https://help.nexcess.net/77209-third-party-email-clients/how-to-allow-outlook-to-connect-over-tls-1112 has the registry instructions.

@marcusquinn said in Is there a way to set the LetsEncrypt email separately?: So Superadmin's are Owners then? In that case I have about 20 Indeed! You can downgrade everyone to be an admin. The main difference between superadmin and admin are that superadmins is meant to be the person who has access to the server (and the one who set things up initially). Superadmin also manages the subscription and has acess to mail server logs. Admins don't have access to these two things. Ideally, there is only one superadmin. We wanted to enforce this but migration from previous setups proved to be a bit problematic.

@girish This solved it for me. Thanks!

@terrygogo try static ip from your provider.

I am not an expert on AWS, but aren't AWS instances only CPU+RAM ? I thought the disk does not resize. This is for EC2 instances though. Are you using lightsail by any chance?

@girish & @marcusquinn thanks for the hints! Finally the AWS guide did the trick, it was a 2 step approach (in my case): sudo growpart /dev/sda 3 sudo resize2fs /dev/sda3

hi @girish . great info, thanks. I will try it out.

Hi @girish, I have done a complete reinstallation of the server and now I don't have any issue. I think I've done something wrong while I've completed the restoration informations the first time. Thank's a lot for your support, the subject can be marked as solved.

@nebulon Like I said, I thought it would be an issue for a particular client, but it's not! However, only as long as the config stays as it is; if you ever strengthen it by adding the "includeSubdomains" directive in the HSTS header (as it is advised sometimes in some of the readings I found for better security), you could cut access to subdomains that are not managed by Cloudron and cannot do TLS. The typical fictional scenario, if the config ever changes, would be: www.watering-plants-automatically.cloud is a website from a company that offers to manage clients' gardens; the designer of the website hosts it on its Cloudron instance for the client. The company already has stuff they host on subdomains, and won't relinquish access to the DNS server for security reasons. However www and the root domain both point to the Cloudron server IP, so Let's Encrypt works fine in "Manual" mode in the Domains & Certs tab of the designer's Cloudron; An end-user visits the website, decides to sign up and pay for their new fangled tool, which is hosted at myplants.watering-plants-automatically.cloud. This subdomain points to the IP of the appliance that manages the users' gardens. This is an old, crummy box that won't allow TLS, because it's almost an antic at this point; The user cannot connect to their tool, and throws an HSTS error. It's not an issue yet, but it might be something to think about if you ever consider changing the configuration (let's say, if you decide all domains with a wildcard cert should have includeSubdomains in their HSTS headers). Security-wise, it makes a ton of sense: let's say you type http://www.domain.tld in your browser. The server 302s you to https://www.domain.tld which has the HSTS header and "includeSubdomains" You later type http://mail.domain.tld in your browser: the browser will immediately connect to https instead, avoiding potential MITM attacks. Pretty powerful, but it might be an issue in this particular case where some subdomains shouldn't be covered. I initially thought I read in the docs that the HSTS config was such that all subdomains were included, and I remember that before using Cloudron, for this specific client, I set the header to "includeSubdomains", which promptly disallowed access to many tools I do not host because they didn't support TLS on them, if the user visited the main website before. So yeah, feel free to close that topic, because it's not an issue unless you decide to change the config server-wide

Yes, I think repair would work just fine. I'll give that a shot next time I run into this. The upgrade process makes sense, as you say, working on custom applications is a bit of a special usecase

Ok this is fixed, however requires a new Cloudron release, since the tasks API needs a proper pending state.

@jdaviescoates ok, good

@girish Yes I did, and the problem with the certificates is now fixed. Thank you!

Girish's note is also documented (though not super obvious) here at the very bottom of the page: https://cloudron.io/documentation/backups/#move-cloudron-to-another-server

@girish Ok yep, you're right. Simply emptying out my trash by 'permanently deleting' files cleared up a few gigs and now the entire NC image is 3.8GB which seems like a much more reasonable size when the files there are 2.8GB. Thanks! (Can mark as resolved)

@girish said in Install Link 404 Error: @woke You caught us in the middle of a transition of our server. Can you try again? It is working now, thank you!

@girish Thank you kindly!

Yup. This makes no sense. [image: 1597340098467-9bafe7ee-807e-4e2a-ae5d-bbf0b94cf89e-image-resized.png]

Deployed at https://cloudron.io/documentation/security/#privacy-control

This is fixed in 5.5