Page 6 of 6

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Tue Apr 28, 2020 7:25 am
by youradds
Have you tried a full server reboot? I've found sometimes that helps (as stuff can get "caught up" in the system). I've literally spent hours trying to debug a problem, and then restarted the whole server for the problem to disappear!

Here is what I can on my system:

Code: Select all

root@west:/usr/local/vesta/ssl# ls -l
total 16
-rw-r----- 1 root mail 3960 Mar 26 08:11 certificate.crt
-rw-rw---- 1 root mail 2106 Mar 25 16:56 certificate.crt.old
-rw-r----- 1 root mail 3243 Mar 26 08:11 certificate.key
-rw-rw---- 1 root mail 3243 Mar 25 16:56 certificate.key.old

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Tue Apr 28, 2020 7:33 am
by Nugjii
youradds wrote:
Tue Apr 28, 2020 7:25 am
Have you tried a full server reboot? I've found sometimes that helps (as stuff can get "caught up" in the system). I've literally spent hours trying to debug a problem, and then restarted the whole server for the problem to disappear!

Here is what I can on my system:

Code: Select all

root@west:/usr/local/vesta/ssl# ls -l
total 16
-rw-r----- 1 root mail 3960 Mar 26 08:11 certificate.crt
-rw-rw---- 1 root mail 2106 Mar 25 16:56 certificate.crt.old
-rw-r----- 1 root mail 3243 Mar 26 08:11 certificate.key
-rw-rw---- 1 root mail 3243 Mar 25 16:56 certificate.key.old
Yes, but no success...

What is the issuer of your cert?

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Tue Apr 28, 2020 7:34 am
by youradds
Hmm sorry I'm out of ideas then :(

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Tue Apr 28, 2020 8:09 am
by Nugjii
Nugjii wrote:
Tue Apr 28, 2020 4:27 am
Hello all,

/etc/exim4/exim4.conf.template

Code: Select all

tls_advertise_hosts = *
tls_certificate = /usr/local/vesta/ssl/certificate.crt
tls_privatekey = /usr/local/vesta/ssl/certificate.key
symlinked

root@mail:/usr/local/vesta/ssl# ls -la

Code: Select all

total 8
drw-rw----  2 root mail 4096 Apr 28 09:10 .
drwxr-xr-x 16 root root 4096 Apr 24 11:45 ..
lrwxrwxrwx  1 root root   41 Apr 28 09:09 certificate.crt -> /home/admin/conf/web/ssl.domain.mn.crt
lrwxrwxrwx  1 root root   41 Apr 28 09:10 certificate.key -> /home/admin/conf/web/ssl.domain.mn.key
set group and permission

root@mail:/home/admin/conf/web# ls -la

Code: Select all

-rw-rw---- 1 root root  1674 Apr 28 09:07 ssl.domain.mn.ca
-rw-r--r-- 1 root mail  2273 Apr 28 09:07 ssl.domain.mn.crt
-rw-r--r-- 1 root mail  3243 Apr 28 09:07 ssl.domain.mn.key
-rw-rw---- 1 root root  3948 Apr 28 09:07 ssl.domain.mn.pem
restarted exim4 service but, I still get the following error on Exim log.

Code: Select all

2020-04-28 12:15:49 TLS error on connection from mail.domain.mn (me) [43.231.114.90] (cert/key setup: cert=/usr/local/vesta/ssl/certificate.crt key=/usr/local/vesta/ssl/certificate.key): Error while reading file.
I'm using LetsEncrypt certificates and they seem to working fine over HTTPS.
rebooted, copy cert files instead of symlinked but stiil have same error.
Why is this happening? Have you had any success resolving this issue?
I think it is not a related with permission. Any idea?

Re: Let's Encrypt for VestaCP System (8083) and exim4

Posted: Tue Apr 28, 2020 8:24 am
by youradds
Can you PM me your entire exzim4.conf.template file? (on here, or andy.newby@gmail.com). I'll do a WinMerge on my template to see what differences I can see (if any)

Cheers

Andy