Cloudron Forum

@matix131997 my understanding is that issuance from E1 requires whitelisting of your LE account - https://letsencrypt.org/certificates/ . This is why ISRG Root X2 is still limited availability.

Thank you for your help. Website filing is to register the services provided by this server to improve network security. When I tried to use servers in other countries, it was very successful, thank you for your help, and wish you success in your work!

@jdaviescoates totally confusing for sure. Not cloudron's fault completely as TLS is just an update to SSL. The problem comes from old software I think where SSL (the verb) is still being used where TLS should be. Both are technically the same, one is just newer.

Or at least that is what google would suggest lol. Either way, you can never have too many docs so an update to specifically call this out when working with SMTP ports would be useful.

@omen OK, I figured out how configure Fastly now...
Please configure it like below:

Enable TLS - Yes Verify Certificate - Yes Certificate hostname - In my case, it is wildcard. But since you use the 'manual' provider, the hostname is subdomain.example.com. SNI hostname - this is subdomain.example.com.

With the above settings, fastly serves up pages fine on http.

c787fbfb-57bb-4793-a100-3da1015ba6a5-image.png

One thing to remember is, because you are using "manual" DNS provider, Cloudron requires "http" callbacks for Let's Encrypt to work. I am not sure how this works in fastly, does it allow you to have some URLs that are not "cached" ? I guess one way is to call the Cloudron app subdomain as "website.domain.com" but the domain in fastly should be something else like "realwebsite.domain.com" (meaning, name it different). This way, manual setting on Cloudron can continue to use HTTP reliably to get certificates.

If you want the domain names to be same, you have to use one of the automated DNS providers in Cloudron.

I see. Maybe that's because mailtrain adds unsubscribe headers in the email header etc. I don't really know of any other bulk mailer software. Are you able to contact the support of turbo mailer and ask them if they support STARTLS at all?

@gml said in SSL error after upgrading to 5.6.0 on ubuntu 16:

That seemed to solve it, even if a server reboot did not solve it. I also got a mail, that this was also visible from other mail-servers (not just from my mail client), as I use DANE for certificate pinning.
Thx girish!

I had the same issue. And the same fix. A reboot didn't work, a service restart did the trick. Thanks!

@girish This is an interesting observation. I was just looking to see if this was a real security threat or not, and I suppose it isn't but can offer a bit more privacy using the wildcard approach. Any particular reason why the Let's Encrypt wildcard support can't be done through the actual Cloudron wildcard DNS approach? Is there a way to support this? I'd really like to take advantage of a smaller DNS provider which has some great monitoring features included, but it isn't supported via any API by Cloudron yet, so if I go that route I can only use the Wildcard option, but those don't actually allow for the wildcard certificates.

Edit: Nevermind, I see why in the docs: "Let's Encrypt only allows obtaining wildcard certificates using DNS automation. Cloudron will default to obtaining wildcard certificates when using one of the programmatic DNS API providers."

@girish said in Allow SSL /TLS in email outbound SMTP settings:

Are you hosting a custom domain on mailbox.org or do you have a @mailbox.org address? If it's the latter, mailbox is then not really an email relay. Generally, email relays are able to forward all addresses of a domain i.e anything@cloudrondomain.tld.

BTW I figured out how to use mailbox.org as a relay: https://kb.mailbox.org/display/MBOKBEN/Using+e-mail+addresses+of+your+domain
I obviously skipped the part setting the mx values but otherwise it’s been working well the past weeks.