ispconfig 3.1 to 3.2 upgrade dovecot/postfix issues

Discussion in 'Installation/Configuration' started by vwpete, Oct 24, 2021.

  1. vwpete

    vwpete Member

    Hi Chaps

    I have just done the upgrade, had a few issues i did all services re-configure, basically followed all defaults
    went wellish

    had issues with SSL certs so apache would not start, have solved that.

    main issue now is all mail sending or receiving is stuck in the mail que.

    Mail does not get delivered to local mailboxes and outgoing mail stays in the mail que
    all services are running:

    mail accounts can login with po3 and imap with squirrel mail

    am really stuck, it all seems to be running fine, just mail stays in mail que

    i have added all my configs and checks in the attached file

    any help moocho appriciated , have been banging my head on this for a while, i must be real close


    cheers

    Pete
     

    Attached Files:

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Take a look at the mail.log file and post the errors that you get there when you send or receive a email.
     
  3. vwpete

    vwpete Member

    hi

    for sure the server is receive email, mail que is getting really big :)

    these are the logs with tag error:
    looks like SSL issue?

    anyway thanks for having a look

    Oct 24 11:12:22 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:12:22 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<VAaFURfPorRRZRUy>
    Oct 24 11:12:27 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:12:27 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<8+7TURfPpLRRZRUy>
    Oct 24 11:12:27 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:12:27 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<6xLUURfPprRRZRUy>
    Oct 24 11:12:29 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:12:29 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:12:29 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<xbD3URfPqLRRZRUy>
    Oct 24 11:12:29 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<67D3URfPqrRRZRUy>
    Oct 24 11:12:35 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:12:35 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<YdRTUhfPrrRRZRUy>
    Oct 24 11:12:35 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:12:35 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<g/hTUhfPrLRRZRUy>
    Oct 24 11:12:41 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:12:41 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<Uu2uUhfPsLRRZRUy>
    Oct 24 11:12:47 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:12:47 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<tRoEUxfPsrRRZRUy>
    Oct 24 11:18:28 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
    Oct 24 11:18:28 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.110.62, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<CZpYZxfPUCgBf24+>
    Oct 24 11:18:37 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
    Oct 24 11:18:37 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.110.62, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<OoDjZxfP+9IBf24+>
    Oct 24 11:18:45 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
    Oct 24 11:18:45 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.110.62, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<d+JSaBfPAzYBf24+>
    Oct 24 11:18:46 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
    Oct 24 11:18:46 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.110.62, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<lLpraBfPgSkBf24+>
    Oct 24 11:27:22 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:27:22 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<OmYshxfP+rRRZRUy>
    Oct 24 11:27:22 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:27:22 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<JhcvhxfP/LRRZRUy>
    Oct 24 11:27:22 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:27:22 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<kCgyhxfP/rRRZRUy>
    Oct 24 11:27:23 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:27:23 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<ZmQ1hxfPALVRZRUy>
    Oct 24 11:43:41 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:43:41 server8 dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<g5p/wRfPCrVRZRUy>
    Oct 24 11:43:41 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:43:41 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<LoyCwRfPDLVRZRUy>
    Oct 24 11:43:41 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:43:41 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<WbmFwRfPDrVRZRUy>
    Oct 24 11:43:41 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:43:41 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<cqCIwRfPELVRZRUy>
    Oct 24 11:58:52 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:58:52 server8 dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<JzzL9xfPLLVRZRUy>
    Oct 24 11:58:52 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:58:52 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<YqbO9xfPLrVRZRUy>
    Oct 24 11:58:52 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:58:52 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<Q6PR9xfPMLVRZRUy>
    Oct 24 11:58:52 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 11:58:52 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<Px3U9xfPMrVRZRUy>
    Oct 24 12:10:01 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
    Oct 24 12:10:01 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.106.75, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<blO0HxjP7lsBf2pL>
    Oct 24 12:10:15 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
    Oct 24 12:10:15 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.106.75, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<1UuGIBjPoakBf2pL>
    Oct 24 12:14:39 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 12:14:39 server8 dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<fg4+MBjPQrVRZRUy>
    Oct 24 12:14:39 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 12:14:39 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<fxNBMBjPRLVRZRUy>
    Oct 24 12:14:39 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 12:14:39 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<lQBEMBjPRrVRZRUy>
    Oct 24 12:14:39 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 12:14:39 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<37tGMBjPSLVRZRUy>
    Oct 24 12:29:40 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 12:29:40 server8 dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<vD/yZRjPfLVRZRUy>
    Oct 24 12:29:40 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 12:29:40 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<sFj1ZRjPfrVRZRUy>
    Oct 24 12:29:40 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 12:29:40 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<LaP5ZRjPgLVRZRUy>
    Oct 24 12:29:40 server8 dovecot: imap-login: Error: SSL: Stacked error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46
    Oct 24 12:29:40 server8 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=81.101.21.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<eij9ZRjPgrVRZRUy>
    Oct 24 12:50:52 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
    Oct 24 12:50:52 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.111.69, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<lELRsRjPa0UBf29F>
    Oct 24 12:51:24 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
    Oct 24 12:51:24 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.111.69, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<MEKssxjPhLEBf29F>
    Oct 24 12:52:29 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
    Oct 24 12:52:29 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=128.14.133.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<foKWtxjPZuiADoUy>
    Oct 24 12:52:30 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
    Oct 24 12:52:30 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=128.14.133.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<u6CetxjP4uqADoUy>
    Oct 24 12:52:30 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
    Oct 24 12:52:30 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=128.14.133.50, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<Ox6ntxjPnuyADoUy>
    Oct 24 13:31:12 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
    Oct 24 13:31:12 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.106.58, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<WiIMQhnPqsYBf2o6>
    Oct 24 13:31:49 server8 dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
    Oct 24 13:31:49 server8 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.127.106.58, lip=213.168.250.142, TLS handshaking: SSL_accept() failed: Unknown error, session=<XRo9RBnPPqYBf2o6>
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Do an ISPConfig update and choose that ISPConfig shall create a new SSL cert during update to get a valid cert for all services again.
     
  5. vwpete

    vwpete Member

    i have done this few times here is the output

    Creating backup of "/usr/local/ispconfig" directory...
    Creating backup of "/etc" directory...
    mysqldump: [Warning] Using a password on the command line interface can be insecure.
    Checking ISPConfig database .. mysqlcheck: [Warning] Using a password on the command line interface can be insecure.
    OK
    mysql: [Warning] Using a password on the command line interface can be insecure.
    Starting incremental database update.
    Loading SQL patch file: /tmp/update_runner.sh.RLqoPNCAVc/install/sql/incremental/upd_dev_collection.sql
    Reconfigure Permissions in master database? (yes,no) [no]:

    Service 'dns_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]:

    Reconfigure Services? (yes,no,selected) [yes]:

    Configuring Postfix
    Configuring Dovecot
    Configuring Spamassassin
    Configuring Amavisd
    Configuring Getmail
    Configuring Pureftpd
    Configuring Apache
    Configuring vlogger
    Configuring Apps vhost
    Configuring Jailkit
    Configuring Ubuntu Firewall
    Configuring Database
    Updating ISPConfig
    ISPConfig Port [8080]:

    Create new ISPConfig SSL certificate (yes,no) [no]: yes

    Checking / creating certificate for server8.redcloudtech.com.au
    Using certificate path /etc/letsencrypt/live/server8.redcloudtech.com.au
    Using apache for certificate validation
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator webroot, Installer None
    Cert not yet due for renewal
    Keeping the existing certificate
    PHP Warning: symlink(): File exists in /tmp/update_runner.sh.RLqoPNCAVc/install/lib/installer_base.lib.php on line 3135
    PHP Warning: symlink(): File exists in /tmp/update_runner.sh.RLqoPNCAVc/install/lib/installer_base.lib.php on line 3136
    Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: y

    Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]:

    Reconfigure Crontab? (yes,no) [yes]:

