Re: [qmailtoaster] Certificate Error

[Gary Bowling]

  
  


Absolutely. I think I've got that already, as that's the way the
  default install works, but I should probably go do some tests just
  to make sure.  Nothing like configuring a client and trying it to
  test it out. 



Gary



On 3/23/2024 10:25 AM, Tonix wrote:


  
  Glad to hear. In any case any usage
of submission port, both to local and external domains, should
be done only by authenticated users.
  
  
  Tonino
  
  
  
  
  
  Il 23/03/2024 12:38, Gary Bowling ha
scritto:
  
  

Thanks, the error turned out to be solved by fixing up the 
  /var/qmail/supervise/submission/run file to accept starttls
  and encrypted passwords. 



On 3/23/2024 4:20 AM, Tonix wrote:


  
  "However, when I try to send to external
domains, I get the error that CHKUSER rejected relaying,
saying "client not allowed to relay"".
  
  
  That means sending user is not authenticated.
  
  
  Probably your submission port accepts messages
from anyone for local domains.
  
  
  
  Tonino
  
  
  
Il 23 marzo 2024 00:35:38 CET, g...@gbco.us
  ha scritto:

  Ok, in my old server's /var/qmail/supervise/submission/run file, I had the following line.

export REQUIRE_AUTH=1


In the new server, it had the following line.

export SMTPAUTH="!"


I'm not sure what the syntax on the new server line means. I changed the line to be like my old server and now sending mail through port 587, with starttls for local domains.

However, when I try to send to external domains, I get the error that CHKUSER rejected relaying, saying "client not allowed to relay"

Maybe I'm making progress, but don't know.

Gary


On 2024-03-22 19:30, g...@gbco.us wrote:
Well, this is the way many of my clients are already configured... So
I have to figure out a way to make it work, or go back to my old
server. Not really an option to reconfigure all my clients.

Thanks, Gary


On 2024-03-22 19:26, Remo Mattei wrote:
You need to use password not encrypted.


Inviato da iPhone

Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:


I can send mail via the roundcube web mail. That's where this message is coming from.

When sending mail from thunderbird, I have my smtp server set up in my client as

Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. The server responded:  TLS no valid RSA private key: error:8002:system library::No such file or directory (#4.3.0).


To create certificates on my new server. I retrieved certs from letencrypt and then did this.

cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.lastmonth
cat /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem > /var/qmail/control/servercert.pem

chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, GaryTo unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  
  
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Tonix]

Glad to hear. In any case any usage of submission port, both to local 
and external domains, should be done only by authenticated users.


Tonino


Il 23/03/2024 12:38, Gary Bowling ha scritto:


Thanks, the error turned out to be solved by fixing up the 
/var/qmail/supervise/submission/run file to accept starttls and 
encrypted passwords.



On 3/23/2024 4:20 AM, Tonix wrote:
"However, when I try to send to external domains, I get the error 
that CHKUSER rejected relaying, saying "client not allowed to relay"".


That means sending user is not authenticated.

Probably your submission port accepts messages from anyone for local 
domains.


Tonino


Il 23 marzo 2024 00:35:38 CET, g...@gbco.us ha scritto:

Ok, in my old server's /var/qmail/supervise/submission/run file,
I had the following line. export REQUIRE_AUTH=1 In the new
server, it had the following line. export SMTPAUTH="!" I'm not
sure what the syntax on the new server line means. I changed the
line to be like my old server and now sending mail through port
587, with starttls for local domains. However, when I try to send
to external domains, I get the error that CHKUSER rejected
relaying, saying "client not allowed to relay" Maybe I'm making
progress, but don't know. Gary On 2024-03-22 19:30, g...@gbco.us
wrote:

Well, this is the way many of my clients are already
configured... So I have to figure out a way to make it work,
or go back to my old server. Not really an option to
reconfigure all my clients. Thanks, Gary On 2024-03-22 19:26,
Remo Mattei wrote:

You need to use password not encrypted. Inviato da iPhone

Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha
scritto:  I can send mail via the roundcube web
mail. That's where this message is coming from. When
sending mail from thunderbird, I have my smtp server
set up in my client as Port 587 startTLS Encrypted
Password This is the same as I had with a number of
clients on my old server. When I try to send email, I
get this error. Sending of the message failed. An
error occurred while sending mail: Outgoing server
(SMTP) error. The server responded: TLS no valid RSA
private key: error:8002:system
library::No such file or directory (#4.3.0). To
create certificates on my new server. I retrieved
certs from letencrypt and then did this. cp -p
/var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth cat

/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem chown
vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem Any idea
what's going on with this error? thanks, Gary


To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For
additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com 




To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For
additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com 



To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 



To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 

Re: [qmailtoaster] Certificate Error

[Peter Peterse]

Yeh, but the email software didn't accept the ecdsa key. I've tried the key 
order but keeps failing. But now I've seen this thread it could be a config 
option.

Greets,
Peter

Gary Bowling  schreef op 23 maart 2024 12:36:21 CET:
>
>Thanks Peter, good to know as it looks like they are going to ecdsa for the 
>default.
>
>
>On 3/23/2024 3:18 AM, Peter Peterse wrote:
>
>Hi,
>
> Letsencrypt van generate rsa keys by using --key-type rsa 
>
> The order in my servercert.pem is private key followed by the fullchain file. 
> I'm using Almalinux 9
>
> Regards,
> Peter
>
>
>
>g...@gbco.us  schreef op 23 maart 2024 00:05:48 CET:
>
> It looks like letsencrypt is now using ecdsa by default. So I went back and 
> copied my certs off my old server, probably not what I really want to do. But 
> it did give me a different error. Now I'm getting this one. Sending of the 
> message failed. The Outgoing server (SMTP) mail.gbco.us does not seem to 
> support encrypted passwords. If you just set up the account, try changing the 
> 'Authentication method' in 'Account settings | Outgoing server (SMTP)' to 
> 'Normal password'. I thought I tested this before with the new server, but 
> maybe I didn't test it correctly. Anyone got any ideas? On 2024-03-22 18:29, 
> g...@gbco.us  wrote: 
>
>I can send mail via the roundcube web mail. That's where this message is 
>coming from. When sending mail from thunderbird, I have my smtp server set up 
>in my client as Port 587 startTLS Encrypted Password This is the same as I had 
>with a number of clients on my old server. When I try to send email, I get 
>this error. Sending of the message failed. An error occurred while sending 
>mail: Outgoing server (SMTP) error. The server responded: TLS no valid RSA 
>private key: error:8002:system library::No such file or directory 
>(#4.3.0). To create certificates on my new server. I retrieved certs from 
>letencrypt and then did this. cp -p /var/qmail/control/servercert.pem 
>/var/qmail/control/servercert.pem.lastmonth cat 
>/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
>
>/var/qmail/control/servercert.pem 
>
> chown vpopmail:qmail /var/qmail/control/servercert.pem chmod 640 
> /var/qmail/control/servercert.pem Any idea what's going on with this error? 
> thanks, Gary
>To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
> For additional 
>commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
> 
>
>To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
> For additional 
>commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
> 
>
> - To 
> unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For 
> additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 

Re: [qmailtoaster] Certificate Error

[Gary Bowling]

  
  
Thanks, the error turned out to be solved by fixing up the 
  /var/qmail/supervise/submission/run file to accept starttls and
  encrypted passwords. 



On 3/23/2024 4:20 AM, Tonix wrote:


  
  "However, when I try to send to external domains,
I get the error that CHKUSER rejected relaying, saying "client
not allowed to relay"".
  
  
  That means sending user is not authenticated.
  
  
  Probably your submission port accepts messages
from anyone for local domains.
  
  
  
  Tonino
  
  
  
Il 23 marzo 2024 00:35:38 CET, g...@gbco.us
  ha scritto:

  Ok, in my old server's /var/qmail/supervise/submission/run file, I had the following line.

export REQUIRE_AUTH=1


In the new server, it had the following line.

export SMTPAUTH="!"


I'm not sure what the syntax on the new server line means. I changed the line to be like my old server and now sending mail through port 587, with starttls for local domains.

However, when I try to send to external domains, I get the error that CHKUSER rejected relaying, saying "client not allowed to relay"

Maybe I'm making progress, but don't know.

Gary


On 2024-03-22 19:30, g...@gbco.us wrote:
Well, this is the way many of my clients are already configured... So
I have to figure out a way to make it work, or go back to my old
server. Not really an option to reconfigure all my clients.

Thanks, Gary


On 2024-03-22 19:26, Remo Mattei wrote:
You need to use password not encrypted.


Inviato da iPhone

Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:


I can send mail via the roundcube web mail. That's where this message is coming from.

When sending mail from thunderbird, I have my smtp server set up in my client as

Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. The server responded:  TLS no valid RSA private key: error:8002:system library::No such file or directory (#4.3.0).


To create certificates on my new server. I retrieved certs from letencrypt and then did this.

cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.lastmonth
cat /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem > /var/qmail/control/servercert.pem

chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, GaryTo unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Gary Bowling]

  
  


Thanks Peter, good to know as it looks like they are going to
  ecdsa for the default.



On 3/23/2024 3:18 AM, Peter Peterse
  wrote:


  
  Hi,

Letsencrypt van generate rsa keys by using --key-type rsa 

The order in my servercert.pem is private key followed by the
fullchain file. I'm using Almalinux 9

Regards,
Peter
  
  
  
  
g...@gbco.us schreef op 23 maart 2024 00:05:48
  CET:

  
It looks like letsencrypt is now using ecdsa by default.

So I went back and copied my certs off my old server, probably not what I really want to do. But it did give me a different error. Now I'm getting this one.

Sending of the message failed.
The Outgoing server (SMTP) mail.gbco.us does not seem to support encrypted passwords. If you just set up the account, try changing the 'Authentication method' in 'Account settings | Outgoing server (SMTP)' to 'Normal password'.


I thought I tested this before with the new server, but maybe I didn't test it correctly. Anyone got any ideas?




On 2024-03-22 18:29, g...@gbco.us wrote:
I can send mail via the roundcube web mail. That's where this message
is coming from.

When sending mail from thunderbird, I have my smtp server set up in my client as

Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error.
The server responded:  TLS no valid RSA private key:
error:8002:system library::No such file or directory
(#4.3.0).


To create certificates on my new server. I retrieved certs from
letencrypt and then did this.

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
/var/qmail/control/servercert.pem

chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, GaryTo unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Tonix]

"However, when I try to send to external domains, I get the error that 
CHKUSER rejected relaying, saying "client not allowed to relay"".


That means sending user is not authenticated.

Probably your submission port accepts messages from anyone for local 
domains.


