1

Topic: Iredadmin internal server error

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,
I just finished installing redmail in a fresh Debian installation.  After finished I checked netdata and iredadmin and both worked fine.  Then I follow the instructions for using letsencrypt, after that the iredadmin was not available anymore.  Al services are running. I noticed that postgres also uses a cert but there is no mention of changing it in the tutorial.  Any ideas?  Thank you very much.

2

Re: Iredadmin internal server error

- Did you follow our tutorial here to setup Let's Encrypt cert? https://docs.iredmail.org/letsencrypt.html
- If you asked certbot program to generate Nginx config files, you need to check the new files under /etc/nginx/conf-enabled/, move it out of this folder and update /etc/nginx/templates/ssl.tmpl to use the correct ssl cert files.

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee

3

Re: Iredadmin internal server error

ZhangHuangbin wrote:

- Did you follow our tutorial here to setup Let's Encrypt cert? https://docs.iredmail.org/letsencrypt.html

Yes, that's the tutorial I followed.

- If you asked certbot program to generate Nginx config files, you need to check the new files under /etc/nginx/conf-enabled/, move it out of this folder and update /etc/nginx/templates/ssl.tmpl to use the correct ssl cert files.

I did not since it wasn't mentioned in the tutorial. But in the nginx folder I see a two cert referencing iredmail certs. I think they are from the openssl that is installed originally?  Should I generate also new certs for nginx?  Any other thing I can check?  Thank you.

4

Re: Iredadmin internal server error

- Did you create symbol links to the letsencrypt cert? It's mentioned in tutorial:
https://docs.iredmail.org/letsencrypt.h … -installer

- You said iredadmin "not available anymore", did you get a "404 not found" error, or "internal server error"? Any relevant log in Nginx log file?

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee

5

Re: Iredadmin internal server error

ZhangHuangbin wrote:

- Did you create symbol links to the letsencrypt cert? It's mentioned in tutorial:
https://docs.iredmail.org/letsencrypt.h … -installer

- You said iredadmin "not available anymore", did you get a "404 not found" error, or "internal server error"? Any relevant log in Nginx log file?

Yes, I followed the entire process to implement letsencrypt. The only thing is there is mention of sym link only for iredmail, but after running the installer, iredmail with openssl creates one for postgres and nginx too. Isn't that supposed to be changed too?  I am sorry for not clarifying, it's internal server error what I get.

6

Re: Iredadmin internal server error

Any relevant error in Nginx log file (/var/log/nginx/)? also /var/log/syslog?

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee

7

Re: Iredadmin internal server error

ZhangHuangbin wrote:

Any relevant error in Nginx log file (/var/log/nginx/)? also /var/log/syslog?

Nothing.  nginx access log is normal, no error logs.  syslog looks normal t o me.  There is ClamAv doing the daily download, crons rnning some python scripts to clean db.
I could reinstall everything from scratch but what should I do to make letsencrypt work?  I have followed all of your tutorials. Any ideas?

8

Re: Iredadmin internal server error

Could you please show me output of commands below?

ls -l /etc/nginx/sites-enabled/
cat /etc/nginx/sites-enabled/00-default-ssl.conf

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee

9

Re: Iredadmin internal server error

ZhangHuangbin wrote:

Could you please show me output of commands below?

ls -l /etc/nginx/sites-enabled/
cat /etc/nginx/sites-enabled/00-default-ssl.conf

Sure,
mx:~$ ls -l /etc/nginx/sites-enabled/
total 0
lrwxrwxrwx 1 root root 42 Jun  1 17:40 00-default.conf -> /etc/nginx/sites-available/00-default.conf
lrwxrwxrwx 1 root root 46 Jun  1 17:40 00-default-ssl.conf -> /etc/nginx/sites-available/00-default-ssl.conf

and,
mx: ~$ cat /etc/nginx/sites-enabled/00-default-ssl.conf
#
# Note: This file must be loaded before other virtual host config files,
#
# HTTPS
server {
    listen 443;
    server_name _;

    root /var/www/html;
    index index.php index.html;

    include /etc/nginx/templates/misc.tmpl;
    include /etc/nginx/templates/ssl.tmpl;
    include /etc/nginx/templates/iredadmin.tmpl;
    include /etc/nginx/templates/roundcube.tmpl;
    include /etc/nginx/templates/sogo.tmpl;
    include /etc/nginx/templates/netdata.tmpl;
    include /etc/nginx/templates/php-catchall.tmpl;
    include /etc/nginx/templates/stub_status.tmpl;
}

10

Re: Iredadmin internal server error

Looks fine. Could you please show me output of commands below:

cat /etc/nginx/templates/ssl.tmpl
ls -l /etc/letsencrypt/

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee

11

Re: Iredadmin internal server error

ZhangHuangbin wrote:

Looks fine. Could you please show me output of commands below:

cat /etc/nginx/templates/ssl.tmpl
ls -l /etc/letsencrypt/

Thanks, here are the new ones.

mx:~$ cat /etc/nginx/templates/ssl.tmpl
ssl on;
ssl_protocols TLSv1.2;

# Fix 'The Logjam Attack'.
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/dh2048_param.pem;

# To use your own ssl cert (e.g. LetsEncrypt), please create symbol link to
# ssl cert/key used below, so that we can manage this config file with Ansible.
#
# For example:
#
# rm -f /etc/ssl/private/iRedMail.key
# rm -f /etc/ssl/certs/iRedMail.crt
# ln -s /etc/letsencrypt/live/<domain>/privkey.pem /etc/ssl/private/iRedMail.key
# ln -s /etc/letsencrypt/live/<domain>/fullchain.pem /etc/ssl/certs/iRedMail.crt
#
ssl_certificate /etc/ssl/certs/iRedMail.crt;
ssl_certificate_key /etc/ssl/private/iRedMail.key;

and
mx:~$ ls -l /etc/letsencrypt/
total 32
drwx------ 4 root root 4096 Jun  1 18:18 accounts
drw-r--r-- 3 root root 4096 May 27 18:20 archive
-rw-r--r-- 1 root root  121 May 26  2018 cli.ini
drwxr-xr-x 2 root root 4096 May 27 18:20 csr
drwx------ 2 root root 4096 May 27 18:20 keys
drwxr-xr-x 3 root root 4096 May 27 18:20 live
drwxr-xr-x 2 root root 4096 May 27 18:20 renewal
drwxr-xr-x 5 root root 4096 May 27 18:17 renewal-hooks

12 (edited by Neutro 2019-06-15 17:47:06)

Re: Iredadmin internal server error

Hey,

I also did a fresh install of letsencrypt with iredmail on debian not long ago, and my nginx server was not running properly no matter what i was doing.

Then I did a new fresh install and everything worked properly. You probably have made a mistake somewhere along the process like i did as well, but finding which one and where exactly could be time consuming.

I suggest you re-install your server from scratch, it will probably be faster than finding how to fix the error.

If you're using a virtual machine for your server (which i advise you to if you don't already), once iredmail installation is done and you verified that it's working properly, make a snapshot before the letsencrypt setup. This way you can revert back to the previous snapshot without reinstalling everything if anything goes wrong.

Otherwise since the error is coming from nginx, you might consider enabling nginx debuging mode and check the nginx log ( https://docs.nginx.com/nginx/admin-guid … debugging/ ).

13

Re: Iredadmin internal server error

migherr wrote:

it's internal server error what I get.

Did you get any relevant log in Nginx/uwsgi log files? "internal server error" always trigger detailed error message in log file.

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee