X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=115-188-33-171-adsl.sparkbb.co.nz; envelope-from=<surgemail-support@netwinsite.com>;
X-Received: from [192.168.1.75] (115-188-33-171-adsl.sparkbb.co.nz [115.188.33.171])
by netwin.co.nz (SurgeMail 7.4b) with ESMTP (TLS) id 15250961-1391920
for <surgemail-list@netwin.co.nz>; Sun, 15 Sep 2019 22:56:18 +0000
X-Return-Path: surgemail-support
Subject: Re: [SurgeMail List] g_ssl_auto and apache and certbot
To: surgemail-list@netwin.co.nz
References: <em160c2914-1ba9-4ea8-9dc6-f3694020aa2f@minint-tarjqf7>
From: Surgemail Support
Message-ID: <76e01968-0d57-8b6c-efa7-44722f2d615d@netwinsite.com>
Date: Mon, 16 Sep 2019 10:56:11 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <em160c2914-1ba9-4ea8-9dc6-f3694020aa2f@minint-tarjqf7>
Content-Language: en-US
X-Rcpt-To: <surgemail-list@netwin.co.nz>
X-SpamDetect: : 0.000000
X-Info: aspam skipped due to (g_smite_skip_relay)
X-Encryption: SSL encrypted
X-IP-stats: Incoming Last 0, First 20, in=533, out=0, spam=0 ip=115.188.33.171
List-Unsubscribe: <mailto:surgemail-list-leave@netwin.co.nz?subject=unsubscribe>
X-Mailing-List: surgemail-list@netwin.co.nz
List-ID: <surgemail-list@netwin.co.nz>
Precedence: bulk
Reply-To: surgemail-list@netwin.co.nz
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit
If you have a web server then you must use g_ssl_lets_path to
tell surgemail to create the file in the webserver path, it should
be pointing at
/home/httpd/html/.well-known/acme-challenge
which as you mention must be writable by user 'mail'...
What happens when you try that?
chrisp.
On 16/09/2019 3:33 AM, Eric Vey wrote:
Hi,
So I have a single ubuntu server for mail and web. Port 80 is
for web and port 7080 is for webmail. g_webmail_port is set to
7080 only.
All requests come to ericvey.com and I let the router do the
work. There is no mail.ericvey.com, just ericvey.com. Let's
encrypt certbot automagically set up the apache putting the
certificate in /etc/letsencrypyt/live ... )you know the rest)
Right now, I am back to g_ssl_lets_path because when I remove
it and set g_ssl_auto to "true" I get this error when I run
tellmail ssl_update. I don't really need to update the
certificate, nor do I need (or want) a second one.
Stars indicate info removed for privacy.
SurgeMail Version 7.3o4-4, Built Oct 14 2018
22:20:57, Platform Linux
Key ******* OK, email=****@ericvey.com,
users=10, flags=48, host=ubuntu-server-2:127.0.1.1,
prod=surgemail active=4 updates=27/Dec/2016
Update starting
Update domain ericvey.com
Existing cert check: ericvey.com Self signed
certificate /CN=ericvey.com
acme_authorize required for domain ericvey.com
Challenge http-01 pending
Created
www/.well-known/acme-challenge/VRzjGR2QkMm_WgmaoKmx7Lt1qvhFe6RYCiJXQhi4vHM
HINT: Check your setting url_host points to your
mail server for this domain!!
acme_do_auth failed ericvey.com
Update finished, 0 good, 1 bad
ssl_reload:
It appears to be trying to pull a page from my public
web server on port 80. It didn't create
/home/httpd/html/.well-known/acme-challenge, so I did and give
the user mail permission to write.
Am I doing something wrong here?
Eric Vey