1 Topic by MWadmin (edited by MWadmin 2022-02-15 22:36:48)

  • MWadmin
  • Member
  • Offline
  • Registered: 2022-02-15
  • Posts: 6

Topic: Renew expiring SSL certificate: PEM_read_bio_X509_AUX error when resta

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version: Ubuntu 18.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx) :Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi everyone!
I'm trying to renew the SSL certificate expiring in a few days, but reusing last year's request file server.csr I get the SSL Certificate from the certificate provider (Trustico) and when I replace it with the 3 iRedMail.crt present at the inside folders:

/home/SSL/iRedMail.crt
/etc/ssl/certs/iRedMail.crt
/var/spool/postfix/etc/ssl/certs/iRedMail.crt

when restarting NGINX I get the following errors:

nginx[8580]: nginx: [emerg] PEM_read_bio_X509_AUX("/etc/ssl/certs/iRedMail.crt") failed (SSL: error:0909006C:PEM routines:g

nginx: [emerg] PEM_read_bio_X509_AUX("/etc/ssl/certs/iRedMail.crt") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE

How can I solve, can you help me?

Thank you

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Cthulhu (edited by Cthulhu 2022-02-16 15:04:45)

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 907

Re: Renew expiring SSL certificate: PEM_read_bio_X509_AUX error when resta

try:

openssl x509 -text -noout -in /etc/ssl/certs/iRedMail.crt


my guess:

its not valid and you just use keyfile as cert and vise versa, exchangeing those should fix it

3 Reply by MWadmin

  • MWadmin
  • Member
  • Offline
  • Registered: 2022-02-15
  • Posts: 6

Re: Renew expiring SSL certificate: PEM_read_bio_X509_AUX error when resta

Hi Cthulhu, thanks for the reply!
I tried to run the command but it returns me the following error:

unable to load certificate
140633697800640:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE

I don't know if it depends on the fact that I renewed the certificate through Trustico.it while instead you have to redo the whole procedure from scratch by command:

relaunching the openssl req -new -newkey rsa:2048 -nodes -keyout privkey.pem -out server.csr

and thus obtaining a new request (server.csr) and a new key file (privkey.pem)

4 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 907

Re: Renew expiring SSL certificate: PEM_read_bio_X509_AUX error when resta

they should hand you a bundle with key, cert, chain, fullchain