Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    SOLVED No lets encrypt certificate for Haraka after dns change

    Support
    mail certificates
    2
    3
    62
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • fbartels
      fbartels App Dev last edited by girish

      Hi,

      I moved some of my dns settings yesterday evening from the wildcard/manual configuration type to the Cloudflare one (including moving these domains to Cloudflare in general).

      It initially looked good yesterday evening (after syncing dns and forcing cert renewal where i got the known domain must be a string message), but this morning I had problems accessing the Dashboard on that server (hsts error, self signed cert instead of the le one) and after restarting the whole server Nginx picked up the correct certificates again. Next issue was Dovecot for port 993, here another restart of the mail container made it pick up the correct cert as well. The one thing still remaining is Haraka for port 587.

      Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
9wd.eu:443                                      Valid        May 5 2021   44
my.9wd.eu:443                                   Valid        Jun 19 2021  89
my.9wd.eu:993                                   Valid        Jun 19 2021  89
unable to load certificate
140469961258648:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140624968820376:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140564895733400:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140654917621400:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE
my.9wd.eu:587                                   Expired                   -2459296

      (output from https://github.com/Matty9191/ssl-cert-check)

      I exec'ed into the container, but Haraka is configured to use the same certificate as Dovecot so I am not quite sure why it does not actually show the same validity.

      girish 1 Reply Last reply Reply Quote 0
      • girish
        girish Staff @fbartels last edited by girish

        @fbartels port 587 uses STARTTLS i.e the connection starts out as plain text and when the STARTTLS extension is detected, it will upgrade to TLS.

        You can verify it like this instead (and I can confirm the cert is fine):

        openssl s_client -starttls smtp -connect my.9wd.eu:587
        fbartels 1 Reply Last reply Reply Quote 0
        • fbartels
          fbartels App Dev @girish last edited by

          how embarrassing. You're absolutely right. I was searching after ghosts.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post