Topic: unable to refresh ssl certificate for Dovecot.

[julianop]

Excellent, I'm glad to help. I'll do that later today.

Meanwhile, for the good of the party, here's a quick status on the "Manage SSL certificates" contrib panel issue.
I successfully set up a fresh VM install of 10.1 last night, and installed the contrib panel.
The three data fields on the panel came up empty, which is distinctly different from those on my perm install, which persistently show the file data for the self-cert configuration, and I can't clear them (clearing contents, hit "save", merely refills them with the same info.
On the VM install, I noted that /etc/dovecot/ssl/imapd.pem had been written during install with self-cert data.
I pasted real cert data into the three fields on the add-on page, hit save, got the now-infamous timeout message, and noticed that /etc/dovecot/ssl/imapd.pem had NOT been updated.
I'll reinstall the VM from scratch and repeat the process, and gather more data...

Wait... ES Guinness is translucent??? That's horrific !

[julianop]

Update:
For no particular reason (and I have got similar results doing this before before)...
In a fresh install of the VM I selected the "E-mail" panel, then immediately re-selected the Manage SSL certificates panel, re-entered my certificate/key/chain data, clicked Save, the data was accepted, and I received the message "Success Operation status report" "Success - New Certificate details written" (i.e. no "Operation status report Error: CSRF token is invalid or outdated" timeout error).

I notice this time that /etc/dovecot/ssl/imapd.pem WAS updated, and is correct - a concatenation of the three files.

Of course, after this, my browser - running server-manager - saw the new key, and needed to be refreshed, as anticipated. The correct crt/key/chain data now continues to show up in the fields on the "Manage SSL Certificates" panel.

What is also interesting, is that if I hit "Save" again, without updating the (now correct) data in the crt/key/chain fields, I do NOT get the "Operation status report Error: CSRF token is invalid or outdated" error.

That's the new VM install, of course: the "Manage SSL certs" panel on my perm install still won't work. I recreated the self-cert crt/key pair in /etc/pki/dovecot/certs & key directories, and now I can clear the fields in the manager panel, but it still won't accept my "real" files. The "config setprop..." method works.

There's a lot of stuff there; I hope it helps.

[ReetP]

Wait... ES Guinness is translucent??? That's horrific !

Almost.... they don't like it thick and sticky here!

[ReetP]

Update:

There's a lot of stuff there; I hope it helps.

Indeed there is. You need to be super methodical here and describe each step concisely.

Couple of things.

One. Test on a clean install.

Two. Then try to change certs (may be able to use phpki-ng on another box to generate your own test certs?)

Three. Try on a restored install.


Make sure your browser is completely clear between attempts - I find caching is way awkward to clear these days unless you destroy your browser profile entirely.