dovecot ssl problem

Discussion in 'Installation/Configuration' started by edopol, Mar 7, 2020.

  1. edopol

    edopol New Member

    I don't know how to solve the problem anymore and I have the mail server stopped, I can't remember putting a passphrase in the ispconfig to ver 3.15 update. Please help me to get out of this problem
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You can remove the password of an SSL key like this:

    openssl rsa -in file1.key -out file2.key

    file1.key is the password protected file and file2.key is the key without password protection. You need to know the password for that. If you don't know the password, you'll have to create a new ssl key and cert.
     
  3. edopol

    edopol New Member

    Can't open file1.key for reading, No such file or directory
    140692109074496:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:74:fopen('file1.key','r')
    140692109074496:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:81:
    unable to load Private Key
    I don't know where to look for the file, the crypto directory, I don't know where to look for it, and I don't know the name of the file it's bss_file???
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You can find the file name and path of the key file in the dovecot configuration file, which is /etc/dovecot/dovecot.conf
     
  5. edopol

    edopol New Member

    I can't find the file name. can you help me again ??
     
  6. edopol

    edopol New Member

    how can i reinstall dovecot without losing data ???
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    The filename is /etc/postfix/smtpd.key, the line is named ssl_key. And reinstalling covecot will not help you as there is no issue with dovecot, it's just an encrypted SSL key.
     
  8. edopol

    edopol New Member

    I deleted the certificate with the following procedure:
    I deleted the server's domain, I restarted, I recreated the domain, the certificate I gave the resynchronization. but .... in etc / letsencript / live the domain does not exist, not even the certificate, it can be a letsencript problem ???
    the new domain gets me a certificate of another domain on the server, when I try https: //
     
  9. edopol

    edopol New Member

    I would like to know if there is a way to make mail work without dovecot, considering that I use the server for work, and I urgently need to make it work.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Dovecot is your imap and pop3 server, you can't run a mail server without imap and pop3. The problem is that what you did in #8 was not really helpful as that was not the cause of the problem but might give new issues now.

    What you can try is this: Run the command:

    ispconfig_update.sh

    as root user. Choose git-stable as update source, let the update reconfigure services and also choose to generate a new ssl cert when the updater asks. Take care to NOT encrypt it.
     
  11. edopol

    edopol New Member

    error
    ISPConfig Port [8080]:

    Create new ISPConfig SSL certificate (yes,no) [no]: yes

    genrsa: Can't open "/usr/local/ispconfig/interface/ssl/ispserver.key" for writing, No such file or directory
    Can't open /usr/local/ispconfig/interface/ssl/ispserver.key for reading, No such file or directory
    139839495196736:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:74:fopen('/usr/local/ispconfig/interface/ssl/ispserver.key','r')
    139839495196736:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:81:
    unable to load Private Key
    req: Cannot open input file /usr/local/ispconfig/interface/ssl/ispserver.csr, No such file or directory
    req: Use -help for summary.
    Can't open /usr/local/ispconfig/interface/ssl/ispserver.key for reading, No such file or directory
    140664555286592:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:74:fopen('/usr/local/ispconfig/interface/ssl/ispserver.key','r')
    140664555286592:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:81:
    unable to load Private Key
    PHP Warning: rename(/usr/local/ispconfig/interface/ssl/ispserver.key.insecure,/usr/local/ispconfig/interface/ssl/ispserver.key): No such file or directory in /tmp/update_from_dev_stable.sh.6velqUKBFm/ispconfig3-stable-3.1-d4e9f1b58695241304e7a6d654c18f91a12e271b/install/lib/installer_base.lib.php on line 2443


    Reconfigure Crontab? (yes,no) [yes]:

    Updating Crontab
    Restarting services ...
    Job for dovecot.service failed because the control process exited with error code.
    See "systemctl status dovecot.service" and "journalctl -xe" for details.
    Update finished.
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, these are now the side effects I spoke about that were caused by the LE removal you made.

    Are you able to login to ISPconfig, you have a self-signed ssl cert now, so accept the ssl warning and check if you can login.

    Then post the result of the command:

    ls -la /usr/local/ispconfig/interface/ssl/

    and check the /var/log/mail.log for the error message that dovecot has thrown during restart.
     
  13. edopol

    edopol New Member

    Sorry Till, can I restart everything without ssl, and communicate with the mail ?? if possible, what should i remove ???
    Thanks in advance for the time dedicated to me
     
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, but I recommend fixing the ssl cert.

    If you want to remove ssl from dovecot, then add a # in front of all ssl lines in dovecot.conf file and restart dovecot.

    But I can't help you if you don not post the requested info. Please post the result of the command

    ls -la /usr/local/ispconfig/interface/ssl/

    and also the error from mail.log file so I can help you to sort out the ssl problem.
     
  15. edopol

    edopol New Member

    Till, I read an old post, where you recommended to close the ssl ports of the mail, in the firewall. i did and now it works without ssl / tls. I'll try to fix the server kernel problem and then try again. Thanks so much for your patience
     

Share This Page