ssl / mail / hostname / certificate trouble

General questions about VestaCP
skurudo
VestaCP Team
Posts: 7798
Joined: Fri Dec 26, 2014 2:23 pm
Location: Moscow
Contact:

Re: ssl / mail / hostname / certificate trouble

Postby skurudo » Mon Jul 27, 2015 2:47 pm

user_chris wrote:small mistake big impact
// I think that was also the problem of the first attempt of mine?!


Nope, it's just happen ;-)

BBuchanan1013
Posts: 139
Joined: Thu Jan 07, 2016 12:01 am

Re: ssl / mail / hostname / certificate trouble

Postby BBuchanan1013 » Thu Jan 07, 2016 12:16 am

I know this is an older post but I have working instructions:

I copied / pasted information over from nginx


Make sure your SSL is working on the panel. I had to rename my domains crt to pem (this is in /usr/local/vesta/nginx/conf/nginx.conf):

Code: Select all

ssl_certificate      /usr/local/vesta/ssl/ssl.domain.tld.pem;
        ssl_certificate_key  /usr/local/vesta/ssl/ssl.domain.tld.key;


Then restart vesta:

Code: Select all

service vesta restart


if it fails to start, read what ssh is telling you, on CentOS 7 you can use:

Code: Select all

systemctl vesta.service -l


This will generally be a mismatch. Which happened to me a billion times til I figured out to rename my domain.tld.crt to ssl.domain.tld.pem and copy the key from /home/user/conf/web/ to /usr/local/vesta/ssl.domain.tld.key

Now with all that junk outta the way, time to work on the mail service.

In /etc/dovecot/conf.d/10-ssl.conf:

Code: Select all

ssl = yes
ssl_cert = </usr/local/vesta/ssl/ssl.domain.tld.pem
ssl_key = </usr/local/vesta/ssl/ssl.domain.tld.key


Restart dovecot: (note: this might take a moment, depending on the server, took me nearly 15-20 seconds)

Code: Select all

service dovecot restart


Now onto exim:
In /etc/exim/exim.conf find the lines that start with:tls_certificate

Code: Select all

tls_certificate = /usr/local/vesta/ssl/ssl.domain.tld.pem
tls_privatekey = /usr/local/vesta/ssl/ssl.domain.tld.key


Restart exim:

Code: Select all

service exim restart


Now in your email client, you can run SSL\TLS. Pop 995 and SMTP 465.

webass
Posts: 83
Joined: Sat Nov 15, 2014 1:16 am

Re: ssl / mail / hostname / certificate trouble

Postby webass » Wed Jun 08, 2016 10:24 am

Hi,
I have just one domain which uses lets cert SSL ... it has its own webfolder and all.
And the SSL is attached in this webfolder at all.
Now, when sending email it doesnt save them in folder "sent" anymore.
But the email is sent correctly. when I just change the setting in thunderbird to SSL/TLS.
Curious

webass
Posts: 83
Joined: Sat Nov 15, 2014 1:16 am

Re: ssl / mail / hostname / certificate trouble

Postby webass » Sat Jun 11, 2016 9:02 am

I now saw, that I can use it normally on webmail , but I cannot set the mailbox up in thunderbird.
Then I took the SSL cert out again.

Now I still cannot set a mailbox up in thunderbird.
It doesnt accept any tried setting.

mephivio
Posts: 161
Joined: Thu Mar 27, 2014 7:35 am
Location: France

Re: ssl / mail / hostname / certificate trouble

Postby mephivio » Tue Sep 06, 2016 7:31 pm

is it working if you have several domains on the same vesta (1 certificate per domain ?) ?
thx

krok
Posts: 61
Joined: Wed Oct 01, 2014 10:58 am

Re: ssl / mail / hostname / certificate trouble

Postby krok » Thu Sep 29, 2016 5:14 pm

Any update on this? i cant access using different mail clients, then i get greetings errors, tls errors.

user_chris
Posts: 12
Joined: Fri May 01, 2015 11:28 am

Re: ssl / mail / hostname / certificate trouble

Postby user_chris » Mon Oct 17, 2016 4:07 pm

mephivio wrote:is it working if you have several domains on the same vesta (1 certificate per domain ?) ?
thx


Multiple certificates for the domains is not a problem.
Mails are sent via the hostname...

user_chris
Posts: 12
Joined: Fri May 01, 2015 11:28 am

Re: ssl / mail / hostname / certificate trouble

Postby user_chris » Mon Oct 17, 2016 4:09 pm

krok wrote:Any update on this? i cant access using different mail clients, then i get greetings errors, tls errors.


With me everything works - last week the certificate renewed

luckywonder
Posts: 5
Joined: Fri Sep 23, 2016 3:29 pm

Re: ssl / mail / hostname / certificate trouble

Postby luckywonder » Tue Oct 17, 2017 2:04 pm

how to modify the certificate to have mail rights

SSL_CTX_use_PrivateKey_file file=/home/admin/conf/web/ssl.******************.key): error:0200100D:system library:fopen:Permission denied


when updating my permissions to root:root, but I need to have privileges root:mail


Return to “General Discussion”



Who is online

Users browsing this forum: No registered users and 6 guests