Closed lunaticds closed 2 years ago
msimerson
commented
2 years ago It seems pretty obvious that the TLS certificate was installed to /data/dovecot/etc/ssl/certs/mail2.xxxxx.net.au.pem. The question is then, why isn't it being served? My guess is that it has to do with your dovecot local TLS config. There's another self-signed certificate that is being served when you don't expect it.
lunaticds
commented
2 years ago Yeah, it seems for whatever reason Dovecot is looking at the self signed generated somewhere in the setup for the domain rather than the host specific host. For the sake of not screwing with the config too much (trying to keep everything vanilla), I've copied the signed cert and matching key to the same name as the self signed, restarted the Dovecot jail and this seems to have resolved it.
Describe the bug Fresh build from yesterday (post bug fixes). Web interface is using Lets Encrypt certificates as expected, however noted when connecting with mail client via POP3 or IMAP, mail client is being presented with a self signed certificate. Re-provisioning doesn't seem to make a difference. [Wed Nov 10 06:36:39 AEDT 2021] Your cert is in: /root/.acme.sh/mail2.xxxxxx.net.au/mail2.xxxxxx.net.au.cer [Wed Nov 10 06:36:39 AEDT 2021] Your cert key is in: /root/.acme.sh/mail2.xxxxxx.net.au/mail2.xxxxx.net.au.key [Wed Nov 10 06:36:39 AEDT 2021] The intermediate CA cert is in: /root/.acme.sh/mail2.xxxxxxx.net.au/ca.cer [Wed Nov 10 06:36:39 AEDT 2021] And the full chain certs is there: /root/.acme.sh/mail2.xxxxx.net.au/fullchain.cer deploying haraka Files /root/.acme.sh/mail2.xxxxxx.net.au/fullchain.cer and /data/haraka/config/tls_cert.pem differ Stopping jails: haraka. Starting jails: haraka. deploying haproxy Files /tmp/mail2.xxxxx.net.au.pem and /data/haproxy/ssl.d/mail2.xxxxx.net.au.pem differ Starting haproxy. deploying dovecot Files /root/.acme.sh/mail2.xxxxx.net.au/fullchain.cer and /data/dovecot/etc/ssl/certs/mail2.xxxxx.net.au.pem differ Stopping dovecot. Waiting for PIDS: 2822Nov 10 06:36:41 dovecot dovecot[2822]: master: Warning: Killed with signal 15 (by pid=16312 uid=0 code=kill) . Starting dovecot. Nov 10 06:36:42 dovecot dovecot[16336]: master: Dovecot v2.3.17 (e2aa53df5b) starting up for imap, pop3, lmtp, sieve [Wed Nov 10 06:36:42 AEDT 2021] Success it worked
To Reproduce Steps to reproduce the behavior: Build basic mail toaster with basic functionality. Test with mail client and view certificate.
Expected behavior Lets Encrypt issued SSL certificate to be used by mail client.
Screenshots If applicable, add screenshots to help explain your problem.
Server (please complete the following information):
Additional context Add any other context about the problem here.