renew mail certificate?

Discussion in 'Installation/Configuration' started by willoriker, Mar 18, 2021.

  1. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Apache/nginx will stop working, so don't do that. What is the content of /etc/letsencrypt/renewal?
    Code:
    ls -la /etc/letsencrypt/renewal
     
  2. willoriker

    willoriker Member

    finnaly i fixed, i check /etc/letsencrypt/live, and i found several occurrecnce of directory with FDQN, but with sufix 001,002, but no fdqn alone. i copy one of this with te name of FDQN, an voila!, installation script work perfect,. i test contro panel , and email and ftp with active LE cert.
    TX a lots
     
  3. willoriker

    willoriker Member

    sorry, but i am here again, i have problems with my first server ( this discussion was about 2 diferent server). i have problems again with emila server certificate. the funny thing is , now i dont receive error for script, but when i use thunderbird o others, or if i check cert in ssl-tools.net website, i get "self signed cert".
    Code:
    Updating ISPConfig
    ISPConfig Port [8080]:
    
    Create new ISPConfig SSL certificate (yes,no) [no]: yes
    
    Checking / creating certificate for mnsvr.digiiberica.es
    Using certificate path /etc/letsencrypt/live/mnsvr.digiiberica.es
    Server's public ip(s) (217.198.207.11, 217.198.207.11) not found in A/AAAA records for mnsvr.digiiberica.es: 192.168.0.8
    Ignore DNS check and continue to request certificate? (y,n) [n]: y
    
    Using apache for certificate validation
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator webroot, Installer None
    Cert not yet due for renewal
    Keeping the existing certificate
    Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: y
    
    Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: y
    
    Reconfigure Crontab? (yes,no) [yes]:
    
    Updating Crontab
    Restarting services ...
    Update finished.
    [email protected]:~#
    
    whats is the problem?
    tx in advance
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Last edited: Apr 27, 2021
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Seems like there was a A / AAAA record warning and then, there were existing LE certs.

    Most probably you got multiple certs with suffix instead of just FQDN like you mentioned earlier.

    By the way, from what I understand you fixed it manually last time by copying instead of deleting them all and issue a new request for the server FQDN.

    So in my view, that were the problems, but of course following the FAQ as suggested will tell you more.
     
  6. willoriker

    willoriker Member

    tx, taleman, the answer is yes and no, but i understand your comment, but i have a answer, when isp refer to dns record, refer to my domain dealer dns record or my ISp dns server?. because i dont use my ISP dns server, and i check my domains dns record and they are ok!. i see these line and i never understand them.
     
    Last edited: Apr 28, 2021
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    ISPConfig uses the server's resolver, so whatever your server is set to use (usually check /etc/resolv.conf to see what that is).
     
  8. willoriker

    willoriker Member

    my /etc/resolv.conf says
    Code:
    nameserver 127.0.0.53
    options edns0
    
    
     
  9. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Try using a open DNS resolve like 8.8.8.8 / 8.8.4.4.
     
  10. willoriker

    willoriker Member

    yes, i set this dns a long time ago
    Code:
     systemd-resolve --status
    Global
              DNSSEC NTA: 10.in-addr.arpa
                          16.172.in-addr.arpa
                          168.192.in-addr.arpa
                          17.172.in-addr.arpa
                          18.172.in-addr.arpa
                          19.172.in-addr.arpa
                          20.172.in-addr.arpa
                          21.172.in-addr.arpa
                          22.172.in-addr.arpa
                          23.172.in-addr.arpa
                          24.172.in-addr.arpa
                          25.172.in-addr.arpa
                          26.172.in-addr.arpa
                          27.172.in-addr.arpa
                          28.172.in-addr.arpa
                          29.172.in-addr.arpa
                          30.172.in-addr.arpa
                          31.172.in-addr.arpa
                          corp
                          d.f.ip6.arpa
                          home
                          internal
                          intranet
                          lan
                          local
                          private
                          test
    
    Link 2 (enp1s0)
          Current Scopes: DNS
           LLMNR setting: yes
    MulticastDNS setting: no
          DNSSEC setting: no
        DNSSEC supported: no
             DNS Servers: 8.8.8.8
                          8.8.4.4
    
     
  11. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Are you connecting to mnsvr.digiiberica.es in Thunderbird?
     

Share This Page