Mail Certificates do not get renewed.
-
Hello everyone,
I have a problem with the SSL certificates of the mail server. All certificates of my domains and subdomains are getting renewed. However, since a few days I have been getting an error via Outlook when I want to retrieve mail, it has an expired certificate and is not renewed.
When I renew the Certs I don't get an error and everything seems to work. The only problem is that the mail is not renewed properly and therefore does not work on my outlook, unless I allow the mail to be opened unsecured.
Any ideas why this is happening?
-
Hello everyone,
I have a problem with the SSL certificates of the mail server. All certificates of my domains and subdomains are getting renewed. However, since a few days I have been getting an error via Outlook when I want to retrieve mail, it has an expired certificate and is not renewed.
When I renew the Certs I don't get an error and everything seems to work. The only problem is that the mail is not renewed properly and therefore does not work on my outlook, unless I allow the mail to be opened unsecured.
Any ideas why this is happening?
@leggias we used to have a bug in some recent Cloudron versions with this. Can you head over to the Services view in your Cloudron dashboard and restart the Mail service there manually from that UI? This should pull in the fresh certificates into the mail server.
-
@leggias we used to have a bug in some recent Cloudron versions with this. Can you head over to the Services view in your Cloudron dashboard and restart the Mail service there manually from that UI? This should pull in the fresh certificates into the mail server.
-
Funny enough I just had this issue today too. Checked mail and suddenly it told me it couldn’t connect because the mail server certificate expired. Seems like a bug.
-
@nebulon it seems 7.2.2 is still affected. We faced with the same issue and resolved it by restating the mail service.
-
@nebulon it seems 7.2.2 is still affected. We faced with the same issue and resolved it by restating the mail service.
-
I also had the same error running Cloudron 7.2.2, and restarting the mail service solved the issue.
-
@guyds @nebulon @girish after all these months its a pity that this issue is not fully solved, if it happens it has a huge user impact as they receive certificate errors on their devices.
On 1 of my 4 Cloudrons Premium it again happens just minutes ago, the mail.domain certificate was expired at 13:00h (CEST) today. After 45 minutes I discovered myself and restarted the mail server, now the expiry date gives:
notBefore=Jul 16 11:00:49 2022 GMT notAfter=Oct 14 11:00:48 2022 GMTThe other 3 are giving:
notBefore=May 24 11:05:39 2022 GMT notAfter=Aug 22 11:05:38 2022 GMT notBefore=May 23 23:00:54 2022 GMT notAfter=Aug 21 23:00:53 2022 GMT notBefore=May 24 23:01:26 2022 GMT notAfter=Aug 22 23:01:25 2022 GMTSo it seems and looks like all 3 of them will get expired as they are not (copied???) refreshed in time?
BTW: please remove the SOLVED label as it is definately not solved.
-
@guyds @nebulon @girish after all these months its a pity that this issue is not fully solved, if it happens it has a huge user impact as they receive certificate errors on their devices.
On 1 of my 4 Cloudrons Premium it again happens just minutes ago, the mail.domain certificate was expired at 13:00h (CEST) today. After 45 minutes I discovered myself and restarted the mail server, now the expiry date gives:
notBefore=Jul 16 11:00:49 2022 GMT notAfter=Oct 14 11:00:48 2022 GMTThe other 3 are giving:
notBefore=May 24 11:05:39 2022 GMT notAfter=Aug 22 11:05:38 2022 GMT notBefore=May 23 23:00:54 2022 GMT notAfter=Aug 21 23:00:53 2022 GMT notBefore=May 24 23:01:26 2022 GMT notAfter=Aug 22 23:01:25 2022 GMTSo it seems and looks like all 3 of them will get expired as they are not (copied???) refreshed in time?
BTW: please remove the SOLVED label as it is definately not solved.
-
G girish has marked this topic as unsolved on
-
@imc67 Fair enough, I have made it unsolved. I have reworked large portions of the certificate logic upcoming release, so this should definitely got solved soonish.
-
@girish When can we expect an update that fixes this issue?
It just happened again on one of my Cloudrons@guyds see this post for details https://forum.cloudron.io/post/53552
-
@guyds see this post for details https://forum.cloudron.io/post/53552
@humptydumpty Thanks! Hadn't seen that post yet.
-
Also just experienced this on Cloudron (v7.2.5, Ubuntu 18.04.6 LTS). I'd report this as a bug via the support panel in the Cloudron dashboard, but the "submit" button seems to be disabled even when the form is apparently filled out correctly. Therefore posting here.
Users reported that mail wasn't syncing. This is generally not well reported in the clients - in Thunderbird, it just seems to show a spinning "busy" icon when syncing. Therefore it wasn't obvious what the cause was immediately.
No obviously related errors in the Cloudron dashboard's mail logs, but these all seem to be SMTP related.
Tracked down the IMAP log in the mail container, under /var/run/dovecot.log (This doesn't seem to be accessible in the UI or documented on the Cloudron site? Be great if it was!)
This listed errors like this:
Oct 07 08:29:44 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=REDACTED, lip=172.18.0.9, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<pGuonG3qbIhQwAEL>Validated the SSL certificate using openssl:
openssl s_client -showcerts -connect $host:993 -servername $host > $host.certcheckThis included the line:
Verify return code: 10 (certificate has expired)I restarted the mail service.
The SSL check then seemed included this line instead:
Verify return code: 0 (ok)Mail syncing then seemed to work normally.
So problem solved for now, but it might reoccur. I infer something isn't restarting the mail service correctly when the SSL cert is updated?
Thanks!
