Re: [Evolution] SSL cert problems after server move
On 03/07/2016 09:26 AM, Patrick O'Callaghan wrote: > A quick way to check on DNS lookups is to specify the server directly, > e.g.: > > % dig @8.8.8.8 foo.bar.com And something I always do to check what the system thinks the IP is: use ping. For example: $ ping core-01 PING core-01 (172.17.8.101) 56(84) bytes of data. ^C ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] SSL cert problems after server move
On Mon, 2016-03-07 at 15:59 +0100, Milan Crha wrote: > On Mon, 2016-03-07 at 13:26 +, Denny wrote: > > > > > > > > Can it be that you have cached the DNS resolution in the system, > > > or > > > overwritten in /etc/hosts [...] > > Well that's embarrassing. Yes, I had apparently left a line in > > /etc/hosts from when I was setting up the old server a few years > > ago. > Hi, > you are welcome. I also had a similar issue in the past, also > forgotten > /etc/hosts entry, and you reminded me of it for some reason. A quick way to check on DNS lookups is to specify the server directly, e.g.: % dig @8.8.8.8 foo.bar.com (using Google's DNS server in this case). poc ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] SSL cert problems after server move
On Mon, 2016-03-07 at 13:26 +, Denny wrote: > > Can it be that you have cached the DNS resolution in the system, or > > overwritten in /etc/hosts [...] > > Well that's embarrassing. Yes, I had apparently left a line in > /etc/hosts from when I was setting up the old server a few years ago. Hi, you are welcome. I also had a similar issue in the past, also forgotten /etc/hosts entry, and you reminded me of it for some reason. Good it was this simple. Bye, Milan ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] SSL cert problems after server move
Hi, On 2016-03-07 09:30, Milan Crha wrote: On Mon, 2016-03-07 at 01:32 +, Denny wrote: When I fired Evolution back up after completing all the transfers, I got a message for each account asking me to accept new SSL certificates, but unexpectedly the Evolution messages give the old server name, I do not see this. For me, the certificate trust prompt shows a certificate issued for fugu.fairhosting.co.uk [...] Can it be that you have cached the DNS resolution in the system, or overwritten in /etc/hosts [...] Well that's embarrassing. Yes, I had apparently left a line in /etc/hosts from when I was setting up the old server a few years ago. I did check the DNS with nslookup quite early in my diagnosis process here, but obviously that doesn't use /etc/hosts entries to find its data, so I'd given myself the false impression that the problem wasn't with the DNS stage. Thank you very much for your help. Regards, Denny ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
Re: [Evolution] SSL cert problems after server move
On Mon, 2016-03-07 at 01:32 +, Denny wrote: > When I fired Evolution back up after completing all the transfers, I got > a message for each account asking me to accept new SSL certificates, but > unexpectedly the Evolution messages give the old server name, > vortex.shinyideas.co.uk. If I accepted them, I was then prompted for my > username and password for each account, and entering the correct details > was met with an 'Password was incorrect' failure message. Note that the > same usernames and passwords do correctly log me in via webmail. Hi, I do not see this. For me, the certificate trust prompt shows a certificate issued for fugu.fairhosting.co.uk, with these two issues: The signing certificate authority is not known. The certificate does not match the expected identity of the site that it was retrieved from. I can accept it and then it asks me for a user name and password (which I do not have). I see in your console output also this: > (evolution:28706): evolution-mail-WARNING **: > receive_update_got_folderinfo: Could not connect to > 'mail.shinyideas.co.uk:993': Issuer certificate is invalid. The error is returned by the NSS library, which is used for the certificate verification. I do not see this error here, but I have more recent version of the evolution (3.19.91 development version) and NSS library (3.21.0) too. Can it be that you have cached the DNS resolution in the system, or overwritten in /etc/hosts, or anything like that, which causes the false resolution? Can you ping or telnet the server from a terminal? Your other devices can work differently than your Linux machine, though you probably accessed the webmail from the same machine as you run evolution, thus it might not be it. Evolution itself doesn't cache DNS queries, it depends on the system libraries for it. Bye, Milan ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
[Evolution] SSL cert problems after server move
Hi, A few days ago I moved to a new server, on a new IP address. I used cPanel to transfer all my accounts from the old server to the new one. Old server: vortex.shinyideas.co.uk New server: fugu.fairhosting.co.uk My email services continued to be provided on the same hostname - mail.shinyideas.co.uk - but the IP address that hostname resolves to has changed to that of the new server. When I connected to webmail on the new server, I was prompted to accept new self-signed SSL certificates from fugu.fairhosting.co.uk, which obviously I expected. Accepting those gave me access to my email with no problems. Much the same workflow and outcome happened on my Android phone using the K-9 email client. When I fired Evolution back up after completing all the transfers, I got a message for each account asking me to accept new SSL certificates, but unexpectedly the Evolution messages give the old server name, vortex.shinyideas.co.uk. If I accepted them, I was then prompted for my username and password for each account, and entering the correct details was met with an 'Password was incorrect' failure message. Note that the same usernames and passwords do correctly log me in via webmail. I tried moving .local/share/evolution/camel-cert.db and .local/share/camel_certs/* away, and removing all references to mail.*, vortex.* and fugu.* from Seahorse, but that didn't make any difference. Does anybody know what's going on here? Or have suggestions for other things I could try, or specific debug info that would help? I've included the basics below. Thanks in advance for any help/suggestions anyone can offer! :) Regards, Denny denny@serenity ~ $ evolution -v evolution 3.10.4 denny@serenity ~ $ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=14.04 DISTRIB_CODENAME=trusty DISTRIB_DESCRIPTION="Ubuntu 14.04.4 LTS" denny@serenity ~ $ uname -a Linux serenity 3.13.0-36-generic #63-Ubuntu SMP Wed Sep 3 21:30:07 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux # The following is terminal output from running Evolution, temporarily accepting the 'new' certificate for my first account and trying to log into it, then closing that and all other dialogs after that fails, then closing the app: denny@serenity ~ $ evolution (evolution:28706): camel-WARNING **: Failed to initialize NSS SQL database in sql:/etc/pki/nssdb: NSS error -8126 (evolution:28706): camel-WARNING **: Unable to load store summary: Expected version (1), got (0) (evolution:28706): camel-WARNING **: Cannot load summary file: Success (evolution:28706): camel-WARNING **: Unable to load store summary: Expected version (1), got (0) (evolution:28706): camel-WARNING **: Cannot load summary file: Success (evolution:28706): camel-WARNING **: Unable to load store summary: Expected version (1), got (0) (evolution:28706): camel-WARNING **: Cannot load summary file: Success (evolution:28706): camel-WARNING **: Unable to load store summary: Expected version (1), got (0) (evolution:28706): camel-WARNING **: Cannot load summary file: Success java version "1.7.0_95" OpenJDK Runtime Environment (IcedTea 2.6.4) (7u95-2.6.4-0ubuntu0.14.04.1) OpenJDK 64-Bit Server VM (build 24.95-b01, mixed mode) (evolution:28706): evolution-mail-WARNING **: (mail-send-recv.c:1140):receive_update_got_folderinfo: runtime check failed: (info != NULL) (evolution:28706): evolution-mail-WARNING **: (mail-send-recv.c:1145):receive_update_got_folderinfo: runtime check failed: (info != NULL) (evolution:28706): evolution-mail-WARNING **: receive_update_got_folderinfo: Could not connect to 'mail.shinyideas.co.uk:993': Issuer certificate is invalid. (evolution:28706): evolution-mail-WARNING **: (mail-send-recv.c:1145):receive_update_got_folderinfo: runtime check failed: (info != NULL) (evolution:28706): evolution-mail-WARNING **: receive_update_got_folderinfo: Could not connect to 'mail.shinyideas.co.uk:993': Issuer certificate is invalid. (evolution:28706): evolution-mail-WARNING **: (mail-send-recv.c:1145):receive_update_got_folderinfo: runtime check failed: (info != NULL) (evolution:28706): evolution-mail-WARNING **: receive_update_got_folderinfo: Could not connect to 'mail.shinyideas.co.uk:993': Issuer certificate is invalid. (evolution:28706): evolution-mail-WARNING **: (mail-send-recv.c:1145):receive_update_got_folderinfo: runtime check failed: (info != NULL) (evolution:28706): evolution-mail-WARNING **: receive_update_got_folderinfo: Could not connect to 'mail.shinyideas.co.uk:993': Issuer certificate is invalid. denny@serenity ~ $ ___ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list