Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Unsolved Mail Certificates do not get renewed.

    Support
    mail certificates
    10
    16
    676
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Leggias last edited by girish

      Hello everyone,

      I have a problem with the SSL certificates of the mail server. All certificates of my domains and subdomains are getting renewed. However, since a few days I have been getting an error via Outlook when I want to retrieve mail, it has an expired certificate and is not renewed.

      When I renew the Certs I don't get an error and everything seems to work. The only problem is that the mail is not renewed properly and therefore does not work on my outlook, unless I allow the mail to be opened unsecured.

      Any ideas why this is happening?

      nebulon 1 Reply Last reply Reply Quote 1
      • nebulon
        nebulon Staff @Leggias last edited by

        @leggias we used to have a bug in some recent Cloudron versions with this. Can you head over to the Services view in your Cloudron dashboard and restart the Mail service there manually from that UI? This should pull in the fresh certificates into the mail server.

        L 1 Reply Last reply Reply Quote 0
        • L
          Leggias @nebulon last edited by

          @nebulon Thank you for your quick reply. It is working again!

          Thanks 🙂

          1 Reply Last reply Reply Quote 0
          • d19dotca
            d19dotca last edited by

            Funny enough I just had this issue today too. Checked mail and suddenly it told me it couldn’t connect because the mail server certificate expired. Seems like a bug.

            --
            Dustin Dauncey
            www.d19.ca

            nebulon 1 Reply Last reply Reply Quote 0
            • nebulon
              nebulon Staff @d19dotca last edited by

              @d19dotca on which Cloudron version are you on?

              d19dotca vladimir.d 2 Replies Last reply Reply Quote 0
              • d19dotca
                d19dotca @nebulon last edited by

                @nebulon I was on 6.3.5 at the time. I have since upgraded to 6.3.6.

                Restarting the mail service which resolved the issue.

                --
                Dustin Dauncey
                www.d19.ca

                1 Reply Last reply Reply Quote 0
                • vladimir.d
                  vladimir.d @nebulon last edited by

                  @nebulon it seems 7.2.2 is still affected. We faced with the same issue and resolved it by restating the mail service.

                  L 1 Reply Last reply Reply Quote 0
                  • L
                    lucidfox @vladimir.d last edited by

                    I also had the same error running Cloudron 7.2.2, and restarting the mail service solved the issue.

                    G 1 Reply Last reply Reply Quote 0
                    • G
                      guyds @lucidfox last edited by

                      Same here with Cloudron 7.2.5

                      imc67 1 Reply Last reply Reply Quote 0
                      • imc67
                        imc67 translator @guyds last edited by

                        @guyds @nebulon @girish after all these months its a pity that this issue is not fully solved, if it happens it has a huge user impact as they receive certificate errors on their devices.

                        On 1 of my 4 Cloudrons Premium it again happens just minutes ago, the mail.domain certificate was expired at 13:00h (CEST) today. After 45 minutes I discovered myself and restarted the mail server, now the expiry date gives:

                        notBefore=Jul 16 11:00:49 2022 GMT
                        notAfter=Oct 14 11:00:48 2022 GMT
                        

                        The other 3 are giving:

                        notBefore=May 24 11:05:39 2022 GMT
                        notAfter=Aug 22 11:05:38 2022 GMT
                        
                        notBefore=May 23 23:00:54 2022 GMT
                        notAfter=Aug 21 23:00:53 2022 GMT
                        
                        notBefore=May 24 23:01:26 2022 GMT
                        notAfter=Aug 22 23:01:25 2022 GMT
                        

                        So it seems and looks like all 3 of them will get expired as they are not (copied???) refreshed in time?

                        BTW: please remove the SOLVED label as it is definately not solved.

                        girish 1 Reply Last reply Reply Quote 1
                        • girish
                          girish Staff @imc67 last edited by

                          @imc67 Fair enough, I have made it unsolved. I have reworked large portions of the certificate logic upcoming release, so this should definitely got solved soonish.

                          G 1 Reply Last reply Reply Quote 3
                          • Topic has been marked as unsolved  girish girish 
                          • G
                            guyds @girish last edited by

                            @girish When can we expect an update that fixes this issue?
                            It just happened again on one of my Cloudrons

                            humptydumpty 1 Reply Last reply Reply Quote 0
                            • humptydumpty
                              humptydumpty @guyds last edited by

                              @guyds see this post for details https://forum.cloudron.io/post/53552

                              G 1 Reply Last reply Reply Quote 2
                              • G
                                guyds @humptydumpty last edited by

                                @humptydumpty Thanks! Hadn't seen that post yet.

                                1 Reply Last reply Reply Quote 0
                                • W
                                  wu-lee last edited by

                                  Also just experienced this on Cloudron (v7.2.5, Ubuntu 18.04.6 LTS). I'd report this as a bug via the support panel in the Cloudron dashboard, but the "submit" button seems to be disabled even when the form is apparently filled out correctly. Therefore posting here.


                                  Users reported that mail wasn't syncing. This is generally not well reported in the clients - in Thunderbird, it just seems to show a spinning "busy" icon when syncing. Therefore it wasn't obvious what the cause was immediately.

                                  No obviously related errors in the Cloudron dashboard's mail logs, but these all seem to be SMTP related.

                                  Tracked down the IMAP log in the mail container, under /var/run/dovecot.log (This doesn't seem to be accessible in the UI or documented on the Cloudron site? Be great if it was!)

                                  This listed errors like this:

                                  Oct 07 08:29:44 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=REDACTED, lip=172.18.0.9, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<pGuonG3qbIhQwAEL>
                                  

                                  Validated the SSL certificate using openssl:

                                  openssl s_client -showcerts -connect $host:993 -servername $host > $host.certcheck
                                  

                                  This included the line:

                                  Verify return code: 10 (certificate has expired)
                                  

                                  I restarted the mail service.

                                  The SSL check then seemed included this line instead:

                                  Verify return code: 0 (ok)
                                  

                                  Mail syncing then seemed to work normally.

                                  So problem solved for now, but it might reoccur. I infer something isn't restarting the mail service correctly when the SSL cert is updated?

                                  Thanks!

                                  1 Reply Last reply Reply Quote 1
                                  • nebulon
                                    nebulon Staff last edited by

                                    This should hopefully be fixed in Cloudron v7.3

                                    1 Reply Last reply Reply Quote 1
                                    • First post
                                      Last post
                                    Powered by NodeBB