Received-SPF: pass (Last token {ip4:107.14.166.0/24} (res=PASS)) client-ip=107.14.166.229; envelope-from=<junker@ericvey.com>; x-ip-name=cdptpa-outbound-snat.email.rr.com;
X-Received: from cdptpa-cmomta01.email.rr.com (cdptpa-outbound-snat.email.rr.com [107.14.166.229])
by netwin.co.nz (SurgeMail 7.4b) with ESMTP (TLS) id 15253471-1391920
for <surgemail-list@netwin.co.nz>; Mon, 16 Sep 2019 00:48:28 +0000
X-Return-Path: junker
X-Received: from ericvey.com ([142.197.114.27])
by cmsmtp with ESMTP
id 9fBpiRJbJwchr9fBrihnB1; Mon, 16 Sep 2019 00:48:27 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericvey.com;
s=default; t=1568594907;
bh=LffUsLMrDIa7WITy8yUry4Q77doXZ80ilJkYCfKMXIg=;
h=From:To:Subject:Date;
b=YrOw8rChKmVC8rJ/l/Sm2jvO2A+1DYHlogMe5wLuS8oh0NeVu9W52WKW+bDkiYXhS
Wne5mtgQ004NbjBoTZGO4ZoNFOGWTxL/XS5icd0skTwkMRttl1NAZxxzawANav6zuC
8Zg7Qqb+ymAyfQdczcMOB3poYfWzjHaZIdKZzFY8UN2xBnqLRuVkCfVAaZfLhzDT/C
qAFJ+1szDkLJtk+p9ilp1gIzhEtqy1GhD6BOVjkBDJ1gd6ZNnfG8AkuiGzNeCpB00T
TaRcigZDwpMwK3p29lFEYIKnOupS0zB7AYtgdwXZyqm3PFgf4QHyeIAADyceN0yJxZ
I8C4O5LI1WXBA==
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=192.168.1.10;
From: Eric Vey
To: <surgemail-list@netwin.co.nz>
Subject: Re: [SurgeMail List] g_ssl_auto and apache and certbot
Date: Sun, 15 Sep 2019 20:48:24 -0400
Message-ID: <5d7edbd8.ba5.b5dfbb40.398878f@ericvey.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-X-Originating-IP: 192.168.1.10
X-Mailer: SurgeWeb - Ajax Webmail Client
X-X-Authenticated-User: junker@ericvey.com
X-Info: aspam skipped due to (g_smite_skip_relay)
X-IP-stats: Notspam Incoming Last 0, First 0, in=2, out=0, spam=0 Known=true ip=192.168.1.10
X-CMAE-Envelope: MS4wfFuCpV6C/qmioSNyO+xXa7oXcbR2vuLhjomMTeqp561TdN6+WOKTj6Dcf3fieoVtTzIGEUYvjWfcnAAqlfhn9N8DRVZ8RlXNN78atXP9EVIJHOtDx4UW
2YcLH27AJoXuDbNob74G5VQN6t3ShoBtr7xhW8ZrGXenW5gve7O0nnl5sLjIwfw1+Us+JGjawBRt5Q==
X-Originating-IP: 107.14.166.229
X-Country: code=US country="United States" ip=107.14.166.229
X-ORBS-Stamp: hostkarma_yellow, hostkarma_quitok
X-Rcpt-To: <surgemail-list@netwin.co.nz>
X-Kann: +OK 0.471 0.955 0/5
X-SpamDetect: *****: 5.0 sd=5.0 lv=0.00 nok=1/0 m=1 nf=0 Close 0.90(X-Phrase:isspam) 0.10(X-myrbl:Color=yellow) 0.77(X-Verify-Helo:-ERR) 0.32(yellow_noinfo) 0.33(genuine) 0.33(dkimok) 0.36(StandardTLD) 0.37(spfpass) 0.38(X-ORBS-Stamp:yellow) 0.43(X-NotAscii:utf) 0.48(X-LangGuess:English) 0.48(X-Verify-MX present) Saned 5.0 Sval 6.9 bsan 5.0 NotSaned s=6.9 was=5.0 Sval 6.9
X-NotAscii: charset=utf-8
X-LangGuess: English
X-Probe: +OK nothing bad found
X-Phrase: IsSpam score=1.00
X-Verify-Helo: -ERR missmatch: cdptpa-cmomta01.email.rr.com->107.14.166.229->cdptpa-outbound-snat.email.rr.com
Authentication-Results: netwin.co.nz header.from=junker@ericvey.com; dkim=pass (good signature)
X-Verify-MX: <junker@ericvey.com> senders ip (ch=107.14.166.229 msg=107.14.166.229, net=107.14.) not in mx data dom=ericvey.com ipname=cdptpa-outbound-snat.email.rr.com (142.197.114.27 142.197.114.27 208.80.120)
X-Encryption: SSL encrypted
X-MyRbl: Color=Yellow Age=754 Spam=55 Notspam=11 Stars=867 Good=11966 Friend=13656 Surbl=121 Catch=0 r=0.048 ip=107.14.166.229
X-IP-stats: No info recorded yet ip=107.14.166.229
List-Unsubscribe: <mailto:surgemail-list-leave@netwin.co.nz?subject=unsubscribe>
X-Mailing-List: surgemail-list@netwin.co.nz
List-ID: <surgemail-list@netwin.co.nz>
Precedence: bulk
Reply-To: surgemail-list@netwin.co.nz
Content-Transfer-Encoding: quoted-printable
