Hi Chaps I have just done the upgrade, had a few issues i did all services re-configure, basically followed all defaults went wellish had issues with SSL certs so apache would not start, have solved that. main issue now is all mail sending or receiving is stuck in the mail que. Mail does not get delivered to local mailboxes and outgoing mail stays in the mail que all services are running: mail accounts can login with po3 and imap with squirrel mail am really stuck, it all seems to be running fine, just mail stays in mail que i have added all my configs and checks in the attached file any help moocho appriciated , have been banging my head on this for a while, i must be real close cheers Pete
Take a look at the mail.log file and post the errors that you get there when you send or receive a email.
hi for sure the server is receive email, mail que is getting really big these are the logs with tag error: looks like SSL issue? anyway thanks for having a look Oct 24 11:12:22 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:12:22 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<VAaFURfPorRRZRUy> Oct 24 11:12:27 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:12:27 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<8+7TURfPpLRRZRUy> Oct 24 11:12:27 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:12:27 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<6xLUURfPprRRZRUy> Oct 24 11:12:29 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:12:29 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:12:29 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<xbD3URfPqLRRZRUy> Oct 24 11:12:29 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<67D3URfPqrRRZRUy> Oct 24 11:12:35 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:12:35 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<YdRTUhfPrrRRZRUy> Oct 24 11:12:35 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:12:35 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<g/hTUhfPrLRRZRUy> Oct 24 11:12:41 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:12:41 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<Uu2uUhfPsLRRZRUy> Oct 24 11:12:47 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:12:47 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<tRoEUxfPsrRRZRUy> Oct 24 11:18:28 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 24 11:18:28 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.110.62, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<CZpYZxfPUCgBf24+> Oct 24 11:18:37 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 24 11:18:37 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.110.62, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<OoDjZxfP+9IBf24+> Oct 24 11:18:45 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 24 11:18:45 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.110.62, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<d+JSaBfPAzYBf24+> Oct 24 11:18:46 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 24 11:18:46 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.110.62, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<lLpraBfPgSkBf24+> Oct 24 11:27:22 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:27:22 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<OmYshxfP+rRRZRUy> Oct 24 11:27:22 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:27:22 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<JhcvhxfP/LRRZRUy> Oct 24 11:27:22 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:27:22 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<kCgyhxfP/rRRZRUy> Oct 24 11:27:23 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:27:23 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<ZmQ1hxfPALVRZRUy> Oct 24 11:43:41 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:43:41 server8 dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<g5p/wRfPCrVRZRUy> Oct 24 11:43:41 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:43:41 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<LoyCwRfPDLVRZRUy> Oct 24 11:43:41 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:43:41 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<WbmFwRfPDrVRZRUy> Oct 24 11:43:41 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:43:41 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<cqCIwRfPELVRZRUy> Oct 24 11:58:52 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:58:52 server8 dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<JzzL9xfPLLVRZRUy> Oct 24 11:58:52 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:58:52 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<YqbO9xfPLrVRZRUy> Oct 24 11:58:52 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:58:52 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<Q6PR9xfPMLVRZRUy> Oct 24 11:58:52 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 11:58:52 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<Px3U9xfPMrVRZRUy> Oct 24 12:10:01 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 24 12:10:01 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.106.75, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<blO0HxjP7lsBf2pL> Oct 24 12:10:15 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 24 12:10:15 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.106.75, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<1UuGIBjPoakBf2pL> Oct 24 12:14:39 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 12:14:39 server8 dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<fg4+MBjPQrVRZRUy> Oct 24 12:14:39 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 12:14:39 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<fxNBMBjPRLVRZRUy> Oct 24 12:14:39 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 12:14:39 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<lQBEMBjPRrVRZRUy> Oct 24 12:14:39 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 12:14:39 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<37tGMBjPSLVRZRUy> Oct 24 12:29:40 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 12:29:40 server8 dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<vD/yZRjPfLVRZRUy> Oct 24 12:29:40 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 12:29:40 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<sFj1ZRjPfrVRZRUy> Oct 24 12:29:40 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 12:29:40 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<LaP5ZRjPgLVRZRUy> Oct 24 12:29:40 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46 Oct 24 12:29:40 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<eij9ZRjPgrVRZRUy> Oct 24 12:50:52 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 24 12:50:52 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.111.69, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<lELRsRjPa0UBf29F> Oct 24 12:51:24 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 24 12:51:24 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.111.69, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<MEKssxjPhLEBf29F> Oct 24 12:52:29 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 24 12:52:29 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=128.14.133.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<foKWtxjPZuiADoUy> Oct 24 12:52:30 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number Oct 24 12:52:30 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=128.14.133.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<u6CetxjP4uqADoUy> Oct 24 12:52:30 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 24 12:52:30 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=128.14.133.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<Ox6ntxjPnuyADoUy> Oct 24 13:31:12 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 24 13:31:12 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.106.58, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<WiIMQhnPqsYBf2o6> Oct 24 13:31:49 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 24 13:31:49 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.106.58, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<XRo9RBnPPqYBf2o6>
Do an ISPConfig update and choose that ISPConfig shall create a new SSL cert during update to get a valid cert for all services again.
i have done this few times here is the output Creating backup of "/usr/local/ispconfig" directory... Creating backup of "/etc" directory... mysqldump: [Warning] Using a password on the command line interface can be insecure. Checking ISPConfig database .. mysqlcheck: [Warning] Using a password on the command line interface can be insecure. OK mysql: [Warning] Using a password on the command line interface can be insecure. Starting incremental database update. Loading SQL patch file: /tmp/update_runner.sh.RLqoPNCAVc/install/sql/incremental/upd_dev_collection.sql Reconfigure Permissions in master database? (yes,no) [no]: Service 'dns_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]: Reconfigure Services? (yes,no,selected) [yes]: Configuring Postfix Configuring Dovecot Configuring Spamassassin Configuring Amavisd Configuring Getmail Configuring Pureftpd Configuring Apache Configuring vlogger Configuring Apps vhost Configuring Jailkit Configuring Ubuntu Firewall Configuring Database Updating ISPConfig ISPConfig Port [8080]: Create new ISPConfig SSL certificate (yes,no) [no]: yes Checking / creating certificate for server8.redcloudtech.com.au Using certificate path /etc/letsencrypt/live/server8.redcloudtech.com.au Using apache for certificate validation Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Cert not yet due for renewal Keeping the existing certificate PHP Warning: symlink(): File exists in /tmp/update_runner.sh.RLqoPNCAVc/install/lib/installer_base.lib.php on line 3135 PHP Warning: symlink(): File exists in /tmp/update_runner.sh.RLqoPNCAVc/install/lib/installer_base.lib.php on line 3136 Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: y Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: Reconfigure Crontab? (yes,no) [yes]: Updating Crontab Restarting services ... Update finished.
Ok, did youi change something manually in regard to the ISPconfig SSL certs? Please post the result of: ls -la /usr/local/ispconfig/interface/ssl/
ok no worries thanks again for having a look into this: total 96 drwxr-x--- 2 root root 4096 Oct 24 15:51 . drwxr-x--- 9 ispconfig ispconfig 4096 Dec 3 2016 .. -rwxr-x--- 1 root root 45 Oct 24 15:52 empty.dir -rwxr-x--- 1 root root 5974 Oct 24 10:52 ispserver.crt lrwxrwxrwx 1 root root 63 Mar 20 2017 ispserver.crt-20211024092608.bak -> /etc/letsencrypt/live/server8.redcloudtech.com.au/fullchain.pem -rwxr-x--- 1 root root 5974 Oct 24 15:51 ispserver.crt-20211024155155.bak -rwxr-x--- 1 root root 2191 Mar 20 2017 ispserver.crt.old.20170320141358 -rwxr-x--- 1 root root 1785 Mar 20 2017 ispserver.csr.old.20170320141358 -rwxr-x--- 1 root root 3272 Oct 24 10:52 ispserver.key lrwxrwxrwx 1 root root 61 Mar 20 2017 ispserver.key-20211024092608.bak -> /etc/letsencrypt/live/server8.redcloudtech.com.au/privkey.pem -rwxr-x--- 1 root root 3272 Oct 24 15:51 ispserver.key-20211024155155.bak -rwxr-x--- 1 root root 3243 Mar 20 2017 ispserver.key.old.20170320141358 -rwxr-x--- 1 root root 3311 Mar 20 2017 ispserver.key.secure.old.20170320141358 -rwxr-x--- 1 root root 9246 Oct 24 15:51 ispserver.pem -rwxr-x--- 1 root root 9246 Oct 24 10:52 ispserver.pem-20211024105250.bak -rwxr-x--- 1 root root 9246 Oct 24 15:51 ispserver.pem-20211024155155.bak
