Koozali.org: home of the SME Server

erreur renouvellement certificat le's encrypt

Offline chrica76

  • 19
  • +0/-0
erreur renouvellement certificat le's encrypt
« on: February 22, 2022, 07:43:07 PM »
Bonjour  a Vous
j'ai un problème de renouvellement de certificat avec dehydrated
j'ai un message d'erreur (j'ai remplace mon domaine et ip par ***)
Code: [Select]
[root@www1 ~]# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
Processing mail.***.com
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Feb 24 12:26:19 2022 GMT (Less than 30 days). Renewing!
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for mail.***.com
 + 1 pending challenge(s)
 + Deploying challenge tokens...
 + Responding to challenge for mail.***.com authorization...
 + Cleaning challenge tokens...
 + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"]      "http-01                                                                  "
["status"]      "invalid"
["error","type"]        "urn:ietf:params:acme:error:unauthorized"
["error","detail"]      "Invalid response from https://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA [**.**.**.195]:\"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u003eForbidden\u003c/h1\u003e\\n\u003cp\""
["error","status"]      403
["error"]       {"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from https://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA [**.**.**.195]: \"\u003c!DOCTYPE HTML PUBLIC\\\"-//IETF//DTD HTML 2.0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u003eForbidden\u003c/h1\u003e\\n\u003cp\"","status":403}
["url"] "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1741213068/FD0tkQ"
["token"]       "FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA"
["validationRecord",0,"url"]    "http://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA"
["validationRecord",0,"hostname"]       "mail.***.com"
["validationRecord",0,"port"]   "80"
["validationRecord",0,"addressesResolved",0]    "**.**.**.195"
["validationRecord",0,"addressesResolved"]      ["**.**.**.195"]
["validationRecord",0,"addressUsed"]    "**.**.**.195"
["validationRecord",0]  {"url":"http://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA","hostname":"mail.***.com","port":"80","addressesResolved":["**.**.**.195"],"addressUsed":"**.**.**.195"}
["validationRecord",1,"url"]    "https://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA"
["validationRecord",1,"hostname"]       "mail.***.com"
["validationRecord",1,"port"]   "443"
["validationRecord",1,"addressesResolved",0]    "**.**.**.195"
["validationRecord",1,"addressesResolved"]      ["**.**.**.195"]
["validationRecord",1,"addressUsed"]    "**.**.**.195"
["validationRecord",1]  {"url":"https://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA","hostname":"mail.***.com","port":"443","addressesResolved":["**.**.**.195"],"addressUsed":"**.**.**9.195"}
["validationRecord"]    [{"url":"http://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA","hostname":"mail.***.com","port":"80","addressesResolved":["**.**.**.195"],"addressUsed":"**.**.**.195"},{"url":"https://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA","hostname":"mail.***.com","port":"443","addre                                                                  ssesResolved":["**.**.**.195"],"addressUsed":"**.**.**.195"}]
["validated"]   "2022-02-22T17:36:09Z")
j'ai donc chercher et j'ai exactement le problème decrit dans le topic :  https://forums.koozali.org/index.php/topic,53147.0.html
et la solution dans le wiki de let's encrypt...

si je regarde mon fichier http error_log j'ai ceci :
Code: [Select]
[core:error] [pid 17454] (13)Permission denied: [client 18.196.102.134:50528] AH00035: access to /.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA denied (filesystem path '/home/e-smith/files/ibays/Primary/html/.well-known') because search permissions are missing on a component of the path, referer: http://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA
[Tue Feb 22 18:36:10.980985 2022] [core:error] [pid 17457] (13)Permission denied: [client 18.236.228.243:34940] AH00035: access to /.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA denied (filesystem path '/home/e-smith/files/ibays/Primary/html/.well-known') because search permissions are missing on a component of the path, referer: http://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA
[Tue Feb 22 18:36:11.243918 2022] [core:error] [pid 17458] (13)Permission denied: [client 66.133.109.36:60598] AH00035: access to /.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA denied (filesystem path '/home/e-smith/files/ibays/Primary/html/.well-known') because search permissions are missing on a component of the path, referer: http://mail.***.com/.well-known/acme-challenge/FPgdRe1jxoiUjWBKWGnQGBzUHnrmORCWm9fGOEsb3QA
[Tue Feb 22 18:36:44.070914 2022]

ca continue a suivre le problème decrit dans le wiki de let's encrypt.

