X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=115-188-33-171-adsl.sparkbb.co.nz; envelope-from=<surgemail-support@netwinsite.com>;
X-Received: from [192.168.1.75] (115-188-33-171-adsl.sparkbb.co.nz [115.188.33.171])
by netwin.co.nz (SurgeMail 7.4b) with ESMTP (TLS) id 15252299-1391920
for <surgemail-list@netwin.co.nz>; Sun, 15 Sep 2019 23:55:53 +0000
X-Return-Path: surgemail-support
Subject: Re: [SurgeMail List] g_ssl_auto and apache and certbot
To: surgemail-list@netwin.co.nz
References: <em160c2914-1ba9-4ea8-9dc6-f3694020aa2f@minint-tarjqf7>
<76e01968-0d57-8b6c-efa7-44722f2d615d@netwinsite.com>
<EF48FF7E-7B53-46CB-AA30-F7450F56DB40@ericvey.com>
From: Surgemail Support
Message-ID: <ce0bc2b9-0e38-cf89-8d40-0a5ed182dd4a@netwinsite.com>
Date: Mon, 16 Sep 2019 11:55:50 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <EF48FF7E-7B53-46CB-AA30-F7450F56DB40@ericvey.com>
Content-Language: en-US
X-Rcpt-To: <surgemail-list@netwin.co.nz>
X-SpamDetect: : 0.000000
X-Info: aspam skipped due to (g_smite_skip_relay)
X-Encryption: SSL encrypted
X-IP-stats: Incoming Last 0, First 21, in=536, out=0, spam=0 ip=115.188.33.171
List-Unsubscribe: <mailto:surgemail-list-leave@netwin.co.nz?subject=unsubscribe>
X-Mailing-List: surgemail-list@netwin.co.nz
List-ID: <surgemail-list@netwin.co.nz>
Precedence: bulk
Reply-To: surgemail-list@netwin.co.nz
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit
On 16/09/2019 11:53 AM, Eric Vey wrote:
So I must state the path before I run tellmail ssl_update?
Yes.
How does apache know to look there?
It's the path apache is going to use for any html files, you are
telling surgemail where apache is going to look, so you have to
start from knowing the apache path to html files...
ChrisP.
Eric Vey
On September 15, 2019 6:56:11 PM EDT,
Surgemail Support
<surgemail-support@netwinsite.com>
wrote:
If you have a web server then you must use g_ssl_lets_path
to tell surgemail to create the file in the webserver path,
it should be pointing at
/home/httpd/html/.well-known/acme-challenge
which as you mention must be writable by user
'mail'...
What happens when you try that?
chrisp.
On 16/09/2019 3:33 AM, Eric Vey
wrote:
Hi,
So I have a single ubuntu server for mail and web. Port
80 is for web and port 7080 is for webmail. g_webmail_port
is set to 7080 only.
All requests come to ericvey.com and I let the router
do the work. There is no mail.ericvey.com, just
ericvey.com. Let's encrypt certbot automagically set up
the apache putting the certificate in
/etc/letsencrypyt/live ... )you know the rest)
Right now, I am back to g_ssl_lets_path because when I
remove it and set g_ssl_auto to "true" I get this error
when I run tellmail ssl_update. I don't really need to
update the certificate, nor do I need (or want) a second
one.
Stars indicate info removed for privacy.
SurgeMail Version 7.3o4-4, Built Oct 14 2018
22:20:57, Platform Linux
Key ******* OK, email=****@ericvey.com,
users=10, flags=48, host=ubuntu-server-2:127.0.1.1,
prod=surgemail active=4 updates=27/Dec/2016
Update starting
Update domain ericvey.com
Existing cert check: ericvey.com Self signed
certificate /CN=ericvey.com
acme_authorize required for domain
ericvey.com
Challenge http-01 pending
Created
www/.well-known/acme-challenge/VRzjGR2QkMm_WgmaoKmx7Lt1qvhFe6RYCiJXQhi4vHM
HINT: Check your setting url_host points to
your mail server for this domain!!
acme_do_auth failed ericvey.com
Update finished, 0 good, 1 bad
ssl_reload:
It appears to be trying to pull a page from my
public web server on port 80. It didn't create
/home/httpd/html/.well-known/acme-challenge, so I did
and give the user mail permission to write.
Am I doing something wrong here?
Eric Vey
--
Sent from my Android device with K-9 Mail. Please excuse my
brevity.