Tonino


Il 23 marzo 2024 00:35:38 CET, g...@gbco.us ha scritto:

   Ok, in my old server's /var/qmail/supervise/submission/run file, I
   had the following line. export REQUIRE_AUTH=1 In the new server, it
   had the following line. export SMTPAUTH="!" I'm not sure what the
   syntax on the new server line means. I changed the line to be like
   my old server and now sending mail through port 587, with starttls
   for local domains. However, when I try to send to external domains,
   I get the error that CHKUSER rejected relaying, saying "client not
   allowed to relay" Maybe I'm making progress, but don't know. Gary On
   2024-03-22 19:30, g...@gbco.us wrote:

   Well, this is the way many of my clients are already
   configured... So I have to figure out a way to make it work, or
   go back to my old server. Not really an option to reconfigure
   all my clients. Thanks, Gary On 2024-03-22 19:26, Remo Mattei
   wrote:

   You need to use password not encrypted. Inviato da iPhone

   Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha
   scritto:  I can send mail via the roundcube web mail.
   That's where this message is coming from. When sending
   mail from thunderbird, I have my smtp server set up in
   my client as Port 587 startTLS Encrypted Password This
   is the same as I had with a number of clients on my old
   server. When I try to send email, I get this error.
   Sending of the message failed. An error occurred while
   sending mail: Outgoing server (SMTP) error. The server
   responded: TLS no valid RSA private key:
   error:8002:system library::No such file or
   directory (#4.3.0). To create certificates on my new
   server. I retrieved certs from letencrypt and then did
   this. cp -p /var/qmail/control/servercert.pem
   /var/qmail/control/servercert.pem.lastmonth cat
   
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem chown
   vpopmail:qmail /var/qmail/control/servercert.pem chmod
   640 /var/qmail/control/servercert.pem Any idea what's
   going on with this error? thanks, Gary
   

   To unsubscribe, e-mail:
   qmailtoaster-list-unsubscr...@qmailtoaster.com For
   additional commands, e-mail:
   qmailtoaster-list-h...@qmailtoaster.com 


   

   To unsubscribe, e-mail:
   qmailtoaster-list-unsubscr...@qmailtoaster.com For
   additional commands, e-mail:
   qmailtoaster-list-h...@qmailtoaster.com 


   
   To unsubscribe, e-mail:
   qmailtoaster-list-unsubscr...@qmailtoaster.com For additional
   commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 


   
   To unsubscribe, e-mail:
   qmailtoaster-list-unsubscr...@qmailtoaster.com For additional
   commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Peter Peterse]

Hi,

Letsencrypt van generate rsa keys by using --key-type rsa 

The order in my servercert.pem is private key followed by the fullchain file. 
I'm using Almalinux 9

Regards,
Peter


g...@gbco.us schreef op 23 maart 2024 00:05:48 CET:
>
>It looks like letsencrypt is now using ecdsa by default.
>
>So I went back and copied my certs off my old server, probably not what I 
>really want to do. But it did give me a different error. Now I'm getting this 
>one.
>
>Sending of the message failed.
>The Outgoing server (SMTP) mail.gbco.us does not seem to support encrypted 
>passwords. If you just set up the account, try changing the 'Authentication 
>method' in 'Account settings | Outgoing server (SMTP)' to 'Normal password'.
>
>
>I thought I tested this before with the new server, but maybe I didn't test it 
>correctly. Anyone got any ideas?
>
>
>
>
>On 2024-03-22 18:29, g...@gbco.us wrote:
>> I can send mail via the roundcube web mail. That's where this message
>> is coming from.
>> 
>> When sending mail from thunderbird, I have my smtp server set up in my 
>> client as
>> 
>> Port 587
>> startTLS
>> Encrypted Password
>> 
>> This is the same as I had with a number of clients on my old server.
>> 
>> When I try to send email, I get this error.
>> 
>> Sending of the message failed.
>> An error occurred while sending mail: Outgoing server (SMTP) error.
>> The server responded:  TLS no valid RSA private key:
>> error:8002:system library::No such file or directory
>> (#4.3.0).
>> 
>> 
>> To create certificates on my new server. I retrieved certs from
>> letencrypt and then did this.
>> 
>> cp -p /var/qmail/control/servercert.pem
>> /var/qmail/control/servercert.pem.lastmonth
>> cat
>> /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
>> > /var/qmail/control/servercert.pem
>> 
>> chown vpopmail:qmail /var/qmail/control/servercert.pem
>> chmod 640 /var/qmail/control/servercert.pem
>> 
>> 
>> 
>> Any idea what's going on with this error?
>> 
>> thanks, Gary
>> 
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
>-
>To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>

Re: [qmailtoaster] Certificate Error

[Gary Bowling]

  
  


No that doesn't work. It only works if I have FORCETLS=1 and
  SMTPAUTH="!+cram"


Thanks, Gary



On 3/22/2024 9:05 PM, Eric Broch wrote:


  
  Try submission run file
  
  #!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export FORCETLS=0
export SMTPAUTH="!"

exec /usr/bin/softlimit -m 12800 \
    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
    $SMTPD $VCHKPW /bin/true 2>&1
  
  
  Thunderbird:
  Port: 587
  Connection Security: STARTTLS
  Authentication: Normal Password
  
  
  On 3/22/2024 6:34 PM, Gary Bowling
wrote:
  
  



Rocky 9.3.


Gary



On 3/22/2024 8:31 PM, Eric Broch
  wrote:


  
  What are you running EL 8 or 9?
  
  On 3/22/2024 6:28 PM, Gary
Bowling wrote:
  
  



Yea did that.


I tried what Remo suggested, which was to change the
  client send config to: 

port 465
SSL/TLS
Normal Password


This should send mail through the
  /var/qmail/supervise/smtps/ config. That worked, which
  told me my certs were actually ok. 



