Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: sektor on August 21, 2016, 03:40:09 PM
-
The SSL expiration fix that was implemented I don't remember one seems to be rotating my certificates nightly instead of what it is supposed to be yearly I believe thus causing my e-mail clients to have to accept a new certificate every day. Any thoughts would be much appreciated. Also is there a way to incorporate the let's encrypt certificates in this version I see it is planned for 10. Thanks and have a blessed day.
Date: 21 Aug 2016 07:17:15 -0000 (08/21/2016 03:17:15 AM)
/etc/cron.daily/conf-mod_ssl:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:State or Province Name (full name) []:Locality Name (eg, city) [Default City]:Organization Name (eg, company) [Default Company Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []:Email Address []
-
If you think there is a bug please add it to the bug tracker.
Check the wiki for how to implement Letsencrypt. You can do it manually or via a contrib.
It is planned to incorporate it in SME at some point but there are no dates.
B. Rgss
John
-
The SSL expiration fix that was implemented ...
Which fix? When?
Date: 21 Aug 2016 07:17:15 -0000 (08/21/2016 03:17:15 AM)
/etc/cron.daily/conf-mod_ssl:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
If you are seeing that every day, then there is a problem to be fixed. Please report full details to the bug tracker.
Thanks
-
I don't remember exactly I know it was talked about on this forum.
-
As to Letsencrypt, see https://wiki.contribs.org/Letsencrypt. John Crisp's contrib works quite well for me, or you can follow the instructions to use letsencrypt.sh.
-
Thank you.
-
Completely confusing thread. Especially when there are no answers to the basic questions of Charlie. The topic said nothing about letsenrypt, so the replies on that are off topic.
-
The topic said nothing about letsenrypt, so the replies on that are off topic.
Also is there a way to incorporate the let's encrypt certificates in this version I see it is planned for 10.
-
My bad Dan, thx.
-
I apologize if I confused anyone with my topic and what I can recall about the certificate issue is that it was in regard to the expiration of the self signed certificate and I tried looking for the post but was not able to locate it, so an update was released that created a cron job to make sure that would happen on a yearly basis, but for some reason mine updates nightly at midnight I will gladly submit a bug report on the issue.
In regards to the off topic of letsencrypt thank you for the responses I will gladly look at that information.
I think what I am going to do is backup my server, wipe and reload it and just restore the user directories and e-mails as there maybe something going on with my config.
-
sektor
Js it a bug or maybe just a misconfiguration ???
You should be able to set the expiry time using the steps outlined here:
https://wiki.contribs.org/Certificates_Concepts#Expiration_time_of_the_self_signed_certificate
If that does not resolve your issue, then you should lodge a bug report.
-
Well I started experiencing other issues as well like I couldn't ssh to the box locally, I was getting a proxy error saving certain configs and it's not a configuration I really messed with and if it was some type of bug I would think others would assume others would have seen it but regardless reloading it solved the issue but thanks for your input.
sektor
Js it a bug or maybe just a misconfiguration ???
You should be able to set the expiry time using the steps outlined here:
https://wiki.contribs.org/Certificates_Concepts#Expiration_time_of_the_self_signed_certificate
If that does not resolve your issue, then you should lodge a bug report.
-
Well I started experiencing other issues as well like I couldn't ssh to the box locally, I was getting a proxy error saving certain configs and it's not a configuration I really messed with and if it was some type of bug I would think others would assume others would have seen it but regardless reloading it solved the issue but thanks for your input.
Can you rephrase and be very specific about all details please? This sentence makes no sence to me at all.
-
Can you rephrase and be very specific about all details please? This sentence makes no sence to me at all.
Sorry I was mobile, but what I meant to say was while I was trying to get data to submit a bug report as I was not at home I started experiencing other issues in addition to the ssl issue such as unable to ssh into my box even from the same network despite the remote access settings being set correctly and I was also receiving a proxy error trying to adjust a setting on the server manager interface.
At which point I decided to backup and reload my server only restoring my data as well as any contrib that I installed and everything is functioning normally.
Maybe I did have some messed configs even though I'm not sure how as I really don't change much and normally apply whatever updates come out.
-
I'm seeing the same issue this morning via an email.
Can anyone confirm if this a bug or a different issue ? I don't fancy having to rebuild the server to fix.
-
Please open a bug and describe exactly what you are seeing so we can check if there is a bug, and fix it if there is one
-
Thanks, Will do..
-
david000
Please post the bug number here so others can follow.
-
So in almost 5 months nobody else had an issue? Sounds like a local issue to me...
-
So in almost 5 months nobody else had an issue? Sounds like a local issue to me...
Yep, I only asked as a search turned up the possibility that it may be a bug so I replied to the topic.
The error hasn't repeated (so far) so fingers crossed it's sorted it's self out.
-
The bug report number was requested. Devs don't pick up issues here.
-
Thanks, Will do..
Still waiting ...
-
Still waiting ...
Sorry, it was a one time issue that has not repeated, so I didn't want to cause you guys work. That said if it's helpful I'm happy to write it up ?