1 Topic by LuizC (edited by LuizC 2020-06-08 20:47:20)

  • LuizC
  • Member
  • Offline
  • Registered: 2020-06-07
  • Posts: 54

Topic: SSL Certs conflict and service not working

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): https://hub.docker.com/r/iredmail/mariadb
- Deployed with iRedMail Easy or the downloadable installer? Docker
- Linux/BSD distribution name and version: Ubuntu 18.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Docker
- Web server (Apache or Nginx): Docker
- Manage mail accounts with iRedAdmin-Pro? I would like to :-)
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi there!

I'm running iRedMail docker image my VPS machine. Hurray!

But it runs an Apache2 server with SSL by Let's Encrypt (I used certbot to grab my cert).

So, when I tried to run the docker image using the command show at it's page, the docker returns me an error message, saying that ports 80 and 443 are already in use. So, I used 

-p 81:80 -p 4430:443

and it works!

But now I'm facing an some errors:

- I can reach mail.botboutique.com.br and https://mail.botboutique.com.br/ but the browser shows me first a message error page, saying that my site insn't secure. More that that, browser didn't show RoundCube login page, only the domain's home page

- RoundCube and iRedAdmin is reachable at https://botboutique.com.br:4430/ and https://botboutique.com.br:4430/iredadmin but now I have a SSL conflict and browser shows me an error page saying the my page is dangerous too.

Hope you guys give a clue on how to fix it.

Thanks a lot!

Post's attachments

Screenshot_2020-06-06 Administração da Zona de DNS(2).png
Screenshot_2020-06-06 Administração da Zona de DNS(2).png 10.05 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by MuPp3t33r

  • MuPp3t33r
  • Member
  • Offline
  • Registered: 2017-01-17
  • Posts: 149

Re: SSL Certs conflict and service not working

You forgot to create your cname for "mail"
MX is the mail exchange record, so right now it has nowhere to send mails

nslookup mail.botboutique.com.br 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1
*** one.one.one.one can't find mail.botboutique.com.br: Non-existent domain

3 Reply by LuizC

  • LuizC
  • Member
  • Offline
  • Registered: 2020-06-07
  • Posts: 54

Re: SSL Certs conflict and service not working

MuPp3t33r wrote:

You forgot to create your cname for "mail"
MX is the mail exchange record, so right now it has nowhere to send mails

nslookup mail.botboutique.com.br 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1
*** one.one.one.one can't find mail.botboutique.com.br: Non-existent domain



Thanks for you prompt answer, @MuPp3t33r!

I added a CNAME register like you suggested and updatde the text and the image of my first post to reflect your sugestion's results.

Thanks again!

4 Reply by MuPp3t33r

  • MuPp3t33r
  • Member
  • Offline
  • Registered: 2017-01-17
  • Posts: 149

Re: SSL Certs conflict and service not working

I just had a look on your site now, you're still serving on the self signed certificate.
If you have already got certs from letsencrypt then you need link them to the iredmail cert path so it becomes active.
https://docs.iredmail.org/letsencrypt.html

5 Reply by LuizC (edited by LuizC 2020-06-07 07:15:40)

  • LuizC
  • Member
  • Offline
  • Registered: 2020-06-07
  • Posts: 54

Re: SSL Certs conflict and service not working

MuPp3t33r wrote:

If you have already got certs from letsencrypt then you need link them to the iredmail cert path so it becomes active.

Yes, that's correct, but I read the documentation you linked to me but it isn't clear how to proceed in a docker container - I found mentions about how to do it depending of the way iRedMail was installed, but no mention about docker.

As far as I understand, I must to make a link to files that is outside iRedMail's runing container - the /etc/letsencrypt/live/botboutique.com.br/*.pem files. But I don't know how to do it :-(

Could you be more detailed?

Once again, thanks!

6 Reply by MuPp3t33r

  • MuPp3t33r
  • Member
  • Offline
  • Registered: 2017-01-17
  • Posts: 149

Re: SSL Certs conflict and service not working

best bet is to setup certbot inside the docker container and have it automatically update your certs, rather than getting the certs from an external source. alternatively you could also use a reverse proxy in front of your web server, but doing both is even better, then you don't even have to worry about the change in ports for your hosts either.

7 Reply by LuizC (edited by LuizC 2020-06-08 03:33:37)

  • LuizC
  • Member
  • Offline
  • Registered: 2020-06-07
  • Posts: 54

Re: SSL Certs conflict and service not working

MuPp3t33r wrote:

best bet is to setup certbot inside the docker container and have it automatically update your certs, rather than getting the certs from an external source. alternatively you could also use a reverse proxy in front of your web server, but doing both is even better, then you don't even have to worry about the change in ports for your hosts either.

Hi Mup3t33r!

I'm stuck in how to install apt package manager inside IredMail image. I tried to simply add 

apt-get update && apt-get install certbot

inside the docker, but the image didn't have apt-get installed. And trying to put it at the end of 

docker run (...) apt-get update && apt-get install certbot

make the container stop.

How to install Certbot inside the Iredmail container?

8 Reply by MuPp3t33r

  • MuPp3t33r
  • Member
  • Offline
  • Registered: 2017-01-17
  • Posts: 149

Re: SSL Certs conflict and service not working

there are many distro's of linux suitable for docker, find out what you're using and search for the relevant instructions for your setup

9 Reply by LuizC

  • LuizC
  • Member
  • Offline
  • Registered: 2020-06-07
  • Posts: 54

Re: SSL Certs conflict and service not working

MuPp3t33r wrote:

there are many distro's of linux suitable for docker, find out what you're using and search for the relevant instructions for your setup

ok