ensuite le suis donc les manip de verification de lecture ecriture comme decrit:
Code: [Select]
[root@www1 Primary]# cd /home/e-smith/files/ibays
[root@www1 ibays]# ls -l
total 0
drwxr-xr-x. 5 root root 46 20 oct.   2014 Primary
a priori mes droits sont corrects?
dans le doute je fais tout de même la manip de remettre les droits corrects
Code: [Select]
chown root:root Primary
[root@www1 ibays]# chmod 0755 Primary
puis ensuite je verifie les droit du dossier html:
Code: [Select]
[root@www1 ibays]# cd /home/e-smith/files/ibays/Primary
[root@www1 Primary]# ls -l
total 0
drwxr-s---. 2 admin shared  6 20 oct.   2014 cgi-bin
drwxr-s---. 2 admin shared  6 20 oct.   2014 files
drwxr-s---. 3 admin shared 42  2 janv.  2018 html

ils ont l'air d'etre correct egalement..
je les remet tout de meme :
Code: [Select]
[root@www1 Primary]# chown admin:shared html
[root@www1 Primary]# chmod 2750 html

je relance le script dehydrated et j'obtient le meme message d'erreur que au debut...

que puis je faire comme autre test/manipulation pour remettre cela dans l'ordre , je suis plutot novice dans le monde linux

c'est d'autant plus étrange que je n'ai pas le souvenir d'avoir modifier/installer quelque chose en particulier récemment

Merci de votre aide


 

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: erreur renouvellement certificat le's encrypt
« Reply #1 on: February 22, 2022, 09:03:26 PM »
Please read this on how to report issues.

https://forums.koozali.org/index.php/topic,54724.0.html

Don't go wildly changing things if you do not know what you are doing or you may leave your server exposed. All these setting and permissions should be handled automatically by the server and do not normally need touching.

Tell us a bit more about your server. What version, is it an upgrade?

Go to the server-manager, Report a bug, create a report and post the output here.

Was this working previously?

What did you change?
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline chrica76

  • 19
  • +0/-0
Re: erreur renouvellement certificat le's encrypt
« Reply #2 on: February 22, 2022, 09:45:59 PM »
Hi
oh sorry my server is SME V10
I changed nothing before the problem is coming
It's already works succefully

I do the last update after I detected the problem to be sure my problem is not corrected by a update

for the permission I only changed what the wiki indicate  (wiki let's encrypt)

this is my bug report:
Code: [Select]
Configuration report created mar 22 fév 2022 21:39:21 CET

==================
Base configuration
==================

SME server version:   10.0
SME server mode:      servergateway
SME server previous mode: servergateway
Running Kernel:        3.10.0-1160.53.1.el7.x86_64



===========================
New RPMs not in base system
===========================
       
