Received-SPF: pass (Last token {ip4:107.14.166.0/24} (res=PASS)) client-ip=107.14.166.231; envelope-from=<junker@ericvey.com>; x-ip-name=cdptpa-outbound-snat.email.rr.com;
X-Received: from cdptpa-cmomta03.email.rr.com (cdptpa-outbound-snat.email.rr.com [107.14.166.231])
by netwin.co.nz (SurgeMail 7.4b) with ESMTP (TLS) id 15273195-1391920
for <surgemail-list@netwin.co.nz>; Mon, 16 Sep 2019 15:33:25 +0000
X-Return-Path: junker
X-Received: from ericvey.com ([142.197.114.27])
by cmsmtp with ESMTP
id 9t09iJmSMYkhN9t0BiuwFF; Mon, 16 Sep 2019 15:33:20 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericvey.com;
s=default; t=1568648000;
bh=/Jy3Nhxh28X5CI0s56zvDBd1NXbbHyfnGVq2YLTocCE=;
h=Date:In-Reply-To:References:Subject:To:From;
b=JQRiAARH8/NBDhr73qBbaBwugNsU9ZOzsqdPg65xhBoJKUBfAllMMVnLcMpc54s0B
QS0RfTd8VlqfDTiLSy8MapNJ9ZRdjvrJzMiV6sQs0U0J9wlnbdrIQaeTwFqvC3heje
7e39j/1NuEkOrF2dJMTNJFaCr6hWfpoFGI7iAEKGcBROnI8bnVzp2Jh0EZEz8YwkjY
kaH17fZQhpxpraQaimEwjBTTeCb26lkgXlIyD76bq5q/wC/vVTbBUSD++oBfRqhgrG
9Wds9Ya8HDd3BUouHIJ1h/LD7GrfSI9aQzvF+2Q1CXQKFef7w9cf/bHoajYs8GfiVR
p5TU2V20DvP2Q==
X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=4.35.250.228;
Date: Mon, 16 Sep 2019 11:33:16 -0400
User-Agent: K-9 Mail for Android
In-Reply-To: <c3dcbf69-8645-3c6e-a362-4c087264081d@netwinsite.com>
References: <5d7ee8c8.19b6.b5844b40.2d4f8e1e@ericvey.com> <c3dcbf69-8645-3c6e-a362-4c087264081d@netwinsite.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Re: [SurgeMail List] g_ssl_auto and apache and certbot
To: surgemail-list@netwin.co.nz
From: Eric Vey
Message-ID: <03CCFA87-7E4E-4DAD-B469-FF25A97BE390@ericvey.com>
X-X-Authenticated-User: junker@ericvey.com
X-Info: aspam skipped due to (g_smite_skip_relay)
X-X-Encryption: SSL encrypted
X-IP-stats: Incoming Last 0, First 233, in=5, out=0, spam=0 ip=4.35.250.228
X-CMAE-Envelope: MS4wfO+/O2s4DHWztoIUDlnmbDqF6QxR7Umjc1gKXt6be6/yINCwxMGmOcU7ZQLISAURx3Zg+fHjkYusRNbsNB0TZZW4M2SfR6HM/PHSNBSNPDA4SX6uRRwS
LHUejwOrjV+a2ANg3qVqFxvoZnpfM7lIJmuj0ngt/QO0/T24PQeCjvJE5oTFFwu6CBP5ZReieirnhA==
X-Originating-IP: 107.14.166.231
X-Country: code=US country="United States" ip=107.14.166.231
X-ORBS-Stamp: hostkarma_yellow, hostkarma_quitok
X-Rcpt-To: <surgemail-list@netwin.co.nz>
X-Kann: +OK 0.868 0.998 1/12
X-SpamDetect: *****: 5.0 sd=5.0 lv=0.00 nok=1/0 m=1 nf=0 Close 0.90(X-Phrase:isspam) 0.10(X-myrbl:Color=yellow) 0.77(X-Verify-Helo:-ERR) 0.32(yellow_noinfo) 0.33(genuine) 0.33(dkimok) 0.36(StandardTLD) 0.37(spfpass) 0.38(X-ORBS-Stamp:yellow) 0.48(X-LangGuess:English) 0.48(X-Verify-MX present) Saned 5.0 Sval 6.9 bsan 5.0 NotSaned s=6.9 was=5.0 Sval 6.9
X-LangGuess: English
X-Probe: +OK nothing bad found
X-Phrase: IsSpam score=1.00
X-Verify-Helo: -ERR missmatch: cdptpa-cmomta03.email.rr.com->107.14.166.231->cdptpa-outbound-snat.email.rr.com
Authentication-Results: netwin.co.nz header.from=junker@ericvey.com; dkim=pass (good signature)
X-Verify-MX: <junker@ericvey.com> senders ip (ch=107.14.166.231 msg=107.14.166.231, net=107.14.) not in mx data dom=ericvey.com ipname=cdptpa-outbound-snat.email.rr.com (142.197.114.27 142.197.114.27 208.80.120)
X-Encryption: SSL encrypted
X-MyRbl: Color=Yellow Age=754 Spam=44 Notspam=23 Stars=905 Good=12150 Friend=13797 Surbl=120 Catch=1 r=0.04 ip=107.14.166.231
X-IP-stats: No info recorded yet ip=107.14.166.231
List-Unsubscribe: <mailto:surgemail-list-leave@netwin.co.nz?subject=unsubscribe>
X-Mailing-List: surgemail-list@netwin.co.nz
List-ID: <surgemail-list@netwin.co.nz>
Precedence: bulk
Reply-To: surgemail-list@netwin.co.nz
Content-Transfer-Encoding: quoted-printable
Content-Transfer-Encoding: quoted-printable
Ubuntu does not locate apache web pages in the same places as other installs. I rarely tear into the os, so I have a hard time remembering what I do from one time to the next.
