X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=115-188-33-171-adsl.sparkbb.co.nz; envelope-from=<surgemail-support@netwinsite.com>;
X-Received: from [192.168.1.75] (115-188-33-171-adsl.sparkbb.co.nz [115.188.33.171])
by netwin.co.nz (SurgeMail 7.4b) with ESMTP (TLS) id 15253620-1391920
for <surgemail-list@netwin.co.nz>; Mon, 16 Sep 2019 00:54:20 +0000
X-Return-Path: surgemail-support
Subject: Re: [SurgeMail List] g_ssl_auto and apache and certbot
To: surgemail-list@netwin.co.nz
References: <5d7edbd8.ba5.b5dfbb40.398878f@ericvey.com>
From: Surgemail Support
Message-ID: <77414f95-d1fa-b2b3-1e06-eb48395f4e69@netwinsite.com>
Date: Mon, 16 Sep 2019 12:54:16 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <5d7edbd8.ba5.b5dfbb40.398878f@ericvey.com>
Content-Language: en-US
X-Rcpt-To: <surgemail-list@netwin.co.nz>
X-SpamDetect: : 0.000000
X-Info: aspam skipped due to (g_smite_skip_relay)
X-Encryption: SSL encrypted
X-IP-stats: Incoming Last 0, First 21, in=541, out=0, spam=0 ip=115.188.33.171
List-Unsubscribe: <mailto:surgemail-list-leave@netwin.co.nz?subject=unsubscribe>
X-Mailing-List: surgemail-list@netwin.co.nz
List-ID: <surgemail-list@netwin.co.nz>
Precedence: bulk
Reply-To: surgemail-list@netwin.co.nz
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit
Nope that failed.
This request you can test manually with any web browser:
http://ericvey.com/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g
And it should work and give you a page with numbers in it.
It looks like you set the path to:
/home/httpd/html/.well-known/acme-challenge
Check the apache config files to see where the 'html' path for
"ericvey.com" maps to, I'm guessing it is going somewhere
else....?
ChrisP.
On 16/09/2019 12:48 PM, Eric Vey wrote:
Okay I did it. The certificates were created and the apache
server seems to be fine. I tested using Ssl Labs and they like
the configuration. They only saw one certificate.
I still got this error though when I ran the update:
Account status: Account created ok
https://acme-v02.api.letsencrypt.org/acme/acct/65983680
acme_authorize required for domain ericvey.com
Challenge http-01 pending
Created
www/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g
Created
/home/httpd/html/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g
Challenge: error: Invalid response from
http://ericvey.com/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g
[142.197.114.27]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not
Found</h1>\n<p"
HINT: Check your setting url_host points to your
mail server for
this domain!!
acme_do_auth failed ericvey.com
Update finished, 0 good, 2 bad
ssl_reload:
This means I can remove the certbot generated certificate and
remove the chron job that updates it every three months?
On Sunday 15/09/2019 at 7:56 pm, Surgemail Support wrote:
On 16/09/2019 11:53 AM, Eric Vey
wrote:
So I must state the path before I run tellmail
ssl_update?
Yes.
How does apache know to look there?
It's the path apache is going to use for any html files,
you are telling surgemail where apache is going to look, so
you have to start from knowing the apache path to html
files...
ChrisP.
Eric Vey
On September 15, 2019 6:56:11 PM
EDT, Surgemail Support
<surgemail-support@netwinsite.com>
wrote:
If you have a web server then you must use
g_ssl_lets_path to tell surgemail to create the file
in the webserver path, it should be pointing at
/home/httpd/html/.well-known/acme-challenge
which as you mention must be writable by user
'mail'...
What happens when you try that?
chrisp.
On 16/09/2019 3:33 AM, Eric
Vey wrote:
Hi,
So I have a single ubuntu server for mail and
web. Port 80 is for web and port 7080 is for
webmail. g_webmail_port is set to 7080 only.
All requests come to ericvey.com and I let the
router do the work. There is no mail.ericvey.com,
just ericvey.com. Let's encrypt certbot
automagically set up the apache putting the
certificate in /etc/letsencrypyt/live ... )you know
the rest)
Right now, I am back to g_ssl_lets_path because
when I remove it and set g_ssl_auto to "true" I get
this error when I run tellmail ssl_update. I don't
really need to update the certificate, nor do I need
(or want) a second one.
Stars indicate info removed for privacy.
SurgeMail Version 7.3o4-4, Built Oct 14
2018 22:20:57, Platform Linux
Key ******* OK, email=****@ericvey.com,
users=10, flags=48,
host=ubuntu-server-2:127.0.1.1, prod=surgemail
active=4 updates=27/Dec/2016
Update starting
Update domain ericvey.com
Existing cert check: ericvey.com Self
signed certificate /CN=ericvey.com
acme_authorize required for domain
ericvey.com
Challenge http-01 pending
Created
www/.well-known/acme-challenge/VRzjGR2QkMm_WgmaoKmx7Lt1qvhFe6RYCiJXQhi4vHM
HINT: Check your setting url_host
points to your mail server for this domain!!
acme_do_auth failed ericvey.com
Update finished, 0 good, 1 bad
ssl_reload:
It appears to be trying to pull a page from
my public web server on port 80. It didn't create
/home/httpd/html/.well-known/acme-challenge, so I
did and give the user mail permission to write.
Am I doing something wrong here?
Eric Vey
--
Sent from my Android device with K-9 Mail. Please excuse my
brevity.