1 Topic by Aurum

  • Aurum
  • Member
  • Offline
  • Registered: 2018-06-04
  • Posts: 21

Topic: Letsencrypt installed & Roundcube not working

==== Required information ====
- iRedMail version (check /etc/iredmail-release): Latest version
- Linux/BSD distribution name and version: Ubuntu 18
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
It is a Ubuntu 18 server. The two Server Blocks on this server are working with and without SSL -
But accessing RoundCube (https://mail.def.com/mail/) then it gives 404 Not Found / Nginx

Nginx Error Log
2018/06/06 06:35:45 [crit] 12123#12123: *24 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, clie$
2018/06/06 09:08:47 [crit] 12123#12123: *31 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, clie$
2018/06/06 09:09:58 [crit] 12123#12123: *32 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, clie$

Will appreciate any idea to resolve this issue.
Cheers.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Letsencrypt installed & Roundcube not working

Did you let letsencrypt command to modify your Nginx config files? You need to revert them.

3 Reply by Aurum

  • Aurum
  • Member
  • Offline
  • Registered: 2018-06-04
  • Posts: 21

Re: Letsencrypt installed & Roundcube not working

ZhangHuangbin wrote:

Did you let letsencrypt command to modify your Nginx config files? You need to revert them.

No used only defaults while installing the Certificates.
Below is my nginx.conf
**********************************************************
user www-data;
worker_processes 1;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/conf-enabled/*.conf;
    include /etc/nginx/sites-enabled/*.conf;
    server_names_hash_bucket_size 64;
}
***********************************************************
below is html file under /var/www/mail1.heide.com/html/index.html
*************
<html><head><meta HTTP-EQUIV="REFRESH" content="0; url=/mail/"></head></html>
***********

And here is the 00-defaut.conf file:
***********
server {
        listen 80 default_server;
        listen [::]:80 default_server;
        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;
        location / {
                try_files $uri $uri/ =404;
        }
}
***********
Here is my server block file
***********
server {
        listen 80;
        listen [::]:80;

        root /var/www/mail1.heide.com/html;

        index index.html index.htm index.nginx-debian.html index.php;

        server_name mail1.heide.com;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mail1.heide.com/fullchain.pem; # managed by Cer$
    ssl_certificate_key /etc/letsencrypt/live/mail1.heide.com/privkey.pem; # managed by C$
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    if ($host = mail1.heide.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80 ;
        listen [::]:80 ;
    server_name mail1.heide.com;
    return 404; # managed by Certbot
}

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Letsencrypt installed & Roundcube not working

Aurum wrote:

Here is my server block file

In which file?

Obviously letsencrypt modified your nginx config files, it's hard for us to know which files it modified and caused the issue. You can run command "nginx -t" to figure out which config file has issue.

5 Reply by Aurum

  • Aurum
  • Member
  • Offline
  • Registered: 2018-06-04
  • Posts: 21

Re: Letsencrypt installed & Roundcube not working

ZhangHuangbin wrote:
Aurum wrote:

Here is my server block file

In which file?

Obviously letsencrypt modified your nginx config files, it's hard for us to know which files it modified and caused the issue. You can run command "nginx -t" to figure out which config file has issue.

I have got only two server block files - one is default and the other one is for " mail.heide.com.conf " which is also given below. 
Interestingly " nginx -t " indicates that configuration is OK.
Just an innocent question: Does these configuration files/directories require some specific ownership/rights? I have used root account for the entire setup so the files ownership and accesses are set accordingly.
Cheers.

6 Reply by Aurum

  • Aurum
  • Member
  • Offline
  • Registered: 2018-06-04
  • Posts: 21

Re: Letsencrypt installed & Roundcube not working

Aurum wrote:
ZhangHuangbin wrote:
Aurum wrote:

Here is my server block file

In which file?

Obviously letsencrypt modified your nginx config files, it's hard for us to know which files it modified and caused the issue. You can run command "nginx -t" to figure out which config file has issue.

I have got only two server block files - one is default and the other one is for " mail.heide.com.conf " which is also given below. 
Interestingly " nginx -t " indicates that configuration is OK.
Just an innocent question: Does these configuration files/directories require some specific ownership/rights? I have used root account for the entire setup so the files ownership and accesses are set accordingly.
Cheers.

below is my recovered nginx.conf file from a back up location. :
**********************************************************************************************************************************
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;

        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascrip$

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateW … ePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}
**********************************************************************************************************************************
Now this one is copied from a backup file.
This one shows error "nginx -t" :

nginx: [emerg] no port in upstream "php_workers" in /etc/nginx/templates/fastcgi_php.tmpl:13
nginx: configuration file /etc/nginx/nginx.conf test failed
**********************************************************************************************************************************

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Letsencrypt installed & Roundcube not working

Please show us full content of file "/etc/nginx/templates/fastcgi_php.tmpl" AND "/etc/nginx/conf-enabled/php-fpm.conf".

8 Reply by Aurum

  • Aurum
  • Member
  • Offline
  • Registered: 2018-06-04
  • Posts: 21

Re: Letsencrypt installed & Roundcube not working

ZhangHuangbin wrote:

Please show us full content of file "/etc/nginx/templates/fastcgi_php.tmpl" AND "/etc/nginx/conf-enabled/php-fpm.conf".

/etc/nginx/templates/fastcgi_php.tmpl is as under
####################################################################
# Template used to handle PHP fastcgi applications
#
# You still need to define `SCRIPT_FILENAME` for your PHP application, and
# probably `fastcgi_index` if your application use different index file.
#
include fastcgi_params;

# Directory index file
fastcgi_index index.php;

# Handle PHP files with upstream handler
fastcgi_pass php_workers;

# Fix the HTTPROXY issue.
# Reference: https://httpoxy.org/
fastcgi_param HTTP_PROXY '';
#########################################################################
"/etc/nginx/conf-enabled/php-fpm.conf" is as below:
#########################################################################
upstream php_workers {
    server unix:/var/run/php-fpm.socket;
}
#########################################################################

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Letsencrypt installed & Roundcube not working

Aurum wrote:

"/etc/nginx/conf-enabled/php-fpm.conf" is as below:
#########################################################################
upstream php_workers {
    server unix:/var/run/php-fpm.socket;
}
#

Do you have /var/run/php-fpm.socket on server?

10 Reply by Aurum

  • Aurum
  • Member
  • Offline
  • Registered: 2018-06-04
  • Posts: 21

Re: Letsencrypt installed & Roundcube not working

ZhangHuangbin wrote:
Aurum wrote:

"/etc/nginx/conf-enabled/php-fpm.conf" is as below:
#########################################################################
upstream php_workers {
    server unix:/var/run/php-fpm.socket;
}
#

Do you have /var/run/php-fpm.socket on server?


Yes I have it as below
srw-rw----  1 www-data www-data    0 May 27 21:28 php-fpm.socket

11 Reply by Aurum

  • Aurum
  • Member
  • Offline
  • Registered: 2018-06-04
  • Posts: 21

Re: Letsencrypt installed & Roundcube not working

Finally I got the solution from another thread : https://forum.iredmail.org/topic14402-u … found.html