oops just understood you are asking if I changed something manually, yes I believe so, but it was a while ago, could not say i for sure did, as i am just a hack, who would have copied and pasted from this forum I was having lots of probs with certbot and letencrypt, and i did end up uninstalling and reinstalling it
First, check if these files are there and contain a valid LE cert: /etc/letsencrypt/live/server8.redcloudtech.com.au/fullchain.pem /etc/letsencrypt/live/server8.redcloudtech.com.au/privkey.pem if that's the case, then replace ispserver.crt with a symlink to /etc/letsencrypt/live/server8.redcloudtech.com.au/fullchain.pem and ispserver.key with a symlink to /etc/letsencrypt/live/server8.redcloudtech.com.au/privkey.pem Then restart postfix, dovecot and apache or nginx.
/etc/letsencrypt/live/server8.redcloudtech.com.au/fullchain.pem is a symlink to /etc/letsencrypt/archive/server8.redcloudtech.com.au/fullchain1.pem which is an empty zero byte file /etc/letsencrypt/live/server8.redcloudtech.com.au/privkey.pem is a symlink to /etc/letsencrypt/archive/server8.redcloudtech.com.au/privkey1.pem which is an empgy zero byte file in /etc/letsencrypt/archive/server8.redcloudtech.com.au/ there is two other files cert1.pem and chain1.pem /usr/local/ispconfig/interface/ssl has ispserver.crt and ispserver.key when i go browser to server8.redcloudtech.com.au:8080 i do get a valid cert hmmm am completely stuck any ideas ???
Ok, this explains why the mail system has no SSL. There must be another let#s encrypt cert then I guess, try: ls -la /etc/letsencrypt/live/server8.redcloudtech.com.au* to see if there is one. This can't be the case unless you manually edited the ISPConfig vhost instead of correcting the broken main SSL certificate. Please check the ispconfig.vhost file to see which SSL cert the webserver is loading. Might be when the whole mails system is down.
ispconfig.vhost # SSL Configuration SSLEngine On SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1 SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key these are actual files and not system links, i did make them system links like you asked, but after re running the upgrade again they are now files root@server8:~# ls -la /etc/letsencrypt/live/server8.redcloudtech.com.au* /etc/letsencrypt/live/server8.redcloudtech.com.au: total 12 drwxr-xr-x 2 root root 4096 Oct 24 09:26 . drwx------ 20 root root 4096 Oct 25 00:28 .. lrwxrwxrwx 1 root root 51 Oct 24 09:26 cert.pem -> ../../archive/server8.redcloudtech.com.au/cert1.pem lrwxrwxrwx 1 root root 52 Oct 24 09:26 chain.pem -> ../../archive/server8.redcloudtech.com.au/chain1.pem lrwxrwxrwx 1 root root 56 Oct 24 09:26 fullchain.pem -> ../../archive/server8.redcloudtech.com.au/fullchain1.pem lrwxrwxrwx 1 root root 54 Oct 24 09:26 privkey.pem -> ../../archive/server8.redcloudtech.com.au/privkey1.pem -rw-r--r-- 1 root root 692 Oct 24 09:26 README /etc/letsencrypt/live/server8.redcloudtech.com.au-0001: total 16 drwxr-xr-x 2 root root 4096 Oct 24 21:17 . drwx------ 20 root root 4096 Oct 25 00:28 .. lrwxrwxrwx 1 root root 56 Oct 24 21:17 cert.pem -> ../../archive/server8.redcloudtech.com.au-0001/cert1.pem lrwxrwxrwx 1 root root 57 Oct 24 21:17 chain.pem -> ../../archive/server8.redcloudtech.com.au-0001/chain1.pem lrwxrwxrwx 1 root root 61 Oct 24 21:17 fullchain.pem -> ../../archive/server8.redcloudtech.com.au-0001/fullchain1.pem lrwxrwxrwx 1 root root 59 Oct 24 21:17 privkey.pem -> ../../archive/server8.redcloudtech.com.au-0001/privkey1.pem -rw-r--r-- 1 root root 692 Oct 24 21:17 README i tied to do the manual ssl setup last night. by following https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/ so i did create a server8.redcloudtech.com.au website and a mail.redcloudtech.com.au with an smtp.redcloudtech.com.au alias domain, they are all valid and work. after doing this dovecot refused to load, so i ran ispconfig upgrade again which got dovcot working again however same problem, all services are working, local mail in the mail que does not get delivered and outgoing mail does not get sent, all mail stays in the mail queue for sure server8.redcloudtech.com.au:8080 works with a valid ssl cert when you browse to it postfix= main.cf # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache /etc/postfix smtpd.cert is a system link to usr/local/ispconfig/interface/ssl/ispserver.crt smtpd.key is a system link to /usr/local/ispconfig/interface/ssl/ispserver.key i am really stuck here, is there any way i can reset this, to work, even with out ssl. I have people complaining about email not working, I know i am a muppet, never should have upgraded, i should have created another server and migrated, like i did last time.
Upgrading is not a problem at all, I'm upgrading all my systems for years now, some of them starting from the earliest ISPConfig 3.0 beta, without any issues. Your problem is not an upgrade issue, something in your certbot install got broken which now results in wrong or empty cert files which cause parts of your system to go down and due to the broken certbot setup, ISPConfig updater is not being able to repair that on its own. Do the files in /etc/letsencrypt/live/server8.redcloudtech.com.au-0001/ contain the current SSL certs? If yes, point the files in /usr/local/ispconfig/interface/ssl/ to them via symlink.
yes they do ish /etc/letsencrypt/live/server8.redcloudtech.com.au-0001/ has syslinks to /etc/letsencrypt/archive/server8.redcloudtech.com.au-000/ which does have the certs in they where created when i made the server8.redcloudtech.com.au website in ispconfig i created system links in /usr/local/ispconfig/interface/ssl/ ln -s /etc/letsencrypt/live/server8.redcloudtech.com.au-0001/fullchain.pem ispserver.crt ln -s /etc/letsencrypt/live/server8.redcloudtech.com.au-0001/privkey.pem ispserver.key and rebooted the server still no luck I clearly don't have the skills to solve this, do you guys have a premium paid service, for someone like ya self to login and do the magic? I am so stuck here, Plus again thanx for your help so far
If you restart postfix, does it print any errors about the certificate files? Do you have any custom templates under /usr/local/ispconfig/server/conf-custom/install/ ? What does 'certbot certificates' output?
