Topic: openldap stopped working after switching to letsencrypt
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.3
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
hi,
i just upgraded to iredmail 1.6.3 and iredadmin-pro-5.5-ldap.
after the upgrade i cannot login as the global postmaster account, i get the message "Username or password is incorrect."
The password is automatically filled by my password manager, so a typo can be excluded. But I also double checked it. I just logged in, to get the download link for the iredadmin-pro installer, so the login worked before the upgrade.
Edit:
Issue: slapd service won't start, but I cannot get any log info so far.
Edit 2:
Tracking down the ldap service so far, I see it uses the /etc/ssl/certs/iRedMail.crt cert, I recently switched over to letsencrypt, before that I used a bought certificate.
But it looks right:
lrwxrwxrwx 1 root root 49 Dez 20 10:55 /etc/ssl/certs/iRedMail.crt -> /etc/letsencrypt/live/my.domain.tld/fullchain.pem
lrwxrwxrwx 1 root root 47 Dez 20 10:55 /etc/ssl/private/iRedMail.key -> /etc/letsencrypt/live/my.domain.tld/privkey.pem/etc/ldap/slapd.conf
[...]
TLSCACertificateFile /etc/ssl/certs/iRedMail.crt
TLSCertificateFile /etc/ssl/certs/iRedMail.crt
TLSCertificateKeyFile /etc/ssl/private/iRedMail.key
[...]Edit 3:
May 25 16:27:14 mail slapd[4330]: main: TLS init def ctx failed: -1
Edit 4:
As my slapd service runs without tls (port 389) I commented out the TLS*File lines in slapd.conf, then it started just fine.
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.
