ssl / mail / hostname / certificate trouble

General questions about VestaCP
user_chris
Posts: 12
Joined: Fri May 01, 2015 11:28 am

ssl / mail / hostname / certificate trouble

Postby user_chris » Fri May 01, 2015 12:15 pm

Hello,

I've got a problem with the SSL certificate.
This has been registered and is applied in Vesta-user area:
(home/user1/conf/web/ .. ca; crt; key; pem // comodo)

when calling the domain:
https://domain.tld and https://www.domain.tld

it works well.


What does not work:

when connecting to the mail program is the error no valid certificate
- Goes back to the root certificate. (/usr/local/vestal/ssl/ ..crt ; key)

IMAP hostname: domain.tld
IMAP port: 993
IMAP ssl: YES
IMAP security: STARTTLS
IMAP auth method: Normal password

SMTP hostname: domain.tld
SMTP port: 465
SMTP ssl: YES
SMTP security: STARTTLS
SMTP auth method: Normal password

as the sign in the Panel: https://domain.tld:8083 and https://www.domain.tld: 8083
- Goes back to the root certificate. (/usr/local/vestal/ssl/ ..crt ; key)

Can anyone help? Thanks!

skurudo
VestaCP Team
Posts: 7798
Joined: Fri Dec 26, 2014 2:23 pm
Location: Moscow
Contact:

Re: ssl / mail / hostname / certificate trouble

Postby skurudo » Tue May 05, 2015 1:29 pm

Hi.

/usr/local/vesta/nginx/conf/nginx.conf - add path with certs for VestaCP (same as your working fine site) - ssl_certificate and ssl_certificate_key
and
/etc/exim4/exim4.conf.template -- tls_certificate and tls_privatekey

user_chris
Posts: 12
Joined: Fri May 01, 2015 11:28 am

Re: ssl / mail / hostname / certificate trouble

Postby user_chris » Tue May 05, 2015 5:33 pm

Thanks Skurudo,

I have several users, each with a certificate

(home/user1/conf/web/ .. ssl.domain1.tld.ca; crt; key; pem)
(home/user2/conf/web/ .. ssl.domain2.tld.ca; crt; key; pem)

Can I specify a dynamic path or I need to one for each domain/user ?

/usr/local/vesta/nginx/conf/nginx.conf
/etc/exim4/exim4.conf.template

Chris

skurudo
VestaCP Team
Posts: 7798
Joined: Fri Dec 26, 2014 2:23 pm
Location: Moscow
Contact:

Re: ssl / mail / hostname / certificate trouble

Postby skurudo » Tue May 05, 2015 5:47 pm

user_chris wrote:Can I specify a dynamic path or I need to one for each domain/user ?


Chris, nope, not so simple. There's a way to use different certificates, but in pair IP+certificate for exim.

In /usr/local/vesta/nginx/conf/nginx.conf need to use different server settings.

It's non-automatic way, I think.

user_chris
Posts: 12
Joined: Fri May 01, 2015 11:28 am

Re: ssl / mail / hostname / certificate trouble

Postby user_chris » Tue May 12, 2015 8:40 am

So now I found a solution ...

First I changed the paths which has partially works:

/usr/local/vesta/nginx/conf/nginx.conf

Code: Select all

ssl_certificate /home/admin/conf/web/ssl.domain.tld.crt;
ssl_certificate_key /home/admin/conf/web/ssl.domain.tld.key;

Login to the panel with the right certificate.

/etc/exim4/exim4.conf.template

Code: Select all

tls_certificate = /home/admin/conf/web/ssl.domain.tld.crt
tls_privatekey = /home/admin/conf/web/ssl.domain.tld.key

The mail server has received but not sent.

etc/dovecot/conf.d/10-ssl.conf

Code: Select all

ssl_cert = </home/admin/conf/web/ssl.domain.tld.crt
ssl_key = </home/admin/conf/web/ssl.domain.tld.key

Here the correct certificate in IMAP was used in the mail program.

With the configuration therefore only partially satisfied.
So all the paths back to standard.

/usr/local/vesta/ssl
Here I have now saved the COMODO certificates and renamed

ssl.domain.tld.crt —> certificate.crt
ssl.domain.tld.key —> certificate. key

Now, the certificates are used properly

skurudo
VestaCP Team
Posts: 7798
Joined: Fri Dec 26, 2014 2:23 pm
Location: Moscow
Contact:

Re: ssl / mail / hostname / certificate trouble

Postby skurudo » Tue May 12, 2015 9:07 am

user_chris wrote:So now I found a solution ...


Ok, it's nice solution. I think before, you'll use two or more certificates for mail

user_chris
Posts: 12
Joined: Fri May 01, 2015 11:28 am

Re: ssl / mail / hostname / certificate trouble

Postby user_chris » Mon Jul 27, 2015 9:50 am

I update new vesta
and my solution no longer works
mails are no longer sent

the certificate is, however, of startssl can that be the cause?
or somewhere must still go a .pem file?

Would also your support avail, if you can solve the problem.

thanks

skurudo
VestaCP Team
Posts: 7798
Joined: Fri Dec 26, 2014 2:23 pm
Location: Moscow
Contact:

Re: ssl / mail / hostname / certificate trouble

Postby skurudo » Mon Jul 27, 2015 10:20 am

mails are no longer sent


And what's in logs?

user_chris
Posts: 12
Joined: Fri May 01, 2015 11:28 am

Re: ssl / mail / hostname / certificate trouble

Postby user_chris » Mon Jul 27, 2015 1:20 pm

Code: Select all

2015-07-27 13:07:37 TLS error on connection from xdsl-xx-xx-xx-x.xxxxx.de [xx.xx.xxx.xxx] (cert/key setup: cert=/usr/local/vesta/ssl/certificate.crt key=/usr/local/vesta/ssl/certificate.key): Error while reading file.

user_chris
Posts: 12
Joined: Fri May 01, 2015 11:28 am

Re: ssl / mail / hostname / certificate trouble

Postby user_chris » Mon Jul 27, 2015 1:52 pm

small mistake big impact

group of the file was root not mail ;)

changed - now it sent ..

// I think that was also the problem of the first attempt of mine?!


Return to “General Discussion”



Who is online

Users browsing this forum: No registered users and 10 guests

cron