ssl / mail / hostname / certificate trouble

[user_chris]

Hello,

I've got a problem with the SSL certificate.
This has been registered and is applied in Vesta-user area:
(home/user1/conf/web/ .. ca; crt; key; pem // comodo)

when calling the domain:
https://domain.tld and https://www.domain.tld

it works well.


What does not work:

when connecting to the mail program is the error no valid certificate
- Goes back to the root certificate. (/usr/local/vestal/ssl/ ..crt ; key)

IMAP hostname: domain.tld
IMAP port: 993
IMAP ssl: YES
IMAP security: STARTTLS
IMAP auth method: Normal password

SMTP hostname: domain.tld
SMTP port: 465
SMTP ssl: YES
SMTP security: STARTTLS
SMTP auth method: Normal password

as the sign in the Panel: https://domain.tld:8083 and https://www.domain.tld: 8083
- Goes back to the root certificate. (/usr/local/vestal/ssl/ ..crt ; key)

Can anyone help? Thanks!

[skurudo]

Hi.

/usr/local/vesta/nginx/conf/nginx.conf - add path with certs for VestaCP (same as your working fine site) - ssl_certificate and ssl_certificate_key
and
/etc/exim4/exim4.conf.template -- tls_certificate and tls_privatekey

[user_chris]

Thanks Skurudo,

I have several users, each with a certificate

(home/user1/conf/web/ .. ssl.domain1.tld.ca; crt; key; pem)
(home/user2/conf/web/ .. ssl.domain2.tld.ca; crt; key; pem)

Can I specify a dynamic path or I need to one for each domain/user ?

/usr/local/vesta/nginx/conf/nginx.conf
/etc/exim4/exim4.conf.template

Chris

[skurudo]

Can I specify a dynamic path or I need to one for each domain/user ?

Chris, nope, not so simple. There's a way to use different certificates, but in pair IP+certificate for exim.

In /usr/local/vesta/nginx/conf/nginx.conf need to use different server settings.

It's non-automatic way, I think.

[user_chris]

So now I found a solution ...

First I changed the paths which has partially works:

/usr/local/vesta/nginx/conf/nginx.conf

Code: Select all

ssl_certificate /home/admin/conf/web/ssl.domain.tld.crt;
ssl_certificate_key /home/admin/conf/web/ssl.domain.tld.key;

Login to the panel with the right certificate.

/etc/exim4/exim4.conf.template

Code: Select all

tls_certificate = /home/admin/conf/web/ssl.domain.tld.crt
tls_privatekey = /home/admin/conf/web/ssl.domain.tld.key

The mail server has received but not sent.

etc/dovecot/conf.d/10-ssl.conf

Code: Select all

ssl_cert = </home/admin/conf/web/ssl.domain.tld.crt
ssl_key = </home/admin/conf/web/ssl.domain.tld.key

Here the correct certificate in IMAP was used in the mail program.

With the configuration therefore only partially satisfied.
So all the paths back to standard.

/usr/local/vesta/ssl
Here I have now saved the COMODO certificates and renamed

ssl.domain.tld.crt —> certificate.crt
ssl.domain.tld.key —> certificate. key

Now, the certificates are used properly

[skurudo]

So now I found a solution ...

Ok, it's nice solution. I think before, you'll use two or more certificates for mail

[user_chris]

I update new vesta
and my solution no longer works
mails are no longer sent

the certificate is, however, of startssl can that be the cause?
or somewhere must still go a .pem file?

Would also your support avail, if you can solve the problem.

thanks

[skurudo]

mails are no longer sent

And what's in logs?

[user_chris]

Code: Select all

2015-07-27 13:07:37 TLS error on connection from xdsl-xx-xx-xx-x.xxxxx.de [xx.xx.xxx.xxx] (cert/key setup: cert=/usr/local/vesta/ssl/certificate.crt key=/usr/local/vesta/ssl/certificate.key): Error while reading file.

[user_chris]

small mistake big impact

group of the file was root not mail ;)

changed - now it sent ..

// I think that was also the problem of the first attempt of mine?!