Modules complémentaires chargés : fastestmirror, post-transaction-actions,
                                : priorities, smeserver
Loading mirror speeds from cached hostfile
 * base: centos.mirrors.proxad.net
 * smeaddons: www.mirrorservice.org
 * smeos: www.mirrorservice.org
 * smeupdates: www.mirrorservice.org
 * updates: centos.mirrors.proxad.net
Paquets supplémentaires
libicu69.x86_64                       69.1-2.el7.remi               installed   
php81-php.x86_64                      8.1.3-1.el7.remi              installed   
php81-php-bcmath.x86_64               8.1.3-1.el7.remi              installed   
php81-php-cli.x86_64                  8.1.3-1.el7.remi              installed   
php81-php-common.x86_64               8.1.3-1.el7.remi              installed   
php81-php-enchant.x86_64              8.1.3-1.el7.remi              installed   
php81-php-fpm.x86_64                  8.1.3-1.el7.remi              installed   
php81-php-gd.x86_64                   8.1.3-1.el7.remi              installed   
php81-php-imap.x86_64                 8.1.3-1.el7.remi              installed   
php81-php-intl.x86_64                 8.1.3-1.el7.remi              installed   
php81-php-ldap.x86_64                 8.1.3-1.el7.remi              installed   
php81-php-mbstring.x86_64             8.1.3-1.el7.remi              installed   
php81-php-mysqlnd.x86_64              8.1.3-1.el7.remi              installed   
php81-php-opcache.x86_64              8.1.3-1.el7.remi              installed   
php81-php-pdo.x86_64                  8.1.3-1.el7.remi              installed   
php81-php-pear.noarch                 1:1.10.13-1.el7.remi          installed   
php81-php-pecl-xmlrpc.x86_64          1.0.0~rc3-1.el7.remi          @remi-safe 
php81-php-pecl-zip.x86_64             1.20.0-1.el7.remi             installed   
php81-php-process.x86_64              8.1.3-1.el7.remi              installed   
php81-php-snmp.x86_64                 8.1.3-1.el7.remi              installed   
php81-php-soap.x86_64                 8.1.3-1.el7.remi              installed   
php81-php-sodium.x86_64               8.1.3-1.el7.remi              installed   
php81-php-tidy.x86_64                 8.1.3-1.el7.remi              installed   
php81-php-xml.x86_64                  8.1.3-1.el7.remi              installed   
php81-runtime.x86_64                  8.1-1.el7.remi                installed   
smeserver-vacation.noarch             1.1-33.el7.sme                @smecontribs
smeserver-wbl.noarch                  0.5.0-5.el7.sme               @smecontribs
 



===========================
Custom and modified templates
===========================
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients/81relayFromTrustedRemote: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/qmail/control/smtproutes/90AOLMail: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/dar/DailyBackup.dcf/41go-into: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/crontab/renouvelerSSL: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts40ACME: MANUALLY_ADDED, ADDITION




===========================
Modified events
===========================
/etc/e-smith/events/email-update/templates2expand/var/qmail/control/badmailfrom: MULTIPLE_RPM_OWNERS smeserver-wbl-0.5.0-5.el7.sme, smeserver-qpsmtpd-2.7.0-7.el7.sme
/etc/e-smith/events/email-update/templates2expand/var/service/qpsmtpd/config/badhelo: MULTIPLE_RPM_OWNERS smeserver-wbl-0.5.0-5.el7.sme, smeserver-qpsmtpd-2.7.0-7.el7.sme




=======================
Additional repositories
=======================

base: enabled
centosplus: disabled
extras: disabled
fasttrack: disabled
remi-safe: enabled
smeaddons: enabled
smecontribs: disabled
smedev: disabled
smeextras: enabled
smeos: enabled
smetest: disabled
smeupdates: enabled
smeupdates-testing: disabled
updates: enabled
   

DONE

Thanks



Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: erreur renouvellement certificat le's encrypt
« Reply #3 on: February 22, 2022, 10:16:05 PM »
Remove your crontab & httpd hacks, and use the contrib......

It is there to make your life easier, especially if you are not so experienced.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline chrica76

  • 19
  • +0/-0
Re: erreur renouvellement certificat le's encrypt
« Reply #4 on: February 23, 2022, 02:44:04 PM »
Hi

It is strange I not create crontab & httpd hacks  I remove it  .. this is the new "bug report"
Code: [Select]
Configuration report created mer 23 fév 2022 14:27:26 CET

==================
Base configuration
==================

SME server version:   10.0
SME server mode:      servergateway
SME server previous mode: servergateway
Running Kernel:        3.10.0-1160.53.1.el7.x86_64



===========================
New RPMs not in base system
===========================
       
