<![CDATA[iRedMail — easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/topic12500-easy-lets-encrypt-guide-for-ubuntu-1604-iredmail-server-with-nginx.html Thu, 28 Sep 2017 16:07:07 +0000 PunBB <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post58933.html#p58933 cert.pem -> server.crt
privkey.pem -> server.key

]]> Thu, 28 Sep 2017 16:07:07 +0000 https://forum.iredmail.org/post58933.html#p58933 <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post58840.html#p58840 Any thoughts on this?

AndyInNYC wrote:

the tutorial doesn't mention these files.  Again, letsencrypt only generated the following:
cert.pem
chain.pem
fullchain.pem
privkey.pem

These files aren't mentioned.  I need server.cert, server.key, etc.

Can you repoint me to where any document mentions these 4 files and how to use them to set up SSL?

Thanks.


Andrew

]]> Fri, 22 Sep 2017 11:41:29 +0000 https://forum.iredmail.org/post58840.html#p58840 <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post58784.html#p58784 the tutorial doesn't mention these files.  Again, letsencrypt only generated the following:
cert.pem
chain.pem
fullchain.pem
privkey.pem

These files aren't mentioned.  I need server.cert, server.key, etc.

Can you repoint me to where any document mentions these 4 files and how to use them to set up SSL?

Thanks.


Andrew

]]> Tue, 19 Sep 2017 15:41:15 +0000 https://forum.iredmail.org/post58784.html#p58784 <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post58748.html#p58748 AndyInNYC wrote:

These don't seem to be sufficient in name and quantity to follow the directions in the tutorial (am I supposed to run the openssl command also?).

Those 4 files are enough. Follow our tutorial to use them:
http://www.iredmail.org/docs/use.a.boug … icate.html

]]> Tue, 19 Sep 2017 02:51:13 +0000 https://forum.iredmail.org/post58748.html#p58748 <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post58740.html#p58740 After using --dry-run, I ran the command
letsencrypt certonly --standalone -d lifeassetsllc.com -d mail.lifeassetsllc.com
the command ran successfully, but it only generated
cert.pem  chain.pem  fullchain.pem  privkey.pem

These don't seem to be sufficient in name and quantity to follow the directions in the tutorial (am I supposed to run the openssl command also?).

Help?

Andrew

]]> Mon, 18 Sep 2017 19:08:41 +0000 https://forum.iredmail.org/post58740.html#p58740 <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post58733.html#p58733 Again, there isn't a 'website' set up for any of the domains.  I'm using the default Apache setup to access SOGo and Roundcube via https://mail.lifeassetsllc.com/SOGo.  That's likely the only way I'm accessing the system for now and for a long time (I'll worry about putting other websites there with certificates another time).

How, using that base assumption, do I get the Let's Encrypt certificate to work and install properly with iRedMail given the errors I'm seeing?

Andrew

]]> Mon, 18 Sep 2017 12:24:27 +0000 https://forum.iredmail.org/post58733.html#p58733 <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post58723.html#p58723 You specified 4 domain names, do they all use "/var/www/lifeassetsllc" as web document root?
If not, you must specified web document root (-w) for each domain.

]]> Mon, 18 Sep 2017 07:34:12 +0000 https://forum.iredmail.org/post58723.html#p58723 <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post58716.html#p58716 ZhangHuangbin wrote:

*) I suggest trying with '--dry-run' option, so that you won't reach the max try limit set by letsencrypt server.
*) You specified 4 domain names, do they all use "/var/www/lifeassetsllc" as web document root? If not, you must specified web document root for each domain.

The machine presently only serves mail and uses the SOGo and RoundCube web interfaces - it's completely stock.  I don't care if the let's encrypt certificate only works for the email (but for all of the hosted domains if that matters).

I'm missing something - should I just use - d lifeassetsllc.com and -d mail.lifeassetsllc.com?

Andrew

]]> Sun, 17 Sep 2017 20:03:11 +0000 https://forum.iredmail.org/post58716.html#p58716 <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post58703.html#p58703 *) I suggest trying with '--dry-run' option, so that you won't reach the max try limit set by letsencrypt server.
*) You specified 4 domain names, do they all use "/var/www/lifeassetsllc" as web document root? If not, you must specified web document root for each domain.

]]> Sun, 17 Sep 2017 13:48:30 +0000 https://forum.iredmail.org/post58703.html#p58703 <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post58691.html#p58691 Ah, so close but so far

So I used the command:

sudo certbot certonly --webroot -w /var/www/lifeassetsllc -d lifeassetsllc.com -d www.lifeassetsllc.com -d www.lifeasetsllc.com -d mail.lifeassetsllc.com

and got back a string of errors:

root@mail:/# sudo certbot certonly --webroot -w /var/www/lifeassetsllc -d lifeassetsllc.com -d [url=http://www.lifeassetsllc.com]www.lifeassetsllc.com[/url] -d [url=http://www.lifeasetsllc.com]www.lifeasetsllc.com[/url] -d mail.lifeassetsllc.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for lifeassetsllc.com
http-01 challenge for [url=http://www.lifeassetsllc.com]www.lifeassetsllc.com[/url]
http-01 challenge for [url=http://www.lifeasetsllc.com]www.lifeasetsllc.com[/url]
http-01 challenge for mail.lifeassetsllc.com
Using the webroot path /var/www/lifeassetsllc for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. [url=http://www.lifeassetsllc.com]www.lifeassetsllc.com[/url] (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from [url]http://www.lifeassetsllc.com/.well-known/acme-challenge/zy_hc1QOh33Kiiz6gtI1ERuFxkufly0mBmxidqA5Nqg:[/url] "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p", lifeassetsllc.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from [url]http://lifeassetsllc.com/.well-known/acme-challenge/rPmwYEuYgeljSKOCyEgIB5ebK_W1K2qA8-3iFVepj00:[/url] "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p", [url=http://www.lifeasetsllc.com]www.lifeasetsllc.com[/url] (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for [url=http://www.lifeasetsllc.com]www.lifeasetsllc.com[/url], mail.lifeassetsllc.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from [url]http://mail.lifeassetsllc.com/.well-known/acme-challenge/xPvkYSQpejAvtZf9d8k3CoORxFy7MChPjpbpzLZCw5o:[/url] "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: [url=http://www.lifeasetsllc.com]www.lifeasetsllc.com[/url]
   Type:   connection
   Detail: DNS problem: NXDOMAIN looking up A for [url=http://www.lifeasetsllc.com]www.lifeasetsllc.com[/url]

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
 - The following errors were reported by the server:

   Domain: [url=http://www.lifeassetsllc.com]www.lifeassetsllc.com[/url]
   Type:   unauthorized
   Detail: Invalid response from
   [url]http://www.lifeassetsllc.com/.well-known/acme-challenge/zy_hc1QOh33Kiiz6gtI1ERuFxkufly0mBmxidqA5Nqg:[/url]
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   Domain: lifeassetsllc.com
   Type:   unauthorized
   Detail: Invalid response from
   [url]http://lifeassetsllc.com/.well-known/acme-challenge/rPmwYEuYgeljSKOCyEgIB5ebK_W1K2qA8-3iFVepj00:[/url]
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   Domain: mail.lifeassetsllc.com
   Type:   unauthorized
   Detail: Invalid response from
   [url]http://mail.lifeassetsllc.com/.well-known/acme-challenge/xPvkYSQpejAvtZf9d8k3CoORxFy7MChPjpbpzLZCw5o:[/url]
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
root@mail:/#

The url stuff was inserted by the forum system, not me.  Thoughts on what I have wrong?

I created a directory named /var/www/lifeassetsllc

Andrew

]]> Sat, 16 Sep 2017 14:22:41 +0000 https://forum.iredmail.org/post58691.html#p58691 <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post58680.html#p58680 AndyInNYC wrote:

[Question 1]:  Do I use *all* of my domains on this line as if I were going to host all my websites here (which I may)?  Any downside to this?