So now I needed to figure out how to make "Port 587,
  startTLS, and Encrypted Password" work. Which goes through
  /var/qmail/supervise/submission
I changed the run file in that directory by removing the
  line:
export SMTPAUTH="!"
and adding the lines
export FORCETLS=1
export SMTPAUTH="!+cram"


And now I can send mail through the submission port by
  configuring a client to "Port 587, startTLS, and Encrypted
  Password" and I can also send mail through "port 465,
  SSL/TLS, normal password"


That allows me to not have to reconfigure the clients who
  have configurations on port 587.


Eric - Do you see anything wrong with doing it that way?


Thanks, Gary





On 3/22/2024 8:08 PM, Eric
  Broch wrote:


  
   cat
  /etc/letsencrypt/live/mydomain.com/fullchain.pem
  /etc/letsencrypt/live/mydomain.com/privkey.pem >
  /var/qmail/control/servercert.pem
  On 3/22/2024 4:29 PM, g...@gbco.us
wrote:
  
   
I can send mail via the roundcube web mail. That's where
this message is coming from. 

When sending mail from thunderbird, I have my smtp
server set up in my client as 

Port 587 
startTLS 
Encrypted Password 

This is the same as I had with a number of clients on my
old server. 

When I try to send email, I get this error. 

Sending of the message failed. 
An error occurred while sending mail: Outgoing server
(SMTP) error. The server responded:  TLS no valid RSA
private key: error:8002:system library::No
such file or directory (#4.3.0). 


To create certificates on my new server. I retrieved
certs from letencrypt and then did this. 

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth 
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem 

chown vpopmail:qmail /var/qmail/control/servercert.pem 
chmod 640 /var/qmail/control/servercert.pem 



Any idea what's going on with this error? 

thanks, Gary 

Re: [qmailtoaster] Certificate Error

[Eric Broch]

Try submission run file

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export FORCETLS=0
export SMTPAUTH="!"

exec /usr/bin/softlimit -m 12800 \
    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
    $SMTPD $VCHKPW /bin/true 2>&1


Thunderbird:

Port: 587

Connection Security: STARTTLS

Authentication: Normal Password


On 3/22/2024 6:34 PM, Gary Bowling wrote:



Rocky 9.3.


Gary


On 3/22/2024 8:31 PM, Eric Broch wrote:


What are you running EL 8 or 9?

On 3/22/2024 6:28 PM, Gary Bowling wrote:



Yea did that.


I tried what Remo suggested, which was to change the client send 
config to:


port 465

SSL/TLS

Normal Password


This should send mail through the /var/qmail/supervise/smtps/ 
config. That worked, which told me my certs were actually ok.



So now I needed to figure out how to make "Port 587, startTLS, and 
Encrypted Password" work. Which goes through 
/var/qmail/supervise/submission


I changed the run file in that directory by removing the line:

export SMTPAUTH="!"

and adding the lines

export FORCETLS=1

export SMTPAUTH="!+cram"


And now I can send mail through the submission port by configuring a 
client to "Port 587, startTLS, and Encrypted Password" and I can 
also send mail through "port 465, SSL/TLS, normal password"



That allows me to not have to reconfigure the clients who have 
configurations on port 587.



Eric - Do you see anything wrong with doing it that way?


Thanks, Gary



On 3/22/2024 8:08 PM, Eric Broch wrote:


cat /etc/letsencrypt/live/mydomain.com/fullchain.pem 
/etc/letsencrypt/live/mydomain.com/privkey.pem > 
/var/qmail/control/servercert.pem


On 3/22/2024 4:29 PM, g...@gbco.us wrote:


I can send mail via the roundcube web mail. That's where this 
message is coming from.


When sending mail from thunderbird, I have my smtp server set up 
in my client as


Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) 
error. The server responded:  TLS no valid RSA private key: 
error:8002:system library::No such file or directory 
(#4.3.0).



To create certificates on my new server. I retrieved certs from 
letencrypt and then did this.


cp -p /var/qmail/control/servercert.pem 
/var/qmail/control/servercert.pem.lastmonth
cat 
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
> /var/qmail/control/servercert.pem


chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, Gary

-
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com


- 
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional 
commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 

Re: [qmailtoaster] Certificate Error

[Gary Bowling]

  
  


Rocky 9.3.


Gary



On 3/22/2024 8:31 PM, Eric Broch wrote:


  
  What are you running EL 8 or 9?
  
  On 3/22/2024 6:28 PM, Gary Bowling
wrote:
  
  



Yea did that.


I tried what Remo suggested, which was to change the client
  send config to: 

port 465
SSL/TLS
Normal Password


This should send mail through the /var/qmail/supervise/smtps/
  config. That worked, which told me my certs were actually ok.
  



So now I needed to figure out how to make "Port 587,
  startTLS, and Encrypted Password" work. Which goes through
  /var/qmail/supervise/submission
I changed the run file in that directory by removing the
  line:
export SMTPAUTH="!"
and adding the lines
export FORCETLS=1
export SMTPAUTH="!+cram"


And now I can send mail through the submission port by
  configuring a client to "Port 587, startTLS, and Encrypted
  Password" and I can also send mail through "port 465, SSL/TLS,
  normal password"


That allows me to not have to reconfigure the clients who
  have configurations on port 587.


Eric - Do you see anything wrong with doing it that way?


Thanks, Gary





On 3/22/2024 8:08 PM, Eric Broch
  wrote:


  
   cat
  /etc/letsencrypt/live/mydomain.com/fullchain.pem
  /etc/letsencrypt/live/mydomain.com/privkey.pem >
  /var/qmail/control/servercert.pem
  On 3/22/2024 4:29 PM, g...@gbco.us
wrote:
  
   
I can send mail via the roundcube web mail. That's where
this message is coming from. 

