Mail Certificates do not get renewed.
-
I also had the same error running Cloudron 7.2.2, and restarting the mail service solved the issue.
-
@guyds @nebulon @girish after all these months its a pity that this issue is not fully solved, if it happens it has a huge user impact as they receive certificate errors on their devices.
On 1 of my 4 Cloudrons Premium it again happens just minutes ago, the mail.domain certificate was expired at 13:00h (CEST) today. After 45 minutes I discovered myself and restarted the mail server, now the expiry date gives:
notBefore=Jul 16 11:00:49 2022 GMT notAfter=Oct 14 11:00:48 2022 GMT
The other 3 are giving:
notBefore=May 24 11:05:39 2022 GMT notAfter=Aug 22 11:05:38 2022 GMT notBefore=May 23 23:00:54 2022 GMT notAfter=Aug 21 23:00:53 2022 GMT notBefore=May 24 23:01:26 2022 GMT notAfter=Aug 22 23:01:25 2022 GMT
So it seems and looks like all 3 of them will get expired as they are not (copied???) refreshed in time?
BTW: please remove the SOLVED label as it is definately not solved.
-
-
@guyds see this post for details https://forum.cloudron.io/post/53552
-
@humptydumpty Thanks! Hadn't seen that post yet.
-
Also just experienced this on Cloudron (v7.2.5, Ubuntu 18.04.6 LTS). I'd report this as a bug via the support panel in the Cloudron dashboard, but the "submit" button seems to be disabled even when the form is apparently filled out correctly. Therefore posting here.
Users reported that mail wasn't syncing. This is generally not well reported in the clients - in Thunderbird, it just seems to show a spinning "busy" icon when syncing. Therefore it wasn't obvious what the cause was immediately.
No obviously related errors in the Cloudron dashboard's mail logs, but these all seem to be SMTP related.
Tracked down the IMAP log in the mail container, under /var/run/dovecot.log (This doesn't seem to be accessible in the UI or documented on the Cloudron site? Be great if it was!)
This listed errors like this:
Oct 07 08:29:44 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=REDACTED, lip=172.18.0.9, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<pGuonG3qbIhQwAEL>
Validated the SSL certificate using openssl:
openssl s_client -showcerts -connect $host:993 -servername $host > $host.certcheck
This included the line:
Verify return code: 10 (certificate has expired)
I restarted the mail service.
The SSL check then seemed included this line instead:
Verify return code: 0 (ok)
Mail syncing then seemed to work normally.
So problem solved for now, but it might reoccur. I infer something isn't restarting the mail service correctly when the SSL cert is updated?
Thanks!