Content-Transfer-Encoding: quoted-printable
Okay I did it. The certificates were created and the apache server seems to be fine. I tested using Ssl Labs and they like the configuration. They only saw one certificate.
I still got this error though when I ran the update:
Account status: Account created ok https://acme-v02.api.letsencrypt.org/acme/acct/65983680
acme_authorize required for domain ericvey.com
Challenge http-01 pending
Created www/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g
Created /home/httpd/html/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g
Challenge: error: Invalid response from http://ericvey.com/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g [142.197.114.27]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
HINT: Check your setting url_host points to your
mail server for this domain!!
acme_do_auth failed ericvey.com
Update finished, 0 good, 2 bad
ssl_reload:
This means I can remove the certbot generated certificate and remove the chron job that updates it every three months?
On Sunday 15/09/2019 at 7:56 pm, Surgemail Support wrote:
On 16/09/2019 11:53 AM, Eric Vey wrote:
So I must state the path before I run tellmail ssl_update?
Yes.
How does apache know to look there?
It's the path apache is going to use for any html files, you are telling surgemail where apache is going to look, so you have to start from knowing the apache path to html files...
ChrisP.
Eric Vey
On September 15, 2019 6:56:11 PM EDT, Surgemail Support
<surgemail-support@netwinsite.com> wrote:
If you have a web server then you must use g_ssl_lets_path to tell surgemail to create the file in the webserver path, it should be pointing at
/home/httpd/html/.well-known/acme-challenge
which as you mention must be writable by user 'mail'...
What happens when you try that?
chrisp.
On 16/09/2019 3:33 AM, Eric Vey wrote:
Hi,
So I have a single ubuntu server for mail and web. Port 80 is for web and port 7080 is for webmail. g_webmail_port is set to 7080 only.
All requests come to ericvey.com and I let the router do the work. There is no mail.ericvey.com, just ericvey.com. Let's encrypt certbot automagically set up the apache putting the certificate in /etc/letsencrypyt/live ... )you know the rest)
Right now, I am back to g_ssl_lets_path because when I remove it and set g_ssl_auto to "true" I get this error when I run tellmail ssl_update. I don't really need to update the certificate, nor do I need (or want) a second one.
Stars indicate info removed for privacy.
SurgeMail Version 7.3o4-4, Built Oct 14 2018 22:20:57, Platform Linux
Key ******* OK, email=****@ericvey.com, users=10, flags=48, host=ubuntu-server-2:127.0.1.1, prod=surgemail active=4 updates=27/Dec/2016
Update starting
Update domain ericvey.com
Existing cert check: ericvey.com Self signed certificate /CN=ericvey.com
acme_authorize required for domain ericvey.com
Challenge http-01 pending
Created www/.well-known/acme-challenge/VRzjGR2QkMm_WgmaoKmx7Lt1qvhFe6RYCiJXQhi4vHM
HINT: Check your setting url_host points to your mail server for this domain!!
acme_do_auth failed ericvey.com
Update finished, 0 good, 1 bad
ssl_reload:
It appears to be trying to pull a page from my public web server on port 80. It didn't create /home/httpd/html/.well-known/acme-challenge, so I did and give the user mail permission to write.
Am I doing something wrong here?
Eric Vey
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.