Topic: openldap stopped working after switching to letsencrypt
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.3
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
i just upgraded to iredmail 1.6.3 and iredadmin-pro-5.5-ldap.
after the upgrade i cannot login as the global postmaster account, i get the message "Username or password is incorrect."
The password is automatically filled by my password manager, so a typo can be excluded. But I also double checked it. I just logged in, to get the download link for the iredadmin-pro installer, so the login worked before the upgrade.
Issue: slapd service won't start, but I cannot get any log info so far.
Tracking down the ldap service so far, I see it uses the /etc/ssl/certs/iRedMail.crt cert, I recently switched over to letsencrypt, before that I used a bought certificate.
But it looks right:
lrwxrwxrwx 1 root root 49 Dez 20 10:55 /etc/ssl/certs/iRedMail.crt -> /etc/letsencrypt/live/my.domain.tld/fullchain.pem lrwxrwxrwx 1 root root 47 Dez 20 10:55 /etc/ssl/private/iRedMail.key -> /etc/letsencrypt/live/my.domain.tld/privkey.pem
[...] TLSCACertificateFile /etc/ssl/certs/iRedMail.crt TLSCertificateFile /etc/ssl/certs/iRedMail.crt TLSCertificateKeyFile /etc/ssl/private/iRedMail.key [...]
May 25 16:27:14 mail slapd: main: TLS init def ctx failed: -1
As my slapd service runs without tls (port 389) I commented out the TLS*File lines in slapd.conf, then it started just fine.
----Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.