When sending mail from thunderbird, I have my smtp server
set up in my client as 

Port 587 
startTLS 
Encrypted Password 

This is the same as I had with a number of clients on my old
server. 

When I try to send email, I get this error. 

Sending of the message failed. 
An error occurred while sending mail: Outgoing server (SMTP)
error. The server responded:  TLS no valid RSA private key:
error:8002:system library::No such file or
directory (#4.3.0). 


To create certificates on my new server. I retrieved certs
from letencrypt and then did this. 

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth 
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem 

chown vpopmail:qmail /var/qmail/control/servercert.pem 
chmod 640 /var/qmail/control/servercert.pem 



Any idea what's going on with this error? 

thanks, Gary 

- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


  

- To
unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Eric Broch]

What are you running EL 8 or 9?

On 3/22/2024 6:28 PM, Gary Bowling wrote:



Yea did that.


I tried what Remo suggested, which was to change the client send 
config to:


port 465

SSL/TLS

Normal Password


This should send mail through the /var/qmail/supervise/smtps/ config. 
That worked, which told me my certs were actually ok.



So now I needed to figure out how to make "Port 587, startTLS, and 
Encrypted Password" work. Which goes through 
/var/qmail/supervise/submission


I changed the run file in that directory by removing the line:

export SMTPAUTH="!"

and adding the lines

export FORCETLS=1

export SMTPAUTH="!+cram"


And now I can send mail through the submission port by configuring a 
client to "Port 587, startTLS, and Encrypted Password" and I can also 
send mail through "port 465, SSL/TLS, normal password"



That allows me to not have to reconfigure the clients who have 
configurations on port 587.



Eric - Do you see anything wrong with doing it that way?


Thanks, Gary



On 3/22/2024 8:08 PM, Eric Broch wrote:


cat /etc/letsencrypt/live/mydomain.com/fullchain.pem 
/etc/letsencrypt/live/mydomain.com/privkey.pem > 
/var/qmail/control/servercert.pem


On 3/22/2024 4:29 PM, g...@gbco.us wrote:


I can send mail via the roundcube web mail. That's where this 
message is coming from.


When sending mail from thunderbird, I have my smtp server set up in 
my client as


Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. 
The server responded:  TLS no valid RSA private key: 
error:8002:system library::No such file or directory 
(#4.3.0).



To create certificates on my new server. I retrieved certs from 
letencrypt and then did this.


cp -p /var/qmail/control/servercert.pem 
/var/qmail/control/servercert.pem.lastmonth
cat 
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
> /var/qmail/control/servercert.pem


chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, Gary

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com


- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 

Re: [qmailtoaster] Certificate Error

[Gary Bowling]

  
  


Yea did that.


I tried what Remo suggested, which was to change the client send
  config to: 

port 465
SSL/TLS
Normal Password


This should send mail through the /var/qmail/supervise/smtps/
  config. That worked, which told me my certs were actually ok. 



So now I needed to figure out how to make "Port 587, startTLS,
  and Encrypted Password" work. Which goes through
  /var/qmail/supervise/submission
I changed the run file in that directory by removing the line:
export SMTPAUTH="!"
and adding the lines
export FORCETLS=1
export SMTPAUTH="!+cram"


And now I can send mail through the submission port by
  configuring a client to "Port 587, startTLS, and Encrypted
  Password" and I can also send mail through "port 465, SSL/TLS,
  normal password"


That allows me to not have to reconfigure the clients who have
  configurations on port 587.


Eric - Do you see anything wrong with doing it that way?


Thanks, Gary





On 3/22/2024 8:08 PM, Eric Broch wrote:


  
   cat
  /etc/letsencrypt/live/mydomain.com/fullchain.pem
  /etc/letsencrypt/live/mydomain.com/privkey.pem >
  /var/qmail/control/servercert.pem
  On 3/22/2024 4:29 PM, g...@gbco.us
wrote:
  
   
I can send mail via the roundcube web mail. That's where this
message is coming from. 

When sending mail from thunderbird, I have my smtp server set up
in my client as 

Port 587 
startTLS 
Encrypted Password 

This is the same as I had with a number of clients on my old
server. 

When I try to send email, I get this error. 

Sending of the message failed. 
An error occurred while sending mail: Outgoing server (SMTP)
error. The server responded:  TLS no valid RSA private key:
error:8002:system library::No such file or directory
(#4.3.0). 


To create certificates on my new server. I retrieved certs from
letencrypt and then did this. 

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth 
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem 

chown vpopmail:qmail /var/qmail/control/servercert.pem 
chmod 640 /var/qmail/control/servercert.pem 



Any idea what's going on with this error? 

thanks, Gary 

- 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


  

  


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Eric Broch]

cat /etc/letsencrypt/live/mydomain.com/fullchain.pem 
/etc/letsencrypt/live/mydomain.com/privkey.pem > 
/var/qmail/control/servercert.pem


On 3/22/2024 4:29 PM, g...@gbco.us wrote:


I can send mail via the roundcube web mail. That's where this message 
is coming from.


When sending mail from thunderbird, I have my smtp server set up in my 
client as


Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. 
The server responded:  TLS no valid RSA private key: 
error:8002:system library::No such file or directory 
(#4.3.0).



