SurgeMail Archive: Re: [SurgeMail List] g_ssl

Subject:	Re: [SurgeMail List] g_ssl_auto and apache and certbot
From:	Surgemail Support
Date:	18-Sep-2019
I believe It's not needed as the chain file is appended to the certificate. chrisP. On 18/09/2019 11:41 AM, Eric Vey wrote: What to do with the chain.pem reference? Cert and pvt work fine, but there is also a chain.pem and include path in the .conf file. On September 16, 2019 11:33:16 AM EDT, Eric Vey <junker@ericvey.com> wrote: Ubuntu does not locate apache web pages in the same places as other installs. I rarely tear into the os, so I have a hard time remembering what I do from one time to the next. There is a let's encrypt conf file that directs apache where to look for the pem files. I may have edited this file when I installed cert-bot, but I don't recall. I'm going to document all this when I make the changes, which conf files I edit and their location. That's for others and me to look up, next time they make dramatic changes. Eric Vey On September 15, 2019 10:06:40 PM EDT, Surgemail Support <surgemail-support@netwinsite.com> wrote: On 16/09/2019 1:43 PM, Eric Vey wrote: The location of my web files is: /var/www/ericvey.com/public_html so I made a /.well-known/acme-challenge in there, changed the g_ssl_lets_path to that and the update completed properly this time. I'm assuming the apache site is still using the old certificate. I'll have to google and see if there is something to do in the apache2.conf file to steer it to the new path. You should be able to point it at the files surge_cert.pem and surge_priv.pem that surgemail uses by settings in the apache config I think. ChrisP. Getting late here. Thanks for your help. Eric Vey On Sunday 15/09/2019 at 8:54 pm, Surgemail Support wrote: Nope that failed. This request you can test manually with any web browser: http://ericvey.com/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g And it should work and give you a page with numbers in it. It looks like you set the path to: /home/httpd/html/.well-known/acme-challenge Check the apache config files to see where the 'html' path for "ericvey.com" maps to, I'm guessing it is going somewhere else....? ChrisP. On 16/09/2019 12:48 PM, Eric Vey wrote: Okay I did it. The certificates were created and the apache server seems to be fine. I tested using Ssl Labs and they like the configuration. They only saw one certificate. I still got this error though when I ran the update: Account status: Account created ok https://acme-v02.api.letsencrypt.org/acme/acct/65983680 acme_authorize required for domain ericvey.com Challenge http-01 pending Created www/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g Created /home/httpd/html/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g Challenge: error: Invalid response from http://ericvey.com/.well-known/acme-challenge/c2F60SZQ2829nEsjYX_1p00hA_fpRG_uShesdfHHK0g [142.197.114.27]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p" HINT: Check your setting url_host points to your mail server for this domain!! acme_do_auth failed ericvey.com Update finished, 0 good, 2 bad ssl_reload: This means I can remove the certbot generated certificate and remove the chron job that updates it every three months? On Sunday 15/09/2019 at 7:56 pm, Surgemail Support wrote: On 16/09/2019 11:53 AM, Eric Vey wrote: So I must state the path before I run tellmail ssl_update? Yes. How does apache know to look there? It's the path apache is going to use for any html files, you are telling surgemail where apache is going to look, so you have to start from knowing the apache path to html files... ChrisP. Eric Vey On September 15, 2019 6:56:11 PM EDT, Surgemail Support <surgemail-support@netwinsite.com> wrote: If you have a web server then you must use g_ssl_lets_path to tell surgemail to create the file in the webserver path, it should be pointing at /home/httpd/html/.well-known/acme-challenge which as you mention must be writable by user 'mail'... What happens when you try that? chrisp. On 16/09/2019 3:33 AM, Eric Vey wrote: Hi, So I have a single ubuntu server for mail and web. Port 80 is for web and port 7080 is for webmail. g_webmail_port is set to 7080 only. All requests come to ericvey.com and I let the router do the work. There is no mail.ericvey.com, just ericvey.com. Let's encrypt certbot automagically set up the apache putting the certificate in /etc/letsencrypyt/live ... )you know the rest) Right now, I am back to g_ssl_lets_path because when I remove it and set g_ssl_auto to "true" I get this error when I run tellmail ssl_update. I don't really need to update the certificate, nor do I need (or want) a second one. Stars indicate info removed for privacy. ****@ubuntu-server-2:~# tellmail ssl_update SurgeMail Version 7.3o4-4, Built Oct 14 2018 22:20:57, Platform Linux Key ****** OK,* email=**@ericvey.com, users=10, flags=48, host=ubuntu-server-2:127.0.1.1, prod=surgemail active=4 updates=27/Dec/2016 Update starting Update domain ericvey.com Existing cert check: ericvey.com Self signed certificate /CN=ericvey.com Account status: Account created ok https://acme-v02.api.letsencrypt.org/acme/acct/65983680 acme_authorize required for domain ericvey.com Challenge http-01 pending Created www/.well-known/acme-challenge/VRzjGR2QkMm_WgmaoKmx7Lt1qvhFe6RYCiJXQhi4vHM Challenge: error: Invalid response from http://ericvey.com/.well-known/acme-challenge/VRzjGR2QkMm_WgmaoKmx7Lt1qvhFe6RYCiJXQhi4vHM [142.197.114.27]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p" HINT: Check your setting url_host points to your mail server for this domain!! acme_do_auth failed ericvey.com Update finished, 0 good, 1 bad ssl_reload: It appears to be trying to pull a page from my public web server on port 80. It didn't create /home/httpd/html/.well-known/acme-challenge, so I did and give the user mail permission to write. Am I doing something wrong here? Eric Vey -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.

Last Message | Next Message


Search website: