1 (edited by willem 2018-02-21 05:11:20)

Topic: Installation Error due to SSL problems at iredmail.org

at installing iRedMail latest i get this error:

[root@iredmail iRedMail-0.9.5-1]# sudo bash iRedMail.sh
< SKIP > Function: check_new_iredmail.
< SKIP > Function: create_repo_rhel.
[ INFO ] Fetching source tarballs ...
[ INFO ] + 1 of 3: http://iredmail.org/yum/misc/roundcubem … ete.tar.gz
[ INFO ] + 2 of 3: http://iredmail.org/yum/misc/iRedAPD-1.9.1.tar.bz2
[ INFO ] + 3 of 3: http://iredmail.org/yum/misc/iRedAdmin-0.6.3.tar.bz2
[ INFO ] Validate packages ...
md5sum: misc/roundcubemail-1.2.0-complete.tar.gz: No such file or directory
misc/roundcubemail-1.2.0-complete.tar.gz: FAILED open or read
md5sum: misc/iRedAPD-1.9.1.tar.bz2: No such file or directory
misc/iRedAPD-1.9.1.tar.bz2: FAILED open or read
md5sum: misc/iRedAdmin-0.6.3.tar.bz2: No such file or directory
misc/iRedAdmin-0.6.3.tar.bz2: FAILED open or read
md5sum: WARNING: 3 listed files could not be read
    [ FAILED ]
<< ERROR >> MD5 check failed. Script exit ...

[root@iredmail iRedMail-0.9.5-1]# wget http://iredmail.org/yum/misc/roundcubem … mplete.tar
--2015-03-01 08:31:04--  http://iredmail.org/yum/misc/roundcubem … mplete.tar
Resolving iredmail.org (iredmail.org)... 139.162.146.87
Connecting to iredmail.org (iredmail.org)|139.162.146.87|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://iredmail.org/yum/misc/roundcube … mplete.tar [following]
--2015-03-01 08:31:04--  https://iredmail.org/yum/misc/roundcube … mplete.tar
Connecting to iredmail.org (iredmail.org)|139.162.146.87|:443... connected.
ERROR: cannot verify iredmail.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3’:
  Issued certificate not yet valid.
To connect to iredmail.org insecurely, use `--no-check-certificate'.

Installer is having SSL problems. Can you please fix this?


==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Installation Error due to SSL problems at iredmail.org

willem wrote:

[root@iredmail iRedMail-0.9.5-1]# sudo bash iRedMail.sh

Please use the latest release, iRedMail-0.9.7.
https://www.iredmail.org/download.html

3

Re: Installation Error due to SSL problems at iredmail.org

[root@iredmail iRedMail-0.9.7]# sudo bash iRedMail.sh
[ INFO ] Checking new version of iRedMail ...
[ INFO ] Preparing yum repositories ...
[ INFO ] Installing package(s): epel-release
Loaded plugins: fastestmirror
base                                                     | 3.6 kB     00:00     
extras                                                   | 3.4 kB     00:00     
http://iredmail.org/yum/rpms/7/repodata/repomd.xml: [Errno 14] HTTPS Error 302 - Found
Trying other mirror.


One of the configured repositories failed (iRedMail),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=iRedMail ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable iRedMail
        or
            subscription-manager repos --disable=iRedMail

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=iRedMail.skip_if_unavailable=true

failure: repodata/repomd.xml from iRedMail: [Errno 256] No more mirrors to try.
http://iredmail.org/yum/rpms/7/repodata/repomd.xml: [Errno 14] HTTPS Error 302 - Found
[ INFO ] Fetching source tarballs ...
[ INFO ] + 1 of 3: http://iredmail.org/yum/misc/roundcubem … ete.tar.gz
[ INFO ] + 2 of 3: http://iredmail.org/yum/misc/iRedAPD-2.1.tar.bz2
[ INFO ] + 3 of 3: http://iredmail.org/yum/misc/iRedAdmin-0.8.tar.bz2
[ INFO ] Validate packages ...
md5sum: misc/roundcubemail-1.3.0-complete.tar.gz: No such file or directory
misc/roundcubemail-1.3.0-complete.tar.gz: FAILED open or read
md5sum: misc/iRedAPD-2.1.tar.bz2: No such file or directory
misc/iRedAPD-2.1.tar.bz2: FAILED open or read
md5sum: misc/iRedAdmin-0.8.tar.bz2: No such file or directory
misc/iRedAdmin-0.8.tar.bz2: FAILED open or read
md5sum: WARNING: 3 listed files could not be read
    [ FAILED ]
<< ERROR >> MD5 check failed. Script exit ...

4

Re: Installation Error due to SSL problems at iredmail.org

[root@iredmail iRedMail-0.9.7]# wget https://iredmail.org/yum/rpms/7/repodata/repomd.xml
--2015-03-02 18:52:46--  https://iredmail.org/yum/rpms/7/repodata/repomd.xml
Resolving iredmail.org (iredmail.org)... 139.162.146.87
Connecting to iredmail.org (iredmail.org)|139.162.146.87|:443... connected.
ERROR: cannot verify iredmail.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3’:
  Issued certificate not yet valid.
To connect to iredmail.org insecurely, use `--no-check-certificate'.

5

Re: Installation Error due to SSL problems at iredmail.org

Does the 'wget' command work if you run it with extra argument like below?

wget --ca-certificate=/etc/pki/tls/certs/ca-bundle.crt https://iredmail.org/yum/misc/iRedAPD-2.1.tar.bz2

*) Try to run iRedMail installer like below:

IREDMAIL_MIRROR='https://dl.iredmail.org' bash iRedMail.sh

6

Re: Installation Error due to SSL problems at iredmail.org

[root@iredmail iRedMail-0.9.7]# IREDMAIL_MIRROR='https://dl.iredmail.org' bash iRedMail.sh
< SKIP > Function: check_new_iredmail.
< SKIP > Function: create_repo_rhel.
[ INFO ] Fetching source tarballs ...
[ INFO ] + 1 of 3: https://dl.iredmail.org/yum/misc/roundc … ete.tar.gz
[ INFO ] + 2 of 3: https://dl.iredmail.org/yum/misc/iRedAPD-2.1.tar.bz2
[ INFO ] + 3 of 3: https://dl.iredmail.org/yum/misc/iRedAdmin-0.8.tar.bz2
[ INFO ] Validate packages ...
md5sum: misc/roundcubemail-1.3.0-complete.tar.gz: No such file or directory
misc/roundcubemail-1.3.0-complete.tar.gz: FAILED open or read
md5sum: misc/iRedAPD-2.1.tar.bz2: No such file or directory
misc/iRedAPD-2.1.tar.bz2: FAILED open or read
md5sum: misc/iRedAdmin-0.8.tar.bz2: No such file or directory
misc/iRedAdmin-0.8.tar.bz2: FAILED open or read
md5sum: WARNING: 3 listed files could not be read
    [ FAILED ]
<< ERROR >> MD5 check failed. Script exit ...

[root@iredmail iRedMail-0.9.7]# wget --ca-certificate=/etc/pki/tls/certs/ca-bundle.crt https://iredmail.org/yum/misc/iRedAPD-2.1.tar.bz2
--2015-03-02 22:27:53--  https://iredmail.org/yum/misc/iRedAPD-2.1.tar.bz2
Resolving iredmail.org (iredmail.org)... 139.162.146.87
Connecting to iredmail.org (iredmail.org)|139.162.146.87|:443... connected.
ERROR: cannot verify iredmail.org's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3’:
  Issued certificate not yet valid.
To connect to iredmail.org insecurely, use `--no-check-certificate'.
[root@iredmail iRedMail-0.9.7]#

7

Re: Installation Error due to SSL problems at iredmail.org

Weird that it doesn't recognize Let's Encrypt ssl cert.

*) Did you try to upgrade "wget" package?
*) You need to add '--no-check-certificate' for wget command in file "conf/global" in iRedMail directory (Search parameter "FETCH_CMD" in this file).

8

Re: Installation Error due to SSL problems at iredmail.org

one step further now:

[root@iredmail iRedMail-0.9.7]# sudo bash iRedMail.sh
[ INFO ] Install package: dialog
[ INFO ] Installing package(s): dialog
Loaded plugins: fastestmirror
base                                                                                                | 3.6 kB  00:00:00     
extras                                                                                              | 3.4 kB  00:00:00     
http://iredmail.org/yum/rpms/7/repodata/repomd.xml: [Errno 14] HTTPS Error 302 - Found
Trying other mirror.


One of the configured repositories failed (iRedMail),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=iRedMail ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable iRedMail
        or
            subscription-manager repos --disable=iRedMail

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=iRedMail.skip_if_unavailable=true

failure: repodata/repomd.xml from iRedMail: [Errno 256] No more mirrors to try.
http://iredmail.org/yum/rpms/7/repodata/repomd.xml: [Errno 14] HTTPS Error 302 - Found
[ INFO ] Checking configuration file: /root/iRedMail-0.9.7/config ...[ INFO ] Found, but not finished. Launching installation wizard to generate one.
/root/iRedMail-0.9.7/dialog/config_via_dialog.sh: line 42: dialog: command not found
[ INFO ] Exit.
[root@iredmail iRedMail-0.9.7]#

9

Re: Installation Error due to SSL problems at iredmail.org

Change URL http://iredmail.org/yum/ to 'https://dl.iredmail.org/yum/' in /etc/yum.repos.d/iRedMail.repo. then try again.

10

Re: Installation Error due to SSL problems at iredmail.org

[root@iredmail iRedMail-0.9.7]# sudo bash iRedMail.sh
[ INFO ] Install package: dialog
[ INFO ] Installing package(s): dialog
Loaded plugins: fastestmirror
base                                                     | 3.6 kB     00:00     
extras                                                   | 3.4 kB     00:00     
https://dl.iredmail.org/yum/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate has expired."
Trying other mirror.
It was impossible to connect to the CentOS servers.
This could mean a connectivity issue in your environment, such as the requirement to configure a proxy,
or a transparent proxy that tampers with TLS security, or an incorrect system clock.
You can try to solve this issue by using the instructions on https://wiki.centos.org/yum-errors
If above article doesn't help to resolve this issue please use https://bugs.centos.org/.



One of the configured repositories failed (iRedMail),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=iRedMail ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable iRedMail
        or
            subscription-manager repos --disable=iRedMail

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=iRedMail.skip_if_unavailable=true

failure: repodata/repomd.xml from iRedMail: [Errno 256] No more mirrors to try.
https://dl.iredmail.org/yum/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate has expired."
[ INFO ] Checking configuration file: /root/iRedMail-0.9.7/config ...[ INFO ] Found, but not finished. Launching installation wizard to generate one.
/root/iRedMail-0.9.7/dialog/config_via_dialog.sh: line 42: dialog: command not found
[ INFO ] Exit.
[root@iredmail iRedMail-0.9.7]#

11

Re: Installation Error due to SSL problems at iredmail.org

https://dl.iredmail.org/yum/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate has expired."

12

Re: Installation Error due to SSL problems at iredmail.org

What a pity that SSL is stopping me from investigating iredmail further on for now.
I think it is a nice piece of software but if a new install gives me that much problems then it is not good to use for many.....


My 10ct

Willem

13

Re: Installation Error due to SSL problems at iredmail.org

I did a quick test with iRedMail-0.9.7 on CentOS 7 again, didn't get such ssl error, and no reports from others either.

Could you download iRedMail-0.9.7 and try again? Sorry about this trouble.

14

Re: Installation Error due to SSL problems at iredmail.org

This does indeed not sound like a problem on the server but the client.
When did you last update the package ca-certificates? Is it possible that your time on the server is wrong?
Otherwhise, please install Let's Encrypt root cert manually.