There is a let's encrypt conf file that directs apache where to look for the pem files. I may have edited this file when I installed cert-bot, but I don't recall.
I'm going to document all this when I make the changes, which conf files I edit and their location. That's for others and me to look up, next time they make dramatic changes.
Eric Vey
On September 15, 2019 10:06:40 PM EDT, Surgemail Support <surgemail-support@netwinsite.com> wrote:
On 16/09/2019 1:43 PM, Eric Vey wrote:
The location of my web files is:
/var/www/ericvey.com/public_html
so I made a /.well-known/acme-challenge in there, changed the
g_ssl_lets_path to that and the update completed properly this
time.
I'm assuming the apache site is still using the old
certificate. I'll have to google and see if there is something
to do in the apache2.conf file to steer it to the new path.
You should be able to point it at the files surge_cert.pem and
surge_priv.pem that surgemail uses by settings in the apache
config I think.
ChrisP.
Getting late here. Thanks for your help.
Eric Vey
On Sunday 15/09/2019 at 8:54 pm, Surgemail Support wrote:
Nope that failed.
This request you can test manually with any web browser:
http://ericvey.com/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g
And it should work and give you a page with numbers in it.
It looks like you set the path to:
/home/httpd/html/.well-known/acme-challenge
Check the apache config files to see where the 'html' path
for "ericvey.com" maps to, I'm guessing it is going
somewhere else....?
ChrisP.
On 16/09/2019 12:48 PM, Eric Vey
wrote:
Okay I did it. The certificates were created and the
apache server seems to be fine. I tested using Ssl Labs
and they like the configuration. They only saw one
certificate.
I still got this error though when I ran the update:
Account status: Account created ok
https://acme-v02.api.letsencrypt.org/acme/acct/65983680
acme_authorize required for domain ericvey.com
Challenge http-01 pending
Created
www/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g
Created
/home/httpd/html/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g
Challenge: error: Invalid response from
http://ericvey.com/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g
[142.197.114.27]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD
HTML
2.0//EN\">\n<html><head>\n<title>404
Not
Found</title>\n</head><body>\n<h1>Not
Found</h1>\n<p"
HINT: Check your setting url_host points to your mail
server for this domain!!
acme_do_auth failed ericvey.com
Update finished, 0 good, 2 bad
ssl_reload:
This means I can remove the certbot generated
certificate and remove the chron job that updates it every
three months?
On Sunday 15/09/2019 at 7:56 pm, Surgemail Support
wrote:
On 16/09/2019 11:53 AM,
Eric Vey wrote:
So I must state the path before I run
tellmail ssl_update?
Yes.
How does apache know to look there?
It's the path apache is going to use for any html
files, you are telling surgemail where apache is going
to look, so you have to start from knowing the apache
path to html files...
ChrisP.
Eric Vey
On September 15, 2019 6:56:11
PM EDT, Surgemail Support
<surgemail-support@netwinsite.com>
wrote:
If you have a web server then you must use
g_ssl_lets_path to tell surgemail to create the
file in the webserver path, it should be
pointing at
/home/httpd/html/.well-known/acme-challenge
which as you mention must be writable by
user 'mail'...
What happens when you try that?
chrisp.
On 16/09/2019 3:33
AM, Eric Vey wrote:
Hi,
So I have a single ubuntu server for mail
and web. Port 80 is for web and port 7080 is
for webmail. g_webmail_port is set to 7080
only.
All requests come to ericvey.com and I let
the router do the work. There is no
mail.ericvey.com, just ericvey.com. Let's
encrypt certbot automagically set up the
apache putting the certificate in
/etc/letsencrypyt/live ... )you know the rest)
Right now, I am back to g_ssl_lets_path
because when I remove it and set g_ssl_auto to
"true" I get this error when I run tellmail
ssl_update. I don't really need to update the
certificate, nor do I need (or want) a second
one.
Stars indicate info removed for privacy.
SurgeMail Version 7.3o4-4, Built
Oct 14 2018 22:20:57, Platform Linux
Key ******* OK, email=****@ericvey.com,
users=10, flags=48,
host=ubuntu-server-2:127.0.1.1,
prod=surgemail active=4
updates=27/Dec/2016
Update starting
Update domain ericvey.com
Existing cert check: ericvey.com
Self signed certificate /CN=ericvey.com
acme_authorize required for
domain ericvey.com
Challenge http-01 pending
Created
www/.well-known/acme-challenge/VRzjGR2QkMm_WgmaoKmx7Lt1qvhFe6RYCiJXQhi4vHM
HINT: Check your setting url_host
points to your mail server for this
domain!!
acme_do_auth failed ericvey.com
Update finished, 0 good, 1 bad
ssl_reload:
It appears to be trying to pull a
page from my public web server on port 80.
It didn't create
/home/httpd/html/.well-known/acme-challenge,
so I did and give the user mail permission
to write.
Am I doing something wrong here?
Eric Vey
--
Sent from my Android device with K-9 Mail. Please
excuse my brevity.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.