Modules complémentaires chargés : fastestmirror, post-transaction-actions,
                                : priorities, smeserver
Loading mirror speeds from cached hostfile
 * base: centos.mirror.fr.planethoster.net
 * smeaddons: www.mirrorservice.org
 * smeos: www.mirrorservice.org
 * smeupdates: www.mirrorservice.org
 * updates: centos-mirror.usessionbuddy.com
Paquets supplémentaires
libicu69.x86_64                       69.1-2.el7.remi               installed   
php81-php.x86_64                      8.1.3-1.el7.remi              installed   
php81-php-bcmath.x86_64               8.1.3-1.el7.remi              installed   
php81-php-cli.x86_64                  8.1.3-1.el7.remi              installed   
php81-php-common.x86_64               8.1.3-1.el7.remi              installed   
php81-php-enchant.x86_64              8.1.3-1.el7.remi              installed   
php81-php-fpm.x86_64                  8.1.3-1.el7.remi              installed   
php81-php-gd.x86_64                   8.1.3-1.el7.remi              installed   
php81-php-imap.x86_64                 8.1.3-1.el7.remi              installed   
php81-php-intl.x86_64                 8.1.3-1.el7.remi              installed   
php81-php-ldap.x86_64                 8.1.3-1.el7.remi              installed   
php81-php-mbstring.x86_64             8.1.3-1.el7.remi              installed   
php81-php-mysqlnd.x86_64              8.1.3-1.el7.remi              installed   
php81-php-opcache.x86_64              8.1.3-1.el7.remi              installed   
php81-php-pdo.x86_64                  8.1.3-1.el7.remi              installed   
php81-php-pear.noarch                 1:1.10.13-1.el7.remi          installed   
php81-php-pecl-xmlrpc.x86_64          1.0.0~rc3-1.el7.remi          @remi-safe 
php81-php-pecl-zip.x86_64             1.20.0-1.el7.remi             installed   
php81-php-process.x86_64              8.1.3-1.el7.remi              installed   
php81-php-snmp.x86_64                 8.1.3-1.el7.remi              installed   
php81-php-soap.x86_64                 8.1.3-1.el7.remi              installed   
php81-php-sodium.x86_64               8.1.3-1.el7.remi              installed   
php81-php-tidy.x86_64                 8.1.3-1.el7.remi              installed   
php81-php-xml.x86_64                  8.1.3-1.el7.remi              installed   
php81-runtime.x86_64                  8.1-1.el7.remi                installed   
smeserver-vacation.noarch             1.1-33.el7.sme                @smecontribs
smeserver-wbl.noarch                  0.5.0-5.el7.sme               @smecontribs
 



===========================
Custom and modified templates
===========================
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients/81relayFromTrustedRemote: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/var/qmail/control/smtproutes/90AOLMail: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/dar/DailyBackup.dcf/41go-into: MANUALLY_ADDED, ADDITION




===========================
Modified events
===========================
/etc/e-smith/events/email-update/templates2expand/var/qmail/control/badmailfrom: MULTIPLE_RPM_OWNERS smeserver-wbl-0.5.0-5.el7.sme, smeserver-qpsmtpd-2.7.0-7.el7.sme
/etc/e-smith/events/email-update/templates2expand/var/service/qpsmtpd/config/badhelo: MULTIPLE_RPM_OWNERS smeserver-wbl-0.5.0-5.el7.sme, smeserver-qpsmtpd-2.7.0-7.el7.sme




=======================
Additional repositories
=======================

base: enabled
centosplus: disabled
extras: disabled
fasttrack: disabled
remi-safe: enabled
smeaddons: enabled
smecontribs: disabled
smedev: disabled
smeextras: enabled
smeos: enabled
smetest: disabled
smeupdates: enabled
smeupdates-testing: disabled
updates: enabled
   

DONE!

I Reboot
I try to reinstall contrib but the system says me:
Code: [Select]
]# yum --enablerepo=smecontribs install dehydrated
Modules complémentaires chargés : fastestmirror, post-transaction-actions, priorities, smeserver
Loading mirror speeds from cached hostfile
 * base: mirrors.ircam.fr
 * smeaddons: www.mirrorservice.org
 * smecontribs: www.mirrorservice.org
 * smeextras: www.mirrorservice.org
 * smeos: www.mirrorservice.org
 * smeupdates: www.mirrorservice.org
 * updates: mirrors.ircam.fr
Le paquet dehydrated-0.7.0-2.el7.noarch est déjà installé dans sa dernière version
Rien à faire

I re-do the configuration and I have the same problem
Thanks


Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: erreur renouvellement certificat le's encrypt
« Reply #5 on: February 23, 2022, 04:55:52 PM »
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline chrica76

  • 19
  • +0/-0
Re: erreur renouvellement certificat le's encrypt
« Reply #6 on: February 23, 2022, 05:15:16 PM »
I already do it of course.. I have the problem in the troubleshooting session  (Challenge fails with unauthorized 403 error) but the solution doesn't work for me.. :?

they already works few month ago..
I don't know what can I do more
Thanks

Offline krisden

  • *
  • 43
  • +0/-0
Re: erreur renouvellement certificat le's encrypt
« Reply #7 on: February 23, 2022, 08:17:15 PM »
(Challenge fails with unauthorized 403 error)

Il y a un problème de droits, c'est indiqué dans tes journaux   :-)
Tu obtiens quoi avec cette commande :
Code: [Select]
ls -als /home/e-smith/files/ibays/Primary/html/
Chez moi, je n'utilise pas l'ibay "Primary" pour le moment et la demande de certificat est établie pour l'ensemble du domaine :
Code: [Select]
total 4
0 drwxr-s---. 3 admin shared  42 20 janv. 11:18 .
0 drwxr-xr-x. 5 root  root    46 17 janv. 11:02 ..
4 -rw-r-----. 1 admin shared 202 21 nov.   2005 index.htm
0 drwxrwsr-x  3 www   shared  28 20 janv. 11:18 .well-known

Offline chrica76

  • 19
  • +0/-0
Re: erreur renouvellement certificat le's encrypt
« Reply #8 on: February 23, 2022, 09:23:02 PM »
Bonjour oui j'ai compris que j'ai un problème de droit mais je ne vois pas comment changer cela j'ai suivi les manips mais cela n'a rien changé je ne comprend pas pourquoi et je n'ai pas fait de changement sur ce serveur (pas d'installation particuliere , pas de changement de config) c'est ca qui est bizarre.
J'obtiens ca:
Code: [Select]
ls -als /home/e-smith/files/ibays/Primary/html/
total 4
0 drwxr-s---. 3 admin  shared  42  2 janv.  2018 .
0 drwxr-xr-x. 5 root   root    46 20 oct.   2014 ..
4 -rw-r-----  1 admin  shared 202 21 nov.   2005 index.htm
0 drwxrwsr-x  3 apache shared  28  2 janv.  2018 .well-known

du coup pour ne pas utilisé l'ibay primary je me demandais comment changer en créant une nouvelle ibay , ce serveur n'heberge pas de site , juste le webmail et les mail donc je peut changer d'ibay sans problème
« Last Edit: February 23, 2022, 09:25:09 PM by chrica76 »

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: erreur renouvellement certificat le's encrypt
« Reply #9 on: February 23, 2022, 10:02:23 PM »
Please don't start taking wild guesses at solutions.

Do not try and recreate or use another ibay.

You will just make more issues which makes it harder to debug this.

When did you upgrade to v10?

Was letsencrypt working after restore? How did you test it?

Can you view the index file here?

http://mail.***.com/index.htm

http://host.***.com/index.htm

I sometimes make a text file and chmod it 0666 and then see if you can access it like this:

http://mail.***.com/.well-known/acme-challenge/testfile.txt

Please post the output of

Code: [Select]
grep 102 /etc/passwd
There is a command that should set the user and directory permissions on Primary correctly but I always forget which. Someone will probably post it later.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline chrica76

  • 19
  • +0/-0
Re: erreur renouvellement certificat le's encrypt
« Reply #10 on: February 23, 2022, 10:56:17 PM »
I do the update last year i install V10 and restore backup from V8 whitout a lot problem
the script desyhadred already work some time  I use it for few month the iphone,android,outlook ,thunderbird can download mail whithout certificate error  at this time the certificat is correct but it is stop in one week I m already have a problem whith let's encrypt encryption format (see my older post) but it is not the same problem


I can't acces to index.htm    (403 forbidden) idem for mail.***.com/index.htm and host.***.com/index.htm

problem authorization for apache?

the webmail (mail.***.com/webmail)  work good it use apache too?