    Updating Crontab
    Restarting services ...
    Update finished.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, did youi change something manually in regard to the ISPconfig SSL certs? Please post the result of:

    ls -la /usr/local/ispconfig/interface/ssl/
     
  7. vwpete

    vwpete Member

    ok no worries
    thanks again for having a look into this:


    total 96
    drwxr-x--- 2 root root 4096 Oct 24 15:51 .
    drwxr-x--- 9 ispconfig ispconfig 4096 Dec 3 2016 ..
    -rwxr-x--- 1 root root 45 Oct 24 15:52 empty.dir
    -rwxr-x--- 1 root root 5974 Oct 24 10:52 ispserver.crt
    lrwxrwxrwx 1 root root 63 Mar 20 2017 ispserver.crt-20211024092608.bak -> /etc/letsencrypt/live/server8.redcloudtech.com.au/fullchain.pem
    -rwxr-x--- 1 root root 5974 Oct 24 15:51 ispserver.crt-20211024155155.bak
    -rwxr-x--- 1 root root 2191 Mar 20 2017 ispserver.crt.old.20170320141358
    -rwxr-x--- 1 root root 1785 Mar 20 2017 ispserver.csr.old.20170320141358
    -rwxr-x--- 1 root root 3272 Oct 24 10:52 ispserver.key
    lrwxrwxrwx 1 root root 61 Mar 20 2017 ispserver.key-20211024092608.bak -> /etc/letsencrypt/live/server8.redcloudtech.com.au/privkey.pem
    -rwxr-x--- 1 root root 3272 Oct 24 15:51 ispserver.key-20211024155155.bak
    -rwxr-x--- 1 root root 3243 Mar 20 2017 ispserver.key.old.20170320141358
    -rwxr-x--- 1 root root 3311 Mar 20 2017 ispserver.key.secure.old.20170320141358
    -rwxr-x--- 1 root root 9246 Oct 24 15:51 ispserver.pem
    -rwxr-x--- 1 root root 9246 Oct 24 10:52 ispserver.pem-20211024105250.bak
    -rwxr-x--- 1 root root 9246 Oct 24 15:51 ispserver.pem-20211024155155.bak
     
  8. vwpete

    vwpete Member

    oops just understood you are asking if I changed something manually, yes I believe so, but it was a while ago, could not say i for sure did, as i am just a hack, who would have copied and pasted from this forum

    I was having lots of probs with certbot and letencrypt, and i did end up uninstalling and reinstalling it
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    First, check if these files are there and contain a valid LE cert:

    /etc/letsencrypt/live/server8.redcloudtech.com.au/fullchain.pem
    /etc/letsencrypt/live/server8.redcloudtech.com.au/privkey.pem

    if that's the case, then replace ispserver.crt with a symlink to /etc/letsencrypt/live/server8.redcloudtech.com.au/fullchain.pem and ispserver.key with a symlink to /etc/letsencrypt/live/server8.redcloudtech.com.au/privkey.pem

    Then restart postfix, dovecot and apache or nginx.
     
  10. vwpete

    vwpete Member

    /etc/letsencrypt/live/server8.redcloudtech.com.au/fullchain.pem is a symlink to
    /etc/letsencrypt/archive/server8.redcloudtech.com.au/fullchain1.pem which is an empty zero byte file

    /etc/letsencrypt/live/server8.redcloudtech.com.au/privkey.pem is a symlink to
    /etc/letsencrypt/archive/server8.redcloudtech.com.au/privkey1.pem which is an empgy zero byte file

    in /etc/letsencrypt/archive/server8.redcloudtech.com.au/ there is two other files cert1.pem and chain1.pem

    /usr/local/ispconfig/interface/ssl has ispserver.crt and ispserver.key

    when i go browser to server8.redcloudtech.com.au:8080 i do get a valid cert

    hmmm am completely stuck

    any ideas ???
     
  11. vwpete

    vwpete Member

    would this also effect mail in the queue from being delivered locally?
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, this explains why the mail system has no SSL. There must be another let#s encrypt cert then I guess, try:

    ls -la /etc/letsencrypt/live/server8.redcloudtech.com.au*

    to see if there is one.

    This can't be the case unless you manually edited the ISPConfig vhost instead of correcting the broken main SSL certificate. Please check the ispconfig.vhost file to see which SSL cert the webserver is loading.

    Might be when the whole mails system is down.
     