Yes you must list all domain names (AND their web document root directory) on command line.

AndyInNYC wrote:

[Question 2]:  for lifeassetsllc.com do I also use a -d mail.lifeassetsllc.com?

I suppose you need to use 'mail.lifeassetsllc.com' as mail server address in MUA, if yes, then YES you need to add mail.lifeassetsllc.com.

AndyInNYC wrote:

[Question 3]:   Where does this command dump the new files since I need to copy/link in the iRedMail tutorial?  What should they be named if I have to go look for them?

/etc/letsencrypt

AndyInNYC wrote:

[Question 4]:   To prevent disaster, do i need only back up the files which I will edit per the tutorial?

As a sysadmin, backup always saves your life. big_smile

]]> Sat, 16 Sep 2017 08:51:16 +0000 https://forum.iredmail.org/post58680.html#p58680 <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post58664.html#p58664 I read the tutorial, and it still left me a little confused.

Here's my plan:

Following the Let's Encrypt guide for 'Other Ubuntu 16.04' (which hopefully will not mess with any iRedMail config files), I have :  https://certbot.eff.org/#ubuntuxenial-other

This has me apt-get the following:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot

[Seems clear]

My machine's name/incoming/outgoing mail server is mail.lifeassetsllc.com.  I host email for lifeassetsllc.com, server1.com, server2.com and server3.com.  I may have a WordPress site for my wife on server3.com (i can point the DNS records to this machine).

The Let's Encrypt link says to use the command:
sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

[Question 1]:  Do I use *all* of my domains on this line as if I were going to host all my websites here (which I may)?  Any downside to this?
[Question 2]:  for lifeassetsllc.com do I also use a -d mail.lifeassetsllc.com?
[Question 3]:   Where does this command dump the new files since I need to copy/link in the iRedMail tutorial?  What should they be named if I have to go look for them?

Now, I need to edit the config files per the iRedMail tutorial for Postfix, Dovecot, Apache and MySQL.  The tutorial seems clear on this.
[Question 4]:   To prevent disaster, do i need only back up the files which I will edit per the tutorial?


Post these edits, I either restart all the services or just reboot the server.

Assuming I understand the answers as they come in to Questions 1-4, is there anything I'm missing in my steps above?

Thanks so much


Andrew

]]> Fri, 15 Sep 2017 14:31:52 +0000 https://forum.iredmail.org/post58664.html#p58664 <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post58560.html#p58560 Hi AndyInNYC:

please read our tutorial here:
http://www.iredmail.org/docs/use.a.boug … icate.html

]]> Tue, 12 Sep 2017 05:57:04 +0000 https://forum.iredmail.org/post58560.html#p58560 <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post58556.html#p58556 I'd like to install LE on my iRedMail server - I'm loathe to do anything which will damage/undo a working system.  I'm running Apache versus Nginx.

I have mail.myserver.com as the mail server which runs mail for 6 domains (all log in via https://mail.myserver.com/SOGo or in Outlook using mail.myserver.com as in/out mail servers.

So, a) what do I need to change in the first post to make the installation work for me?
      b) what files should I backup first in case something goes wrong?
       c) I'm assuming I only need to run LE for www.myserver.com and mail.myserver.com?

Thanks all.


Andrew

]]> Mon, 11 Sep 2017 22:57:19 +0000 https://forum.iredmail.org/post58556.html#p58556 <![CDATA[Re: easy let's encrypt guide for ubuntu 16.04 iredmail server with nginx]]> https://forum.iredmail.org/post56687.html#p56687 Stop openldap service first, then try this command:

strace /usr/sbin/slapd -u ldap -g ldap -f /etc/ldap/slapd.conf

It will trace the files read by OpenLDAP, i think it will print some useful info for debugging.

]]> Wed, 07 Jun 2017 13:52:38 +0000 https://forum.iredmail.org/post56687.html#p56687