Mail Certificates do not get renewed.

vladimir.d

@nebulon it seems 7.2.2 is still affected. We faced with the same issue and resolved it by restating the mail service.

lucidfox

I also had the same error running Cloudron 7.2.2, and restarting the mail service solved the issue.

guyds

Same here with Cloudron 7.2.5

imc67

@guyds @nebulon @girish after all these months its a pity that this issue is not fully solved, if it happens it has a huge user impact as they receive certificate errors on their devices.

On 1 of my 4 Cloudrons Premium it again happens just minutes ago, the mail.domain certificate was expired at 13:00h (CEST) today. After 45 minutes I discovered myself and restarted the mail server, now the expiry date gives:

notBefore=Jul 16 11:00:49 2022 GMT
notAfter=Oct 14 11:00:48 2022 GMT

The other 3 are giving:

notBefore=May 24 11:05:39 2022 GMT
notAfter=Aug 22 11:05:38 2022 GMT

notBefore=May 23 23:00:54 2022 GMT
notAfter=Aug 21 23:00:53 2022 GMT

notBefore=May 24 23:01:26 2022 GMT
notAfter=Aug 22 23:01:25 2022 GMT

So it seems and looks like all 3 of them will get expired as they are not (copied???) refreshed in time?

BTW: please remove the SOLVED label as it is definately not solved.

girish

@imc67 Fair enough, I have made it unsolved. I have reworked large portions of the certificate logic upcoming release, so this should definitely got solved soonish.

guyds

@girish When can we expect an update that fixes this issue?
It just happened again on one of my Cloudrons

humptydumpty

@guyds see this post for details https://forum.cloudron.io/post/53552

guyds

@humptydumpty Thanks! Hadn't seen that post yet.

wu-lee

Also just experienced this on Cloudron (v7.2.5, Ubuntu 18.04.6 LTS). I'd report this as a bug via the support panel in the Cloudron dashboard, but the "submit" button seems to be disabled even when the form is apparently filled out correctly. Therefore posting here.

---

Users reported that mail wasn't syncing. This is generally not well reported in the clients - in Thunderbird, it just seems to show a spinning "busy" icon when syncing. Therefore it wasn't obvious what the cause was immediately.

No obviously related errors in the Cloudron dashboard's mail logs, but these all seem to be SMTP related.

Tracked down the IMAP log in the mail container, under /var/run/dovecot.log (This doesn't seem to be accessible in the UI or documented on the Cloudron site? Be great if it was!)

This listed errors like this:

Oct 07 08:29:44 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=REDACTED, lip=172.18.0.9, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<pGuonG3qbIhQwAEL>

Validated the SSL certificate using openssl:

openssl s_client -showcerts -connect $host:993 -servername $host > $host.certcheck

This included the line:

Verify return code: 10 (certificate has expired)

I restarted the mail service.

The SSL check then seemed included this line instead:

Verify return code: 0 (ok)

Mail syncing then seemed to work normally.

So problem solved for now, but it might reoccur. I infer something isn't restarting the mail service correctly when the SSL cert is updated?

Thanks!

nebulon

This should hopefully be fixed in Cloudron v7.3