We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
ssl / mail / hostname / certificate trouble
-
- Posts: 12
- Joined: Fri May 01, 2015 11:28 am
ssl / mail / hostname / certificate trouble
Hello,
I've got a problem with the SSL certificate.
This has been registered and is applied in Vesta-user area:
(home/user1/conf/web/ .. ca; crt; key; pem // comodo)
when calling the domain:
https://domain.tld and https://www.domain.tld
it works well.
What does not work:
when connecting to the mail program is the error no valid certificate
- Goes back to the root certificate. (/usr/local/vestal/ssl/ ..crt ; key)
IMAP hostname: domain.tld
IMAP port: 993
IMAP ssl: YES
IMAP security: STARTTLS
IMAP auth method: Normal password
SMTP hostname: domain.tld
SMTP port: 465
SMTP ssl: YES
SMTP security: STARTTLS
SMTP auth method: Normal password
as the sign in the Panel: https://domain.tld:8083 and https://www.domain.tld: 8083
- Goes back to the root certificate. (/usr/local/vestal/ssl/ ..crt ; key)
Can anyone help? Thanks!
I've got a problem with the SSL certificate.
This has been registered and is applied in Vesta-user area:
(home/user1/conf/web/ .. ca; crt; key; pem // comodo)
when calling the domain:
https://domain.tld and https://www.domain.tld
it works well.
What does not work:
when connecting to the mail program is the error no valid certificate
- Goes back to the root certificate. (/usr/local/vestal/ssl/ ..crt ; key)
IMAP hostname: domain.tld
IMAP port: 993
IMAP ssl: YES
IMAP security: STARTTLS
IMAP auth method: Normal password
SMTP hostname: domain.tld
SMTP port: 465
SMTP ssl: YES
SMTP security: STARTTLS
SMTP auth method: Normal password
as the sign in the Panel: https://domain.tld:8083 and https://www.domain.tld: 8083
- Goes back to the root certificate. (/usr/local/vestal/ssl/ ..crt ; key)
Can anyone help? Thanks!
Re: ssl / mail / hostname / certificate trouble
Hi.
/usr/local/vesta/nginx/conf/nginx.conf - add path with certs for VestaCP (same as your working fine site) - ssl_certificate and ssl_certificate_key
and
/etc/exim4/exim4.conf.template -- tls_certificate and tls_privatekey
/usr/local/vesta/nginx/conf/nginx.conf - add path with certs for VestaCP (same as your working fine site) - ssl_certificate and ssl_certificate_key
and
/etc/exim4/exim4.conf.template -- tls_certificate and tls_privatekey
-
- Posts: 12
- Joined: Fri May 01, 2015 11:28 am
Re: ssl / mail / hostname / certificate trouble
Thanks Skurudo,
I have several users, each with a certificate
(home/user1/conf/web/ .. ssl.domain1.tld.ca; crt; key; pem)
(home/user2/conf/web/ .. ssl.domain2.tld.ca; crt; key; pem)
Can I specify a dynamic path or I need to one for each domain/user ?
/usr/local/vesta/nginx/conf/nginx.conf
/etc/exim4/exim4.conf.template
Chris
I have several users, each with a certificate
(home/user1/conf/web/ .. ssl.domain1.tld.ca; crt; key; pem)
(home/user2/conf/web/ .. ssl.domain2.tld.ca; crt; key; pem)
Can I specify a dynamic path or I need to one for each domain/user ?
/usr/local/vesta/nginx/conf/nginx.conf
/etc/exim4/exim4.conf.template
Chris
Re: ssl / mail / hostname / certificate trouble
Chris, nope, not so simple. There's a way to use different certificates, but in pair IP+certificate for exim.user_chris wrote: Can I specify a dynamic path or I need to one for each domain/user ?
In /usr/local/vesta/nginx/conf/nginx.conf need to use different server settings.
It's non-automatic way, I think.
-
- Posts: 12
- Joined: Fri May 01, 2015 11:28 am
Re: ssl / mail / hostname / certificate trouble
So now I found a solution ...
First I changed the paths which has partially works:
/usr/local/vesta/nginx/conf/nginx.conf
Login to the panel with the right certificate.
/etc/exim4/exim4.conf.template
The mail server has received but not sent.
etc/dovecot/conf.d/10-ssl.conf
Here the correct certificate in IMAP was used in the mail program.
With the configuration therefore only partially satisfied.
So all the paths back to standard.
/usr/local/vesta/ssl
Here I have now saved the COMODO certificates and renamed
ssl.domain.tld.crt —> certificate.crt
ssl.domain.tld.key —> certificate. key
Now, the certificates are used properly
First I changed the paths which has partially works:
/usr/local/vesta/nginx/conf/nginx.conf
Code: Select all
ssl_certificate /home/admin/conf/web/ssl.domain.tld.crt;
ssl_certificate_key /home/admin/conf/web/ssl.domain.tld.key;
/etc/exim4/exim4.conf.template
Code: Select all
tls_certificate = /home/admin/conf/web/ssl.domain.tld.crt
tls_privatekey = /home/admin/conf/web/ssl.domain.tld.key
etc/dovecot/conf.d/10-ssl.conf
Code: Select all
ssl_cert = </home/admin/conf/web/ssl.domain.tld.crt
ssl_key = </home/admin/conf/web/ssl.domain.tld.key
With the configuration therefore only partially satisfied.
So all the paths back to standard.
/usr/local/vesta/ssl
Here I have now saved the COMODO certificates and renamed
ssl.domain.tld.crt —> certificate.crt
ssl.domain.tld.key —> certificate. key
Now, the certificates are used properly
Re: ssl / mail / hostname / certificate trouble
Ok, it's nice solution. I think before, you'll use two or more certificates for mailuser_chris wrote:So now I found a solution ...
-
- Posts: 12
- Joined: Fri May 01, 2015 11:28 am
Re: ssl / mail / hostname / certificate trouble
I update new vesta
and my solution no longer works
mails are no longer sent
the certificate is, however, of startssl can that be the cause?
or somewhere must still go a .pem file?
Would also your support avail, if you can solve the problem.
thanks
and my solution no longer works
mails are no longer sent
the certificate is, however, of startssl can that be the cause?
or somewhere must still go a .pem file?
Would also your support avail, if you can solve the problem.
thanks
Re: ssl / mail / hostname / certificate trouble
And what's in logs?mails are no longer sent
-
- Posts: 12
- Joined: Fri May 01, 2015 11:28 am
Re: ssl / mail / hostname / certificate trouble
Code: Select all
2015-07-27 13:07:37 TLS error on connection from xdsl-xx-xx-xx-x.xxxxx.de [xx.xx.xxx.xxx] (cert/key setup: cert=/usr/local/vesta/ssl/certificate.crt key=/usr/local/vesta/ssl/certificate.key): Error while reading file.
-
- Posts: 12
- Joined: Fri May 01, 2015 11:28 am
Re: ssl / mail / hostname / certificate trouble
small mistake big impact
group of the file was root not mail ;)
changed - now it sent ..
// I think that was also the problem of the first attempt of mine?!
group of the file was root not mail ;)
changed - now it sent ..
// I think that was also the problem of the first attempt of mine?!