Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Recent Posts

Recent Posts

Pages: 1 ... 6 7 [8] 9 10
71
Koozali SME Server 11.x / Re: Letsencrypt panel is looking great!
« Last post by TerryF on August 22, 2025, 11:21:40 PM »
Quote from: compdoc on August 22, 2025, 06:58:59 PM
Hope this helps others to get Letsencrypt working on Beta. I used this bug report to get the clues I needed:

You just showed why we want people pushing the beta as far as they can, many hands make .....
72
Koozali SME Server 11.x / Enabling Letsencrypt on Beta
« Last post by compdoc on August 22, 2025, 07:16:41 PM »
**ooops, misspelled the name of the CertificateChainFile, and added a line for compatibility as suggested in the bug report by Jean-Philippe Pialasse**

Hope this helps others to get Letsencrypt working on Beta. I used this bug report to get the clues I needed:

https://bugs.koozali.org/show_bug.cgi?id=10920

Once Beta is installed and updated, use smanager's Letsencrypt Certificate panel to set the Config:

Service Status  Enabled
Hookscript Status  Enabled
Hostoverride Status  Disabled
Accept Terms Status  Yes
API Status  2
Keysize Status  2048
Configure mode Status  NONE
Email  postmaster@domain.com


When you modify modSSL with the cert locations as shown below, it causes the changes to be automatically written to /etc/httpd/conf/httpd.conf whenever dehydrated is run. This allows httpd to find and use the certs. Im using the suggested path to store the certs.

Im only enabling one hostname to receive a cert. Be sure to point your firewall to the host, and that the hostname exists in your external and internal DNS records...

Enter the following commands in a terminal window:

mkdir -p /var/www/html/.well-known/acme-challenge
chown www:www -R /var/www/html/.well-known

db hosts show
db hosts setprop tester.domain.com letsencryptSSLcert enabled

config show modSSL
config setprop modSSL CertificateChainFile "/etc/dehydrated/certs/tester.domain.com/chain.pem"
config setprop modSSL key "/etc/dehydrated/certs/tester.domain.com/privkey.pem"
config setprop modSSL crt "/etc/dehydrated/certs/tester.domain.com/cert.pem"
 
nano /etc/e-smith/templates/etc/dehydrated/config/45Algorithm
(uncomment the last line to enable RSA and save the file)
KEY_ALGO=rsa


For backward compatibility enter the command:

ln -s /var/www/html/.well-known /home/e-smith/files/ibays/Primary/html/.well-known

signal-event letsencrypt-config
dehydrated -c
73
Koozali SME Server 11.x / Re: Letsencrypt panel is looking great!
« Last post by compdoc on August 22, 2025, 06:58:59 PM »
**ooops, misspelled the name of the CertificateChainFile, and added a line for compatibility as suggested in the bug report by Jean-Philippe Pialasse**

Hope this helps others to get Letsencrypt working on Beta. I used this bug report to get the clues I needed:

https://bugs.koozali.org/show_bug.cgi?id=10920

Once Beta is installed and updated, use smanager's Letsencrypt Certificate panel to set the Config:

Service Status  Enabled
Hookscript Status  Enabled
Hostoverride Status  Disabled
Accept Terms Status  Yes
API Status  2
Keysize Status  2048
Configure mode Status  NONE
Email  postmaster@domain.com


When you modify modSSL with the cert locations as shown below, it causes the changes to be automatically written to /etc/httpd/conf/httpd.conf whenever dehydrated is run. This allows httpd to find and use the cert.
Im only enabling one hostname to receive a cert. Be sure to point your firewall to the host...


Enter the folowing commands in a terminal window:

mkdir -p /var/www/html/.well-known/acme-challenge
chown www:www -R /var/www/html/.well-known

db hosts show
db hosts setprop tester.domain.com letsencryptSSLcert enabled

config show modSSL
config setprop modSSL CertificateChainFile "/etc/dehydrated/certs/tester.domain.com/chain.pem"
config setprop modSSL key "/etc/dehydrated/certs/tester.domain.com/privkey.pem"
config setprop modSSL crt "/etc/dehydrated/certs/tester.domain.com/cert.pem"
 
nano /etc/e-smith/templates/etc/dehydrated/config/45Algorithm
(uncomment the last line to enable RSA and save the file)
KEY_ALGO=rsa


For backward compatibility enter the command:

ln -s /var/www/html/.well-known /home/e-smith/files/ibays/Primary/html/.well-known

signal-event letsencrypt-config
dehydrated -c
74
Koozali SME Server 11.x / Re: Letsencrypt panel is looking great!
« Last post by ReetP on August 22, 2025, 02:11:57 PM »
 :hammer:

Thanks.
75
Koozali SME Server 11.x Contribs / Re: SME 11 Fail2Ban
« Last post by ReetP on August 22, 2025, 02:05:00 PM »
The state of contribs has been mentioned multiple times.

https://forums.koozali.org/index.php/topic,55285.0.html

https://forums.koozali.org/index.php/topic,55297.0.html

And probably several other places.

They'll get looked at as time allows.

Happy for anyone else to volunteer to help......
76
Koozali SME Server 11.x / Re: Letsencrypt panel is looking great!
« Last post by Knuddi on August 22, 2025, 10:52:31 AM »
You are right, have just been out of the SME world for a while - thank you for the hard work!!

Bug created: https://bugs.koozali.org/show_bug.cgi?id=13109

Will utilize the beta for mail only and test very carefully, likely to also bring some functionality from many year within a mail filtering company into play.
77
Koozali SME Server 11.x Contribs / SME 11 Fail2Ban
« Last post by wdepot on August 22, 2025, 01:13:05 AM »
Now that SME 11 is in Beta I plan to start testing migration from SME 10 to SME 11. However I noticed that Fail2Ban is not on the SME 11 smecontribs-testing list. Since that is one contribution I use extensively I was wondering if there is a problem with it under SME 11 or if it is just one of those things that there hasn't been time to update it for the new SME yet.
78
Koozali SME Server 11.x / Re: Letsencrypt panel is looking great!
« Last post by ReetP on August 21, 2025, 11:19:19 PM »
Quote from: Knuddi on August 21, 2025, 10:23:20 PM
Sorry to spam here and not in Bugzilla.....

So don't.

Do what we always say and open a bug or ask on Rocket - you have an account?

Remember, this is Beta, not a production release.

It is likely to have lots of bugs, but hopefully not breaking ones.

Bug it.
79
Koozali SME Server 11.x / Re: Letsencrypt panel is looking great!
« Last post by Knuddi on August 21, 2025, 10:53:30 PM »
Resolved (that was a tough one..). It turned out that the default public key algorithm (secp384r1 ) used in dehydrated is not supported in SME 11x. When I changed to a plain rsa configuration, all turned green

# Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
# KEY_ALGO=secp384r1 (default)
#elliptic curve was not supported  (qpsmtpd and perl-IO-Socket-SSL < 1.95)
# SME 11 has perl-IO-Socket-SSL-2.066
KEY_ALGO=rsa


To keep this permanent the template must be changed in:
/etc/e-smith/templates/etc/dehydrated/config/45Algorithm


80
Koozali SME Server 11.x / Re: Letsencrypt panel is looking great!
« Last post by Knuddi on August 21, 2025, 10:23:20 PM »
Sorry to spam here and not in Bugzilla.....

I think the cause has been found in /etc/e-smith/templates/home/e-smith/ssl.pem/20key and "related_key_cert"

my $key = ( defined $modSSL{'key'} and defined $modSSL{'crt'} and related_key_cert($modSSL{'key'},$modSSL{'crt'}) ) ? $modSSL{'key'}  : $dkey;


It seems that the Let's Encrypt certificates are not related in this check and hence are not used for any other certificates in the system. The HTTPS (http.conf) is not using this check.

Could it be related to https://bugs.koozali.org/show_bug.cgi?format=multiple&id=11620?

Pages: 1 ... 6 7 [8] 9 10