Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. No lets encrypt certificate for Haraka after dns change

No lets encrypt certificate for Haraka after dns change

Scheduled Pinned Locked Moved Solved Support
mailcertificates
3 Posts 2 Posters 559 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • fbartelsF Offline
    fbartelsF Offline
    fbartels App Dev
    wrote on last edited by girish
    #1

    Hi,

    I moved some of my dns settings yesterday evening from the wildcard/manual configuration type to the Cloudflare one (including moving these domains to Cloudflare in general).

    It initially looked good yesterday evening (after syncing dns and forcing cert renewal where i got the known domain must be a string message), but this morning I had problems accessing the Dashboard on that server (hsts error, self signed cert instead of the le one) and after restarting the whole server Nginx picked up the correct certificates again. Next issue was Dovecot for port 993, here another restart of the mail container made it pick up the correct cert as well. The one thing still remaining is Haraka for port 587.

    Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
9wd.eu:443                                      Valid        May 5 2021   44
my.9wd.eu:443                                   Valid        Jun 19 2021  89
my.9wd.eu:993                                   Valid        Jun 19 2021  89
unable to load certificate
140469961258648:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140624968820376:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140564895733400:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140654917621400:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
my.9wd.eu:587                                   Expired                   -2459296

    (output from https://github.com/Matty9191/ssl-cert-check)

    I exec'ed into the container, but Haraka is configured to use the same certificate as Dovecot so I am not quite sure why it does not actually show the same validity.

    girishG 1 Reply Last reply
    0
    • girishG Do not disturb
      girishG Do not disturb
      girish Staff
      replied to fbartels on last edited by girish
      #2

      @fbartels port 587 uses STARTTLS i.e the connection starts out as plain text and when the STARTTLS extension is detected, it will upgrade to TLS.

      You can verify it like this instead (and I can confirm the cert is fine):

      openssl s_client -starttls smtp -connect my.9wd.eu:587
      fbartelsF 1 Reply Last reply
      0
      • fbartelsF Offline
        fbartelsF Offline
        fbartels App Dev
        replied to girish on last edited by
        #3

        how embarrassing. You're absolutely right. I was searching after ghosts.

        1 Reply Last reply
        0

        • Login
        • Don't have an account? Register
        • Login or register to search.
        • First post
          Last post
        0
        • Categories
        • Recent
        • Tags
        • Popular
        • Bookmarks
        • Search