:11211               (785/memcached)
    [anywhere]:110          (835/dovecot)
    [localhost]:783         (3926/perl)
    [anywhere]:143          (835/dovecot)
    [anywhere]:465          (1483/master)
    [anywhere]:21           (1808/pure-ftpd)
    ***.***.***.***:53              (779/named)
    [localhost]:53          (779/named)
    [anywhere]:22           (860/sshd)
    [anywhere]:25           (1483/master)
    [localhost]:953         (779/named)
    *:*:*:*::*:993          (835/dovecot)
    *:*:*:*::*:995          (835/dovecot)
    *:*:*:*::*:10023                (755/postgrey)
    *:*:*:*::*:10024                (1821/amavisd-new)
    *:*:*:*::*:10026                (1821/amavisd-new)
    *:*:*:*::*:3306         (938/mysqld)
    *:*:*:*::*:587          (1483/master)
    [localhost]10           (835/dovecot)
    *:*:*:*::*:783          (3926/perl)
    [localhost]43           (835/dovecot)
    *:*:*:*::*:80           (17364/apache2)
    *:*:*:*::*:8080         (17364/apache2)
    *:*:*:*::*:465          (1483/master)
    *:*:*:*::*:8081         (17364/apache2)
    *:*:*:*::*:21           (1808/pure-ftpd)
    *:*:*:*::*:53           (779/named)
    *:*:*:*::*:22           (860/sshd)
    *:*:*:*::*:25           (1483/master)
    *:*:*:*::*:953          (779/named)
    *:*:*:*::*:443          (17364/apache2)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    f2b-postfix-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25
    f2b-dovecot  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 110,995,143,993,587,465,4190
    f2b-pure-ftpd  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 21
    f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain f2b-dovecot (1 references)
    target     prot opt source               destination
    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    f2b-postfix-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25
    f2b-dovecot  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 110,995,143,993,587,465,4190
    f2b-pure-ftpd  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 21
    f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain f2b-dovecot (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain f2b-postfix-sasl (1 references)
    target     prot opt source               destination
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***          [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain f2b-pure-ftpd (1 references)
    target     prot opt source               destination
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    Chain f2b-sshd (1 references)
    target     prot opt source               destination
    REJECT     all  --  ***.***.***.***          [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***        [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***       [anywhere]/0            reject-with icmp-port-unreachable
    REJECT     all  --  ***.***.***.***         [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0
    
    
    
    
    ##### LET'S ENCRYPT #####
    Certbot is installed in /usr/bin/letsencrypt
    
    
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Try to restart postfix and dovecot.
     
  3. kommid

    kommid New Member HowtoForge Supporter

    should have thought about this myself :rolleyes: - restarting services did the job. Thank you
     

Share This Page