Koozali.org: home of the SME Server
Obsolete Releases => SME 9.x Contribs => Topic started by: gwag on June 13, 2017, 06:54:32 PM
-
Question
- example from wiki:
domain2.com
www.domain2.com
mail.domain2.com
In my case
domain2.com -> points to ip address of hosting service
www.domain2.com -> points to ip address of hosting service
mail.domain2.com -> points to ip address SME server
would I just do a "db hosts setprop mail.domain2.com letsencryptSSLcert enabled" ??
seems like if I did it for the domain it would just fail.
Thanks in advance.
-
give it a whirl and report back. It sounds correct to me. Not sure if the cert will create with no domain name at all or not. I have not tested it.
I do know that any domain or host name you are requesting a certificate for MUST resolve to the SME server...
-
Question
- example from wiki:
domain2.com
www.domain2.com
mail.domain2.com
In my case
domain2.com -> points to ip address of hosting service
www.domain2.com -> points to ip address of hosting service
mail.domain2.com -> points to ip address SME server
would I just do a "db hosts setprop mail.domain2.com letsencryptSSLcert enabled" ??
seems like if I did it for the domain it would just fail.
Thanks in advance.
for an easy and quick answer : yes
db hosts setprop mail.domain2.com letsencryptSSLcert enabled
will do the trick and allow you to have a valid SSL certificate for your SME server.
if you want to connect to the manager you will simply do
https://mail.domain2.com/server-manager
and everything will run smoothly. The same to connect to the mail with pops, imaps or smtps using mail.domain2.com, or event with webmai using https://db hosts setprop mail.domain2.com letsencryptSSLcert enabled
if you want to create also a SSL certificate for www.domain2.com and domain2.com you will need to install the dehydrated script on your hosting service or to use DNS validation amd some custom templates.
-
It did not work for me shows same old certificate and had no errors.
modSSL=service
CipherSuite=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
TCPPort=443
access=public
status=enabled
Perhaps the CipherSuite line is causing issues?
-
this is what I would do if it were mine..
config delprop modSSL CipherSuite
Not sure what all that might break though.....
https://wiki.contribs.org/Letsencrypt#Certificate_Errors
-
It did not work for me shows same old certificate and had no errors.
modSSL=service
CipherSuite=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
TCPPort=443
access=public
status=enabled
Perhaps the CipherSuite line is causing issues?
it did not work is not enough to helpyou there.
what did you do ?
what did you expected?
what did you see?
a successfull run should look like
# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
+ Generating account key...
+ Registering account key with ACME server...
Processing test9v1.canada.pialasse.com
+ Signing domains...
+ Creating new directory /etc/dehydrated/certs/test9v1.canada.pialasse.com ...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for test9v1.canada.pialasse.com...
NDTzpJKFcD8OGK54CZCoRuXEAW4CEfc_V9fUFthvuJM 100% 87 0.1KB/s 00:00
+ Responding to challenge for test9v1.canada.pialasse.com...
+ Challenge is valid!
+ Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
Set up modSSL db keys
Signal events
All complete
+ Done!
#
if you got
# dehydrated -c
#
or any variation without the "All complete
+ Done!" then you need to rerun it
-
Thank you Jean-Philippe. That was helpful. I redid the manual steps and it seems to have worked I had some permission issues. but was bale to work them out.