no errors on postfix restart also have posted result of systemctl status postfix root@server8:~# systemctl restart postfix root@server8:~# systemctl status postfix ● postfix.service - LSB: Postfix Mail Transport Agent Loaded: loaded (/etc/init.d/postfix; bad; vendor preset: enabled) Drop-In: /run/systemd/generator/postfix.service.d └─50-postfix-$mail-transport-agent.conf Active: active (running) since Mon 2021-10-25 13:59:35 UTC; 6s ago Docs: man:systemd-sysv-generator(8) Process: 28749 ExecStop=/etc/init.d/postfix stop (code=exited, status=0/SUCCESS) Process: 28781 ExecStart=/etc/init.d/postfix start (code=exited, status=0/SUCCESS) CGroup: /system.slice/postfix.service ├─28902 /usr/lib/postfix/sbin/master └─28903 pickup -l -t unix -u -c Oct 25 13:59:35 server8.redcloudtech.com.au postfix[28865]: Postfix is running with backwards-compatible default settings Oct 25 13:59:35 server8.redcloudtech.com.au postfix[28865]: See http://www.postfix.org/COMPATIBILITY_README.html for details Oct 25 13:59:35 server8.redcloudtech.com.au postfix[28865]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload" Oct 25 13:59:35 server8.redcloudtech.com.au postfix[28781]: ...done. Oct 25 13:59:35 server8.redcloudtech.com.au systemd[1]: Started LSB: Postfix Mail Transport Agent. Oct 25 13:59:35 server8.redcloudtech.com.au postfix/master[28902]: /etc/postfix/master.cf: line 138: using backwards-compatible default setting chroot=y Oct 25 13:59:35 server8.redcloudtech.com.au postfix/master[28902]: daemon started -- version 3.1.0, configuration /etc/postfix Oct 25 13:59:35 server8.redcloudtech.com.au postfix/qmgr[28904]: fatal: bad numerical configuration: default_destination_recipient_limit = 50smtpd_reject_unli Oct 25 13:59:36 server8.redcloudtech.com.au postfix/master[28902]: warning: process /usr/lib/postfix/sbin/qmgr pid 28904 exit status 1 Oct 25 13:59:36 server8.redcloudtech.com.au postfix/master[28902]: warning: /usr/lib/postfix/sbin/qmgr: bad command startup -- throttling /usr/local/ispconfig/server/conf-custom/install/ is an empty directory out put from certbot certificates Found the following certs: Certificate Name: alexbaboulene.com Domains: www.psychologysussex.uk alexbaboulene.com psychologysussex.uk www.alexbaboulene.com Expiry Date: 2022-01-21 16:54:07+00:00 (VALID: 88 days) Certificate Path: /etc/letsencrypt/live/alexbaboulene.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/alexbaboulene.com/privkey.pem Certificate Name: alphadentalcare.co.uk Domains: www.alphadentalcare.co.uk alphadentalcare.co.uk Expiry Date: 2022-01-21 16:40:09+00:00 (VALID: 88 days) Certificate Path: /etc/letsencrypt/live/alphadentalcare.co.uk/fullchain.pem Private Key Path: /etc/letsencrypt/live/alphadentalcare.co.uk/privkey.pem Certificate Name: danbaboulene.com Domains: www.danbaboulene.com danbaboulene.com Expiry Date: 2022-01-21 16:32:07+00:00 (VALID: 88 days) Certificate Path: /etc/letsencrypt/live/danbaboulene.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/danbaboulene.com/privkey.pem Certificate Name: eternitycaravansrockingham.com.au Domains: www.eternitycaravansperth.com.au eternitycaravansperth.com.au eternitycaravansrockingham.com.au pertheternitycaravans.com.au www.eternitycaravansrockingham.com.au www.pertheternitycaravans.com.au Expiry Date: 2022-01-21 16:38:39+00:00 (VALID: 88 days) Certificate Path: /etc/letsencrypt/live/eternitycaravansrockingham.com.au/fullchain.pem Private Key Path: /etc/letsencrypt/live/eternitycaravansrockingham.com.au/privkey.pem Certificate Name: filmscores.uk Domains: www.filmscores.uk filmscores.uk Expiry Date: 2022-01-21 16:47:08+00:00 (VALID: 88 days) Certificate Path: /etc/letsencrypt/live/filmscores.uk/fullchain.pem Private Key Path: /etc/letsencrypt/live/filmscores.uk/privkey.pem Certificate Name: fremantlemobilemechanic.com Domains: www.fremantlemobilemechanic.com fremantlemobilemechanic.com Expiry Date: 2022-01-22 21:49:18+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/fremantlemobilemechanic.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/fremantlemobilemechanic.com/privkey.pem Certificate Name: gnaraloo.com Domains: www.gnaraloo.com gnaraloo.com gnaraloo.com.au www.gnaraloo.com.au Expiry Date: 2022-01-21 16:42:11+00:00 (VALID: 88 days) Certificate Path: /etc/letsencrypt/live/gnaraloo.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/gnaraloo.com/privkey.pem Certificate Name: kitehighschool.com.au Domains: www.kitehighschool.com.au kitehighschool.com.au Expiry Date: 2022-01-21 16:38:20+00:00 (VALID: 88 days) Certificate Path: /etc/letsencrypt/live/kitehighschool.com.au/fullchain.pem Private Key Path: /etc/letsencrypt/live/kitehighschool.com.au/privkey.pem Certificate Name: mail.redcloudtech.com.au Domains: smtp.redcloudtech.com.au mail.redcloudtech.com.au Expiry Date: 2022-01-22 23:31:08+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/mail.redcloudtech.com.au/fullchain.pem Private Key Path: /etc/letsencrypt/live/mail.redcloudtech.com.au/privkey.pem Certificate Name: pipeforce.com.au Domains: pipeforce.com.au www.pipeforce.com.au Expiry Date: 2022-01-22 21:49:42+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/pipeforce.com.au/fullchain.pem Private Key Path: /etc/letsencrypt/live/pipeforce.com.au/privkey.pem Certificate Name: psychology-associates.com Domains: www.psychology-associates.com psychology-associates.com Expiry Date: 2022-01-21 16:38:10+00:00 (VALID: 88 days) Certificate Path: /etc/letsencrypt/live/psychology-associates.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/psychology-associates.com/privkey.pem Certificate Name: psychologysussex.com Domains: www.sussexpsychologyservices.uk childpsychologysussex.com childpsychologysussex.uk psychologysussex.co.uk psychologysussex.com sussexpsychology.uk sussexpsychologyservices.com sussexpsychologyservices.uk www.childpsychologysussex.com www.childpsychologysussex.uk www.psychologysussex.co.uk www.psychologysussex.com www.sussexpsychology.uk www.sussexpsychologyservices.com Expiry Date: 2022-01-21 16:36:21+00:00 (VALID: 88 days) Certificate Path: /etc/letsencrypt/live/psychologysussex.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/psychologysussex.com/privkey.pem Certificate Name: redcloudtech.com.au Domains: redcloudtech.com.au www.redcloudtech.com.au Expiry Date: 2022-01-21 16:39:12+00:00 (VALID: 88 days) Certificate Path: /etc/letsencrypt/live/redcloudtech.com.au/fullchain.pem Private Key Path: /etc/letsencrypt/live/redcloudtech.com.au/privkey.pem Certificate Name: registrations.delphidistributors.com.au Domains: registrations.delphidistributors.com.au Expiry Date: 2022-01-21 16:50:10+00:00 (VALID: 88 days) Certificate Path: /etc/letsencrypt/live/registrations.delphidistributors.com.au/fullchain.pem Private Key Path: /etc/letsencrypt/live/registrations.delphidistributors.com.au/privkey.pem Certificate Name: server8.redcloudtech.com.au-0001 Domains: server8.redcloudtech.com.au Expiry Date: 2022-01-22 20:17:04+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/server8.redcloudtech.com.au-0001/fullchain.pem Private Key Path: /etc/letsencrypt/live/server8.redcloudtech.com.au-0001/privkey.pem Certificate Name: server8.redcloudtech.com.au Domains: server8.redcloudtech.com.au Expiry Date: 2022-01-22 20:17:04+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/server8.redcloudtech.com.au/fullchain.pem Private Key Path: /etc/letsencrypt/live/server8.redcloudtech.com.au/privkey.pem Certificate Name: skypixels.com.au Domains: www.skypixels.com.au skypixels.com.au Expiry Date: 2022-01-21 16:39:23+00:00 (VALID: 88 days) Certificate Path: /etc/letsencrypt/live/skypixels.com.au/fullchain.pem Private Key Path: /etc/letsencrypt/live/skypixels.com.au/privkey.pem Certificate Name: soteriabrighton.co.uk Domains: www.soteriabrighton.co.uk soteriabrighton.co.uk Expiry Date: 2022-01-21 16:39:33+00:00 (VALID: 88 days) Certificate Path: /etc/letsencrypt/live/soteriabrighton.co.uk/fullchain.pem Private Key Path: /etc/letsencrypt/live/soteriabrighton.co.uk/privkey.pem all the websites are working fine