Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. No lets encrypt certificate for Haraka after dns change

No lets encrypt certificate for Haraka after dns change

Scheduled Pinned Locked Moved Solved Support
mailcertificates
3 Posts 2 Posters 745 Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • fbartelsF Offline
    fbartelsF Offline
    fbartels
    App Dev
    wrote on last edited by girish
    #1

    Hi,

    I moved some of my dns settings yesterday evening from the wildcard/manual configuration type to the Cloudflare one (including moving these domains to Cloudflare in general).

    It initially looked good yesterday evening (after syncing dns and forcing cert renewal where i got the known domain must be a string message), but this morning I had problems accessing the Dashboard on that server (hsts error, self signed cert instead of the le one) and after restarting the whole server Nginx picked up the correct certificates again. Next issue was Dovecot for port 993, here another restart of the mail container made it pick up the correct cert as well. The one thing still remaining is Haraka for port 587.

    Host                                            Status       Expires      Days
    ----------------------------------------------- ------------ ------------ ----
    9wd.eu:443                                      Valid        May 5 2021   44
    my.9wd.eu:443                                   Valid        Jun 19 2021  89
    my.9wd.eu:993                                   Valid        Jun 19 2021  89
    unable to load certificate
    140469961258648:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
    unable to load certificate
    140624968820376:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
    unable to load certificate
    140564895733400:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
    unable to load certificate
    140654917621400:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
    my.9wd.eu:587                                   Expired                   -2459296
    

    (output from https://github.com/Matty9191/ssl-cert-check)

    I exec'ed into the container, but Haraka is configured to use the same certificate as Dovecot so I am not quite sure why it does not actually show the same validity.

    girishG 1 Reply Last reply
    0
    • fbartelsF fbartels

      Hi,

      I moved some of my dns settings yesterday evening from the wildcard/manual configuration type to the Cloudflare one (including moving these domains to Cloudflare in general).

      It initially looked good yesterday evening (after syncing dns and forcing cert renewal where i got the known domain must be a string message), but this morning I had problems accessing the Dashboard on that server (hsts error, self signed cert instead of the le one) and after restarting the whole server Nginx picked up the correct certificates again. Next issue was Dovecot for port 993, here another restart of the mail container made it pick up the correct cert as well. The one thing still remaining is Haraka for port 587.

      Host                                            Status       Expires      Days
      ----------------------------------------------- ------------ ------------ ----
      9wd.eu:443                                      Valid        May 5 2021   44
      my.9wd.eu:443                                   Valid        Jun 19 2021  89
      my.9wd.eu:993                                   Valid        Jun 19 2021  89
      unable to load certificate
      140469961258648:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
      unable to load certificate
      140624968820376:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
      unable to load certificate
      140564895733400:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
      unable to load certificate
      140654917621400:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
      my.9wd.eu:587                                   Expired                   -2459296
      

      (output from https://github.com/Matty9191/ssl-cert-check)

      I exec'ed into the container, but Haraka is configured to use the same certificate as Dovecot so I am not quite sure why it does not actually show the same validity.

      girishG Offline
      girishG Offline
      girish
      Staff
      wrote on last edited by girish
      #2

      @fbartels port 587 uses STARTTLS i.e the connection starts out as plain text and when the STARTTLS extension is detected, it will upgrade to TLS.

      You can verify it like this instead (and I can confirm the cert is fine):

      openssl s_client -starttls smtp -connect my.9wd.eu:587
      
      fbartelsF 1 Reply Last reply
      0
      • girishG girish

        @fbartels port 587 uses STARTTLS i.e the connection starts out as plain text and when the STARTTLS extension is detected, it will upgrade to TLS.

        You can verify it like this instead (and I can confirm the cert is fine):

        openssl s_client -starttls smtp -connect my.9wd.eu:587
        
        fbartelsF Offline
        fbartelsF Offline
        fbartels
        App Dev
        wrote on last edited by
        #3

        how embarrassing. You're absolutely right. I was searching after ghosts.

        1 Reply Last reply
        0
        Reply
        • Reply as topic
        Log in to reply
        • Oldest to Newest
        • Newest to Oldest
        • Most Votes


        • Login

        • Don't have an account? Register

        • Login or register to search.
        • First post
          Last post
        0
        • Categories
        • Recent
        • Tags
        • Popular
        • Bookmarks
        • Search