To create certificates on my new server. I retrieved certs from 
letencrypt and then did this.


cp -p /var/qmail/control/servercert.pem 
/var/qmail/control/servercert.pem.lastmonth
cat 
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
> /var/qmail/control/servercert.pem


chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, Gary

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Remo Mattei]

This value was set long ago I would suggest to leave ! And change encrypted to 
password it should all work fine. 
Inviato da iPhone

> Il giorno 22 mar 2024, alle ore 16:35, g...@gbco.us ha scritto:
> 
> Ok, in my old server's /var/qmail/supervise/submission/run file, I had the 
> following line.
> 
> export REQUIRE_AUTH=1
> 
> 
> In the new server, it had the following line.
> 
> export SMTPAUTH="!"
> 
> 
> I'm not sure what the syntax on the new server line means. I changed the line 
> to be like my old server and now sending mail through port 587, with starttls 
> for local domains.
> 
> However, when I try to send to external domains, I get the error that CHKUSER 
> rejected relaying, saying "client not allowed to relay"
> 
> Maybe I'm making progress, but don't know.
> 
> Gary
> 
> 
>> On 2024-03-22 19:30, g...@gbco.us wrote:
>> Well, this is the way many of my clients are already configured... So
>> I have to figure out a way to make it work, or go back to my old
>> server. Not really an option to reconfigure all my clients.
>> Thanks, Gary
>>> On 2024-03-22 19:26, Remo Mattei wrote:
>>> You need to use password not encrypted.
>>> Inviato da iPhone
 Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:
 
 I can send mail via the roundcube web mail. That's where this message is 
 coming from.
 When sending mail from thunderbird, I have my smtp server set up in my 
 client as
 Port 587
 startTLS
 Encrypted Password
 This is the same as I had with a number of clients on my old server.
 When I try to send email, I get this error.
 Sending of the message failed.
 An error occurred while sending mail: Outgoing server (SMTP) error. The 
 server responded:  TLS no valid RSA private key: 
 error:8002:system library::No such file or directory (#4.3.0).
 To create certificates on my new server. I retrieved certs from letencrypt 
 and then did this.
 cp -p /var/qmail/control/servercert.pem 
 /var/qmail/control/servercert.pem.lastmonth
 cat /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
 > /var/qmail/control/servercert.pem
 chown vpopmail:qmail /var/qmail/control/servercert.pem
 chmod 640 /var/qmail/control/servercert.pem
 Any idea what's going on with this error?
 thanks, Gary
 -
 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>> -
>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[gb]

Ok, in my old server's /var/qmail/supervise/submission/run file, I had 
the following line.


export REQUIRE_AUTH=1


In the new server, it had the following line.

export SMTPAUTH="!"


I'm not sure what the syntax on the new server line means. I changed the 
line to be like my old server and now sending mail through port 587, 
with starttls for local domains.


However, when I try to send to external domains, I get the error that 
CHKUSER rejected relaying, saying "client not allowed to relay"


Maybe I'm making progress, but don't know.

Gary


On 2024-03-22 19:30, g...@gbco.us wrote:

Well, this is the way many of my clients are already configured... So
I have to figure out a way to make it work, or go back to my old
server. Not really an option to reconfigure all my clients.

Thanks, Gary


On 2024-03-22 19:26, Remo Mattei wrote:

You need to use password not encrypted.


Inviato da iPhone


Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:


I can send mail via the roundcube web mail. That's where this message 
is coming from.


When sending mail from thunderbird, I have my smtp server set up in 
my client as


Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. 
The server responded:  TLS no valid RSA private key: 
error:8002:system library::No such file or directory 
(#4.3.0).



To create certificates on my new server. I retrieved certs from 
letencrypt and then did this.


cp -p /var/qmail/control/servercert.pem 
/var/qmail/control/servercert.pem.lastmonth
cat 
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
> /var/qmail/control/servercert.pem


chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, Gary

-
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[gb]

Well, this is the way many of my clients are already configured... So I 
have to figure out a way to make it work, or go back to my old server. 
Not really an option to reconfigure all my clients.


Thanks, Gary


On 2024-03-22 19:26, Remo Mattei wrote:

You need to use password not encrypted.


Inviato da iPhone


Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:


I can send mail via the roundcube web mail. That's where this message 
is coming from.


When sending mail from thunderbird, I have my smtp server set up in my 
client as


Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. 
The server responded:  TLS no valid RSA private key: 
error:8002:system library::No such file or directory 
(#4.3.0).



To create certificates on my new server. I retrieved certs from 
letencrypt and then did this.


cp -p /var/qmail/control/servercert.pem 
/var/qmail/control/servercert.pem.lastmonth
cat 
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem 
> /var/qmail/control/servercert.pem


chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, Gary

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Remo Mattei]

I have the private first is I recall it right then cert then bundle 
I see you have an extra there. Not sure that could cause the issue 


Inviato da iPhone

> Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:
> 
> 
> I can send mail via the roundcube web mail. That's where this message is 
> coming from.
> 
> When sending mail from thunderbird, I have my smtp server set up in my client 
> as
> 
> Port 587
> startTLS
> Encrypted Password
> 
> This is the same as I had with a number of clients on my old server.
> 
> When I try to send email, I get this error.
> 
> Sending of the message failed.
> An error occurred while sending mail: Outgoing server (SMTP) error. The 
> server responded:  TLS no valid RSA private key: 
> error:8002:system library::No such file or directory (#4.3.0).
> 
> 
> To create certificates on my new server. I retrieved certs from letencrypt 
> and then did this.
> 
> cp -p /var/qmail/control/servercert.pem 
> /var/qmail/control/servercert.pem.lastmonth
> cat /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem > 
> /var/qmail/control/servercert.pem
> 
> chown vpopmail:qmail /var/qmail/control/servercert.pem
> chmod 640 /var/qmail/control/servercert.pem
> 
> 
> 
> Any idea what's going on with this error?
> 
> thanks, Gary
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[Remo Mattei]

You need to use password not encrypted. 


