As of right now, if you migrate from 0.7 to 0.8 and you're using file macros for your certificate you may notice a log message like this:
ERROR utils::config: Failed to parse setting "certificate.default.private-key": Missing property
This happens because there was a rename on the config property for certificates which wasn't mentioned in the upgrade guide. You'll also notice this:
WARN common::listener::tls: No certificates available, using self-signed. context="tls" event="error"
This happens, near as I can tell, when a client attempts to connect, not when the server starts up. Both of these together mean that someone migrating from 0.7 to 0.8 will likely have broken file-macro based certificates and not know it. Stalwart will then generate a default certificate. The web UI does not make it obvious that a given certificate has failed to load from disk and that a self-signed certificate is in use.
The feature request is the following:
Check certificates on startup, not on connection
Provide a clearer error message when half of the certificate is configured, but not the other half
Positively tell the user when certificate configuration is loaded from disk and is successful, don't rely on users to understand what the failure modes are.
Surface to the web admin panel that a given certificate is loaded from disk without displaying the content of the file macro itself, as is done now.
Refuse to create a self-signed certificate when the user attempts to configure a default certificate themselves to avoid having to clean up the self-signed certificate.
Is your feature request related to a problem?
It's quite difficult to understand why my file-based certificate isn't working and why I'm getting a self-signed certificate instead.
Code of Conduct
[X] I agree to follow this project's Code of Conduct
Which feature or improvement would you like to request?
I'd like to see this feature:
I use letsencrypt to get domain wildcard certs on the server where I run stalwart. It works, I'm happy. I want stalwart to use these TLS certificates. There's been some confusion between version 0.7 and 0.8 around database config keys and reading certificates from disk (https://github.com/stalwartlabs/mail-server/issues/519, https://github.com/stalwartlabs/mail-server/issues/404, https://github.com/stalwartlabs/mail-server/issues/364).
As of right now, if you migrate from 0.7 to 0.8 and you're using file macros for your certificate you may notice a log message like this:
This happens because there was a rename on the config property for certificates which wasn't mentioned in the upgrade guide. You'll also notice this:
This happens, near as I can tell, when a client attempts to connect, not when the server starts up. Both of these together mean that someone migrating from 0.7 to 0.8 will likely have broken file-macro based certificates and not know it. Stalwart will then generate a default certificate. The web UI does not make it obvious that a given certificate has failed to load from disk and that a self-signed certificate is in use.
The feature request is the following:
Is your feature request related to a problem?
It's quite difficult to understand why my file-based certificate isn't working and why I'm getting a self-signed certificate instead.
Code of Conduct