  13. vwpete

    vwpete Member

    ispconfig.vhost

    # SSL Configuration
    SSLEngine On
    SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
    SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key


    these are actual files and not system links, i did make them system links like you asked, but after re running the upgrade again they are now files

    root@server8:~# ls -la /etc/letsencrypt/live/server8.redcloudtech.com.au*
    /etc/letsencrypt/live/server8.redcloudtech.com.au:
    total 12
    drwxr-xr-x 2 root root 4096 Oct 24 09:26 .
    drwx------ 20 root root 4096 Oct 25 00:28 ..
    lrwxrwxrwx 1 root root 51 Oct 24 09:26 cert.pem -> ../../archive/server8.redcloudtech.com.au/cert1.pem
    lrwxrwxrwx 1 root root 52 Oct 24 09:26 chain.pem -> ../../archive/server8.redcloudtech.com.au/chain1.pem
    lrwxrwxrwx 1 root root 56 Oct 24 09:26 fullchain.pem -> ../../archive/server8.redcloudtech.com.au/fullchain1.pem
    lrwxrwxrwx 1 root root 54 Oct 24 09:26 privkey.pem -> ../../archive/server8.redcloudtech.com.au/privkey1.pem
    -rw-r--r-- 1 root root 692 Oct 24 09:26 README

    /etc/letsencrypt/live/server8.redcloudtech.com.au-0001:
    total 16
    drwxr-xr-x 2 root root 4096 Oct 24 21:17 .
    drwx------ 20 root root 4096 Oct 25 00:28 ..
    lrwxrwxrwx 1 root root 56 Oct 24 21:17 cert.pem -> ../../archive/server8.redcloudtech.com.au-0001/cert1.pem
    lrwxrwxrwx 1 root root 57 Oct 24 21:17 chain.pem -> ../../archive/server8.redcloudtech.com.au-0001/chain1.pem
    lrwxrwxrwx 1 root root 61 Oct 24 21:17 fullchain.pem -> ../../archive/server8.redcloudtech.com.au-0001/fullchain1.pem
    lrwxrwxrwx 1 root root 59 Oct 24 21:17 privkey.pem -> ../../archive/server8.redcloudtech.com.au-0001/privkey1.pem
    -rw-r--r-- 1 root root 692 Oct 24 21:17 README

    i tied to do the manual ssl setup last night. by following https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/

    so i did create a server8.redcloudtech.com.au website and a mail.redcloudtech.com.au with an smtp.redcloudtech.com.au alias domain, they are all valid and work.

    after doing this dovecot refused to load, so i ran ispconfig upgrade again which got dovcot working again

    however same problem, all services are working, local mail in the mail que does not get delivered and outgoing mail does not get sent, all mail stays in the mail queue

    for sure server8.redcloudtech.com.au:8080 works with a valid ssl cert when you browse to it


    postfix= main.cf
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

    /etc/postfix
    smtpd.cert is a system link to usr/local/ispconfig/interface/ssl/ispserver.crt
    smtpd.key is a system link to /usr/local/ispconfig/interface/ssl/ispserver.key

    i am really stuck here, is there any way i can reset this, to work, even with out ssl. I have people complaining about email not working,

    I know i am a muppet, never should have upgraded, i should have created another server and migrated, like i did last time. :(
     
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    Upgrading is not a problem at all, I'm upgrading all my systems for years now, some of them starting from the earliest ISPConfig 3.0 beta, without any issues. Your problem is not an upgrade issue, something in your certbot install got broken which now results in wrong or empty cert files which cause parts of your system to go down and due to the broken certbot setup, ISPConfig updater is not being able to repair that on its own.

    Do the files in /etc/letsencrypt/live/server8.redcloudtech.com.au-0001/ contain the current SSL certs? If yes, point the files in /usr/local/ispconfig/interface/ssl/ to them via symlink.
     
  15. vwpete

    vwpete Member

    yes they do ish
    /etc/letsencrypt/live/server8.redcloudtech.com.au-0001/ has syslinks to
    /etc/letsencrypt/archive/server8.redcloudtech.com.au-000/ which does have the certs in
    they where created when i made the server8.redcloudtech.com.au website in ispconfig

    i created system links in /usr/local/ispconfig/interface/ssl/
    ln -s /etc/letsencrypt/live/server8.redcloudtech.com.au-0001/fullchain.pem ispserver.crt
    ln -s /etc/letsencrypt/live/server8.redcloudtech.com.au-0001/privkey.pem ispserver.key

    and rebooted the server

    still no luck :(

    I clearly don't have the skills to solve this, do you guys have a premium paid service, for someone like ya self to login and do the magic?

    I am so stuck here,
    Plus again thanx for your help so far
     
  16. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  17. vwpete

    vwpete Member

    thanx, i have sent in a request
    any other things i could try? or other info i could provide?
     
  18. vwpete

    vwpete Member

    is there a way i can disable ssl? just so mail will get delivered and sent that's in the mail queue
     
  19. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    If you restart postfix, does it print any errors about the certificate files?

    Do you have any custom templates under /usr/local/ispconfig/server/conf-custom/install/ ?

    What does 'certbot certificates' output?
     
  20. vwpete

    vwpete Member

    no errors on postfix restart
    also have posted result of
    systemctl status postfix

    root@server8:~# systemctl restart postfix
    root@server8:~# systemctl status postfix
    ● postfix.service - LSB: Postfix Mail Transport Agent
    Loaded: loaded (/etc/init.d/postfix; bad; vendor preset: enabled)
    Drop-In: /run/systemd/generator/postfix.service.d
    └─50-postfix-$mail-transport-agent.conf
    Active: active (running) since Mon 2021-10-25 13:59:35 UTC; 6s ago
    Docs: man:systemd-sysv-generator(8)
    Process: 28749 ExecStop=/etc/init.d/postfix stop (code=exited, status=0/SUCCESS)
    Process: 28781 ExecStart=/etc/init.d/postfix start (code=exited, status=0/SUCCESS)
    CGroup: /system.slice/postfix.service
    ├─28902 /usr/lib/postfix/sbin/master
    └─28903 pickup -l -t unix -u -c

    Oct 25 13:59:35 server8.redcloudtech.com.au postfix[28865]: Postfix is running with backwards-compatible default settings
    Oct 25 13:59:35 server8.redcloudtech.com.au postfix[28865]: See http://www.postfix.org/COMPATIBILITY_README.html for details
    Oct 25 13:59:35 server8.redcloudtech.com.au postfix[28865]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
    Oct 25 13:59:35 server8.redcloudtech.com.au postfix[28781]: ...done.
    Oct 25 13:59:35 server8.redcloudtech.com.au systemd[1]: Started LSB: Postfix Mail Transport Agent.
    Oct 25 13:59:35 server8.redcloudtech.com.au postfix/master[28902]: /etc/postfix/master.cf: line 138: using backwards-compatible default setting chroot=y
    Oct 25 13:59:35 server8.redcloudtech.com.au postfix/master[28902]: daemon started -- version 3.1.0, configuration /etc/postfix
    Oct 25 13:59:35 server8.redcloudtech.com.au postfix/qmgr[28904]: fatal: bad numerical configuration: default_destination_recipient_limit = 50smtpd_reject_unli
    Oct 25 13:59:36 server8.redcloudtech.com.au postfix/master[28902]: warning: process /usr/lib/postfix/sbin/qmgr pid 28904 exit status 1
    Oct 25 13:59:36 server8.redcloudtech.com.au postfix/master[28902]: warning: /usr/lib/postfix/sbin/qmgr: bad command startup -- throttling

    /usr/local/ispconfig/server/conf-custom/install/ is an empty directory

    out put from certbot certificates
    Found the following certs:
    Certificate Name: alexbaboulene.com
    Domains: www.psychologysussex.uk alexbaboulene.com psychologysussex.uk www.alexbaboulene.com
    Expiry Date: 2022-01-21 16:54:07+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/alexbaboulene.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/alexbaboulene.com/privkey.pem
    Certificate Name: alphadentalcare.co.uk
    Domains: www.alphadentalcare.co.uk alphadentalcare.co.uk
    Expiry Date: 2022-01-21 16:40:09+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/alphadentalcare.co.uk/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/alphadentalcare.co.uk/privkey.pem
    Certificate Name: danbaboulene.com
    Domains: www.danbaboulene.com danbaboulene.com
    Expiry Date: 2022-01-21 16:32:07+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/danbaboulene.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/danbaboulene.com/privkey.pem
    Certificate Name: eternitycaravansrockingham.com.au
    Domains: www.eternitycaravansperth.com.au eternitycaravansperth.com.au eternitycaravansrockingham.com.au pertheternitycaravans.com.au www.eternitycaravansrockingham.com.au www.pertheternitycaravans.com.au
    Expiry Date: 2022-01-21 16:38:39+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/eternitycaravansrockingham.com.au/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/eternitycaravansrockingham.com.au/privkey.pem
    Certificate Name: filmscores.uk
    Domains: www.filmscores.uk filmscores.uk
    Expiry Date: 2022-01-21 16:47:08+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/filmscores.uk/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/filmscores.uk/privkey.pem
    Certificate Name: fremantlemobilemechanic.com
    Domains: www.fremantlemobilemechanic.com fremantlemobilemechanic.com
    Expiry Date: 2022-01-22 21:49:18+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/fremantlemobilemechanic.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/fremantlemobilemechanic.com/privkey.pem
    Certificate Name: gnaraloo.com
    Domains: www.gnaraloo.com gnaraloo.com gnaraloo.com.au www.gnaraloo.com.au
    Expiry Date: 2022-01-21 16:42:11+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/gnaraloo.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/gnaraloo.com/privkey.pem
    Certificate Name: kitehighschool.com.au
    Domains: www.kitehighschool.com.au kitehighschool.com.au
    Expiry Date: 2022-01-21 16:38:20+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/kitehighschool.com.au/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/kitehighschool.com.au/privkey.pem
    Certificate Name: mail.redcloudtech.com.au
    Domains: smtp.redcloudtech.com.au mail.redcloudtech.com.au
    Expiry Date: 2022-01-22 23:31:08+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/mail.redcloudtech.com.au/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/mail.redcloudtech.com.au/privkey.pem
    Certificate Name: pipeforce.com.au
    Domains: pipeforce.com.au www.pipeforce.com.au
    Expiry Date: 2022-01-22 21:49:42+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/pipeforce.com.au/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/pipeforce.com.au/privkey.pem
    Certificate Name: psychology-associates.com
    Domains: www.psychology-associates.com psychology-associates.com
    Expiry Date: 2022-01-21 16:38:10+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/psychology-associates.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/psychology-associates.com/privkey.pem
    Certificate Name: psychologysussex.com
    Domains: www.sussexpsychologyservices.uk childpsychologysussex.com childpsychologysussex.uk psychologysussex.co.uk psychologysussex.com sussexpsychology.uk sussexpsychologyservices.com sussexpsychologyservices.uk www.childpsychologysussex.com www.childpsychologysussex.uk www.psychologysussex.co.uk www.psychologysussex.com www.sussexpsychology.uk www.sussexpsychologyservices.com
    Expiry Date: 2022-01-21 16:36:21+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/psychologysussex.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/psychologysussex.com/privkey.pem
    Certificate Name: redcloudtech.com.au
    Domains: redcloudtech.com.au www.redcloudtech.com.au
    Expiry Date: 2022-01-21 16:39:12+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/redcloudtech.com.au/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/redcloudtech.com.au/privkey.pem
    Certificate Name: registrations.delphidistributors.com.au
    Domains: registrations.delphidistributors.com.au
    Expiry Date: 2022-01-21 16:50:10+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/registrations.delphidistributors.com.au/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/registrations.delphidistributors.com.au/privkey.pem
    Certificate Name: server8.redcloudtech.com.au-0001
    Domains: server8.redcloudtech.com.au
    Expiry Date: 2022-01-22 20:17:04+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/server8.redcloudtech.com.au-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/server8.redcloudtech.com.au-0001/privkey.pem
    Certificate Name: server8.redcloudtech.com.au
    Domains: server8.redcloudtech.com.au
    Expiry Date: 2022-01-22 20:17:04+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/server8.redcloudtech.com.au/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/server8.redcloudtech.com.au/privkey.pem
    Certificate Name: skypixels.com.au
    Domains: www.skypixels.com.au skypixels.com.au
    Expiry Date: 2022-01-21 16:39:23+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/skypixels.com.au/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/skypixels.com.au/privkey.pem
    Certificate Name: soteriabrighton.co.uk
    Domains: www.soteriabrighton.co.uk soteriabrighton.co.uk
    Expiry Date: 2022-01-21 16:39:33+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/soteriabrighton.co.uk/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/soteriabrighton.co.uk/privkey.pem

    all the websites are working fine
     

Share This Page