I creat the test.txt I do
Code: [Select]
chmod -R 0666 test.txt
That is correct?
and try to acces https://mail.***.com/.well-known/acme-challenge/test.txt

but same error 403 forbidden


I do the command
Code: [Select]
grep 102 /etc/passwdthe result is
Code: [Select]
[root@www1 ~]# grep 102 /etc/passwd
apache:x:102:102:Apache:/var/www:/sbin/nologin
www:x:102:102:SME Server web server:/home/e-smith:/bin/false
thanks




Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: erreur renouvellement certificat le's encrypt
« Reply #11 on: February 24, 2022, 12:36:17 AM »
la contrib n’est pas dehydrated mais smeserver-letsencrypt


yum install smeserver-letsencrypt —enablerepo=smecontribs

puis il faut suivre le reste de la page indiqué par John pour finit la configuration. 

Offline chrica76

  • 19
  • +0/-0
Re: erreur renouvellement certificat le's encrypt
« Reply #12 on: February 24, 2022, 08:28:41 AM »
Bonjour
j'obtient le meme resultat en faisant cette commande:
Code: [Select]
yum install smeserver-letsencrypt —enablerepo=smecontribs
Modules complémentaires chargés : fastestmirror, post-transaction-actions, priorities, smeserver
Loading mirror speeds from cached hostfile
 * base: centos.crazyfrogs.org
 * smeaddons: www.mirrorservice.org
 * smeextras: www.mirrorservice.org
 * smeos: www.mirrorservice.org
 * smeupdates: www.mirrorservice.org
 * updates: centos.crazyfrogs.org
Le paquet smeserver-letsencrypt-0.5-18.noarch est déjà installé dans sa dernière version
j'ai suivi les opérations a faire j'arrive bien a faire une demande de certificat mais j'arrive toujours sur l'erreur de droit d'acces décrite dans les troubleshooting.. :sad:  je fais la manip decrite mais cela ne fonctionne pas , et a priori cela est plus global comme problème puisque je n'arrive meme pas a acceder a index.htm a la racine du server en local ou en distant c'est le même résultat
Merci

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: erreur renouvellement certificat le's encrypt
« Reply #13 on: February 24, 2022, 01:42:47 PM »
Quote

je n'arrive meme pas a acceder a index.htm a la racine du server en local ou en distant c'est le même résultat


ma voiture ne marche pas, dites moi ce qui ne va pas.

voyez vous le parallèle ?
Aucune information precise, nous ne somme pas assis à votre place pour voir l’erreur, entendre le son de la voiture, voir ce que vous faites avec votre clef de démarreur etc. Et nous n’avons pas de boule de cristal.

Aidez nous à vous aide.

Décrivez ce que vous faites, précisément : adresse tapée, navigateur, emplacement reseau. Expliquez ce wue vous vous attendez à voir. Expliquez ce que vous voyez. Message exact d’erreur affiché. pas Ca marche pas. 

Niveau suivant, affichez le log dans putty et recopier exactement l’erreur au moment que vous tentez d’y accéder.
tail -f /var/log/httpd/error_log


Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: erreur renouvellement certificat le's encrypt
« Reply #14 on: February 24, 2022, 02:56:56 PM »
Quote
I followed the operations to be done I manage to make a certificate request

Write down EXACTLY what steps you took, in detail.

You must be clear, accurate, and describe precisely the steps you took so that we can try and replicate them.

Quote
I can't access to index.htm    (403 forbidden) idem for mail.***.com/index.htm and host.***.com/index.htm

If you cannot access Primary/html/index.htm via a browser then Letsencrypt is NEVER going to be able to view anything in /.well-known/acme-challenge

So before attempting to make Letsencrypt work you should concentrate on fixing that issue first.

Did you reset modSSL ?

https://wiki.koozali.org/Letsencrypt#Certificate_Errors

I suggest you try that first and make sure you can access Primary, and webmail, using the self signed certificate.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation