Received-SPF: pass (Last token {ip4:107.14.166.0/24} (res=PASS)) client-ip=107.14.166.232; envelope-from=<junker@ericvey.com>; x-ip-name=cdptpa-outbound-snat.email.rr.com;
X-Received: from cdptpa-cmomta01.email.rr.com (cdptpa-outbound-snat.email.rr.com [107.14.166.232])
by netwin.co.nz (SurgeMail 7.4b) with ESMTP (TLS) id 15252189-1391920
for <surgemail-list@netwin.co.nz>; Sun, 15 Sep 2019 23:54:02 +0000
X-Return-Path: junker
X-Received: from ericvey.com ([142.197.114.27])
by cmsmtp with ESMTP
id 9eL8iQOm3wchr9eLAiha4K; Sun, 15 Sep 2019 23:54:01 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericvey.com;
s=default; t=1568591641;
bh=e3MIj/oUfveSq1sZu6N4NO389OxdUx/Z/T9aSbMuav8=;
h=Date:In-Reply-To:References:Subject:To:From;
b=BjkLwyJVQ1v9ygYwkklufIWU297YUv9L6XEKJAvfhsS+1SpmAtUm17KWqj2ofENAm
+mFvsH6gd9FO7o70n+mdMEHp5VU8eWV4nDJn53QPnEfOx8tVha2e6why2g9BaXIoWw
lvi1n22Y98ZlqGTAltOncqnKacBT3Xf3LWqELOtqGFxmwV4jdZJlHe47+NQux7w1Fx
CRSyDELMmT0IdhBy5tQhjsYMW8fGb1gQykkazVLRrm+b2MmzRvRnLvz3OC5VGM2E4F
KprPU9j6/L6VERfZ5mjeT+6PocucS71uzMXiBgvD6rGn1REVKIzdvS0mYMzZw+3EWA
mW3zmuikKkPxg==
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=142.197.114.27;
Date: Sun, 15 Sep 2019 19:53:56 -0400
User-Agent: K-9 Mail for Android
In-Reply-To: <76e01968-0d57-8b6c-efa7-44722f2d615d@netwinsite.com>
References: <em160c2914-1ba9-4ea8-9dc6-f3694020aa2f@minint-tarjqf7> <76e01968-0d57-8b6c-efa7-44722f2d615d@netwinsite.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Re: [SurgeMail List] g_ssl_auto and apache and certbot
To: surgemail-list@netwin.co.nz
From: Eric Vey
Message-ID: <EF48FF7E-7B53-46CB-AA30-F7450F56DB40@ericvey.com>
X-X-Authenticated-User: junker@ericvey.com
X-Info: aspam skipped due to (g_smite_skip_relay)
X-X-Encryption: SSL encrypted
X-IP-stats: Notspam Incoming Last 0, First 452, in=573, out=0, spam=0 Known=true ip=142.197.114.27
X-CMAE-Envelope: MS4wfNfwJX2FB0DHi0J/JyV0872XYQLBPt7Pg3A3/ZGsZLPuznkqscNjglVMLkETkWp13WgMJLFqBaIeERPnnypvwJf+EDZIo7F7zvtmqX9mKoX+/tAmlB8w
tbhaW3nHZfg16X7MY+TCtaOm+j5SB9xpuUSTLBpOuGseIdIwi4+oM96k5VSBxx2gXWMP6zjoUK7gTQ==
X-Originating-IP: 107.14.166.232
X-Country: code=US country="United States" ip=107.14.166.232
X-ORBS-Stamp: hostkarma_yellow, hostkarma_quitok
X-Rcpt-To: <surgemail-list@netwin.co.nz>
X-Kann: +OK 0.522 0.998 1/9
X-SpamDetect: *****: 5.0 sd=5.0 lv=0.00 nok=1/0 m=1 nf=0 Close 0.90(X-Phrase:isspam) 0.10(X-myrbl:Color=yellow) 0.76(X-Verify-Helo:-ERR) 0.33(genuine) 0.33(dkimok) 0.36(StandardTLD) 0.37(spfpass) 0.38(X-ORBS-Stamp:yellow) 0.43(X-NotAscii:utf) 0.48(X-LangGuess:English) 0.49(X-Verify-MX present) Saned 5.0 Sval 6.9 bsan 5.0 NotSaned s=6.9 was=5.0 Sval 6.9
X-NotAscii: charset=utf-8
X-LangGuess: English
X-Probe: +OK nothing bad found
X-Phrase: IsSpam score=1.00
X-Verify-Helo: -ERR missmatch: cdptpa-cmomta01.email.rr.com->107.14.166.232->cdptpa-outbound-snat.email.rr.com
Authentication-Results: netwin.co.nz header.from=junker@ericvey.com; dkim=pass (good signature)
X-Verify-MX: <junker@ericvey.com> senders ip (ch=107.14.166.232 msg=107.14.166.232, net=107.14.) not in mx data dom=ericvey.com ipname=cdptpa-outbound-snat.email.rr.com (142.197.114.27 142.197.114.27 208.80.120)
X-Encryption: SSL encrypted
X-MyRbl: Color=Yellow Age=754 Spam=38 Notspam=14 Stars=896 Good=12026 Friend=13534 Surbl=118 Catch=2 r=0.037 ip=107.14.166.232
X-IP-stats: Incoming Last 0, First 0, in=60, out=0, spam=0 ip=107.14.166.232
List-Unsubscribe: <mailto:surgemail-list-leave@netwin.co.nz?subject=unsubscribe>
X-Mailing-List: surgemail-list@netwin.co.nz
List-ID: <surgemail-list@netwin.co.nz>
Precedence: bulk
Reply-To: surgemail-list@netwin.co.nz
Content-Transfer-Encoding: quoted-printable
Content-Transfer-Encoding: quoted-printable
So I must state the path before I run tellmail ssl_update?
How does apache know to look there?
Eric Vey
On September 15, 2019 6:56:11 PM EDT, Surgemail Support <surgemail-support@netwinsite.com> wrote:
If you have a web server then you must use g_ssl_lets_path to
tell surgemail to create the file in the webserver path, it should
be pointing at
/home/httpd/html/.well-known/acme-challenge
which as you mention must be writable by user 'mail'...
What happens when you try that?
chrisp.
On 16/09/2019 3:33 AM, Eric Vey wrote:
Hi,
So I have a single ubuntu server for mail and web. Port 80 is
for web and port 7080 is for webmail. g_webmail_port is set to
7080 only.
All requests come to ericvey.com and I let the router do the
work. There is no mail.ericvey.com, just ericvey.com. Let's
encrypt certbot automagically set up the apache putting the
certificate in /etc/letsencrypyt/live ... )you know the rest)
Right now, I am back to g_ssl_lets_path because when I remove
it and set g_ssl_auto to "true" I get this error when I run
tellmail ssl_update. I don't really need to update the
certificate, nor do I need (or want) a second one.
Stars indicate info removed for privacy.
SurgeMail Version 7.3o4-4, Built Oct 14 2018
22:20:57, Platform Linux
Key ******* OK, email=****@ericvey.com,
users=10, flags=48, host=ubuntu-server-2:127.0.1.1,
prod=surgemail active=4 updates=27/Dec/2016
Update starting
Update domain ericvey.com
Existing cert check: ericvey.com Self signed
certificate /CN=ericvey.com
acme_authorize required for domain ericvey.com
Challenge http-01 pending
Created
www/.well-known/acme-challenge/VRzjGR2QkMm_WgmaoKmx7Lt1qvhFe6RYCiJXQhi4vHM
HINT: Check your setting url_host points to your
mail server for this domain!!
acme_do_auth failed ericvey.com
Update finished, 0 good, 1 bad
ssl_reload:
It appears to be trying to pull a page from my public
web server on port 80. It didn't create
/home/httpd/html/.well-known/acme-challenge, so I did and give
the user mail permission to write.
Am I doing something wrong here?
Eric Vey
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.