Inviato da iPhone

> Il giorno 22 mar 2024, alle ore 15:30, g...@gbco.us ha scritto:
> 
> 
> I can send mail via the roundcube web mail. That's where this message is 
> coming from.
> 
> When sending mail from thunderbird, I have my smtp server set up in my client 
> as
> 
> Port 587
> startTLS
> Encrypted Password
> 
> This is the same as I had with a number of clients on my old server.
> 
> When I try to send email, I get this error.
> 
> Sending of the message failed.
> An error occurred while sending mail: Outgoing server (SMTP) error. The 
> server responded:  TLS no valid RSA private key: 
> error:8002:system library::No such file or directory (#4.3.0).
> 
> 
> To create certificates on my new server. I retrieved certs from letencrypt 
> and then did this.
> 
> cp -p /var/qmail/control/servercert.pem 
> /var/qmail/control/servercert.pem.lastmonth
> cat /etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem > 
> /var/qmail/control/servercert.pem
> 
> chown vpopmail:qmail /var/qmail/control/servercert.pem
> chmod 640 /var/qmail/control/servercert.pem
> 
> 
> 
> Any idea what's going on with this error?
> 
> thanks, Gary
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate Error

[gb]

It looks like letsencrypt is now using ecdsa by default.

So I went back and copied my certs off my old server, probably not what 
I really want to do. But it did give me a different error. Now I'm 
getting this one.


Sending of the message failed.
The Outgoing server (SMTP) mail.gbco.us does not seem to support 
encrypted passwords. If you just set up the account, try changing the 
'Authentication method' in 'Account settings | Outgoing server (SMTP)' 
to 'Normal password'.



I thought I tested this before with the new server, but maybe I didn't 
test it correctly. Anyone got any ideas?





On 2024-03-22 18:29, g...@gbco.us wrote:

I can send mail via the roundcube web mail. That's where this message
is coming from.

When sending mail from thunderbird, I have my smtp server set up in my 
client as


Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error.
The server responded:  TLS no valid RSA private key:
error:8002:system library::No such file or directory
(#4.3.0).


To create certificates on my new server. I retrieved certs from
letencrypt and then did this.

cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.lastmonth
cat
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem
> /var/qmail/control/servercert.pem

chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, Gary

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Certificate Error

[gb]

I can send mail via the roundcube web mail. That's where this message is 
coming from.


When sending mail from thunderbird, I have my smtp server set up in my 
client as


Port 587
startTLS
Encrypted Password

This is the same as I had with a number of clients on my old server.

When I try to send email, I get this error.

Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. The 
server responded:  TLS no valid RSA private key: 
error:8002:system library::No such file or directory 
(#4.3.0).



To create certificates on my new server. I retrieved certs from 
letencrypt and then did this.


cp -p /var/qmail/control/servercert.pem 
/var/qmail/control/servercert.pem.lastmonth
cat 
/etc/letsencrypt/live/mail.gbco.us/{cert,chain,fullchain,privkey}.pem > 
/var/qmail/control/servercert.pem


chown vpopmail:qmail /var/qmail/control/servercert.pem
chmod 640 /var/qmail/control/servercert.pem



Any idea what's going on with this error?

thanks, Gary

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate

[Eric Broch]

You could, after creating the /var/qmail/control/servercert.pem, point 
dovecot's ssl_cert &  ssl_key to it.

On May 19, 2021, 11:26 AM, at 11:26 AM, Scott Hughes  
wrote:
>On the SSL page for the CENTOS 7 LetsEncrypt install, #3 C & D reads:
>
>- Add to Apache Virtual CentOS 6 & 7
>
> SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
>SSLCertificateChainFile
>/etc/letsencrypt/live/mydomain.com/fullchain.pem
>
>- Add to Dovecot CentOS 6 & 7
>
> ssl_cert =  ssl_key = 
>-
>
>It's been a LOONG time since I've done this and don't recognize
>what this means.  Thanks in advance!
>
>
>On Thu, May 13, 2021 at 1:54 PM Eric Broch 
>wrote:
>
>> Here's the link
>>
>> https://www.qmailtoaster.org/ssl.html
>> On 5/13/2021 11:04 AM, Scott Hughes wrote:
>>
>> Is there a howto or a page that details how to properly install the
>> certificate I purchased? Thanks!
>>
>> On May 12, 2021, at 11:29, Eric Broch 
>>  wrote:
>>
>> 
>>
>> Here's my auto renew script:
>>
>> 
>>
>> #!/bin/bash
>>
>> # When to renew, days before expiration
>> days=3
>>
>> today=`date`
>> today=`date --date="$today" --utc +%s`
>>
>> # FQDN for which to renew certificate
>> fqdn=host.domain.tld
>> certfile=/etc/letsencrypt/live/$fqdn/fullchain.pem
>> exp=`openssl x509 -dates -noout < $certfile | grep notAfter | sed
>> 's/notAfter=//'`
>> off=`date --date="$exp" --utc +%s`
>> diff=$(( (off - today)/86400 ))
>> echo "Certificate for FQDN $fqdn expires in $diff day(s)"
>>
>> # Renew if we're within the days parameter
>> if [ $diff -le $days ]
>> then
>>echo "Renew certificate $fqdn ..."
>>certbot renew --cert-name $fqdn
>>echo "Reload httpd..."
>>systemctl reload httpd
>>systemctl status httpd
>>echo "Install certificate for QMT..."
>>cat /etc/letsencrypt/live/$fqdn/privkey.pem
>> /etc/letsencrypt/live/$fqdn/fullchain.pem >
>/my/dir/path/servercert.pem
>>cp -p /var/qmail/control/servercert.pem
>> /var/qmail/control/servercert.pem.bak
>>cp /my/dir/path/servercert.pem  /var/qmail/control/servercert.pem
>>qmailctl stop && sleep 5 && qmailctl start
>>systemctl restart dovecot
>> fi
>>
>> echo "Done..."
>>
>> exit 0
>>
>> 
>>
>>
>> In crontab
>>
>> @daily  /my/dir/path/le
>>
>> On 5/12/2021 5:34 AM, CarlC Internet Services Service Desk wrote:
>>
>> Remo,
>>
>>
>>
>> I use LetsEncrypt, but I tell everyone who uses the service to use “
>> secure.carlc.com” as the email server name. This causes the IMAP SSL
>to
>> match up with the FQDN they are looking for. I never have an issue
>when
>> LetsEncrypt does it automatic update [which is every 60 days as
>recommended
>> by LetsEncrypt’s certbot] and the customer never gets a SSL cert
>mismatch.
>>
>>
>>
>> Carl
>>
>>
>>
>> *From:* Remo Mattei [mailto:r...@mattei.org ]
>> *Sent:* Tuesday, May 11, 2021 09:07 PM
>> *To:* qmailtoaster-list@qmailtoaster.com
>> *Subject:* Re: [qmailtoaster] Certificate
>>
>>
>>
>> Yes the thing is 10 dollars for 2 years nothing to change whereas,
>> letencrypt, need to change every 90 days and IMAP will prompt you for
>a new
>> cert.. not ideal for customers if you do for your personal servers
>then
>> that’s good.
>>
>>
>>
>> Remo
>>
>>
>>
>> On May 11, 2021, at 4:04 PM, Rodrigo Cortes  wrote:
>>
>>
>>
>> Hi!
>>
>>
>>
>> Use letencrypt, is free :)
>>
>>
>>
>> El mar, 11 may 2021 a las 18:49,  escribió:
>>
>> Ssls.com
>>
>> > Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes <
>> sonicscott9...@gmail.com> ha scritto:
>> >
>> > Where is the cheapest place to get a certificate for my server.
>The
>> server is in the USA if that matters. Thank you!
>> >
>-
>> > To unsubscribe, e-mail:
>qmailtoaster-list-unsubscr...@qmailtoaster.com
>> > For additional commands, e-mail:
>qmailtoaster-list-h...@qmailtoaster.com
>> >
>> -
>> To unsubscribe, e-mail:
>qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail:
>qmailtoaster-list-h...@qmailtoaster.com
>>
>>
>>
>>

Re: [qmailtoaster] Certificate

[Scott Hughes]

On the SSL page for the CENTOS 7 LetsEncrypt install, #3 C & D reads:

- Add to Apache Virtual CentOS 6 & 7

 SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
 SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem

- Add to Dovecot CentOS 6 & 7

 ssl_cert =  wrote:

> Here's the link
>
> https://www.qmailtoaster.org/ssl.html
> On 5/13/2021 11:04 AM, Scott Hughes wrote:
>
> Is there a howto or a page that details how to properly install the
> certificate I purchased? Thanks!
>
> On May 12, 2021, at 11:29, Eric Broch 
>  wrote:
>
> 
>
> Here's my auto renew script:
>
> 
>
> #!/bin/bash
>
> # When to renew, days before expiration
> days=3
>
> today=`date`
> today=`date --date="$today" --utc +%s`
>
> # FQDN for which to renew certificate
> fqdn=host.domain.tld
> certfile=/etc/letsencrypt/live/$fqdn/fullchain.pem
> exp=`openssl x509 -dates -noout < $certfile | grep notAfter | sed
> 's/notAfter=//'`
> off=`date --date="$exp" --utc +%s`
> diff=$(( (off - today)/86400 ))
> echo "Certificate for FQDN $fqdn expires in $diff day(s)"
>
> # Renew if we're within the days parameter
> if [ $diff -le $days ]
> then
>echo "Renew certificate $fqdn ..."
>certbot renew --cert-name $fqdn
>echo "Reload httpd..."
>systemctl reload httpd
>systemctl status httpd
>echo "Install certificate for QMT..."
>cat /etc/letsencrypt/live/$fqdn/privkey.pem
> /etc/letsencrypt/live/$fqdn/fullchain.pem > /my/dir/path/servercert.pem
>cp -p /var/qmail/control/servercert.pem
> /var/qmail/control/servercert.pem.bak
>cp /my/dir/path/servercert.pem  /var/qmail/control/servercert.pem
>qmailctl stop && sleep 5 && qmailctl start
>systemctl restart dovecot
> fi
>
> echo "Done..."
>
> exit 0
>
> 
>
>
> In crontab
>
> @daily  /my/dir/path/le
>
> On 5/12/2021 5:34 AM, CarlC Internet Services Service Desk wrote:
>
> Remo,
>
>
>
> I use LetsEncrypt, but I tell everyone who uses the service to use “
> secure.carlc.com” as the email server name. This causes the IMAP SSL to
> match up with the FQDN they are looking for. I never have an issue when
> LetsEncrypt does it automatic update [which is every 60 days as recommended
> by LetsEncrypt’s certbot] and the customer never gets a SSL cert mismatch.
>
>
>
> Carl
>
>
>
> *From:* Remo Mattei [mailto:r...@mattei.org ]
> *Sent:* Tuesday, May 11, 2021 09:07 PM
> *To:* qmailtoaster-list@qmailtoaster.com
> *Subject:* Re: [qmailtoaster] Certificate
>
>
>
> Yes the thing is 10 dollars for 2 years nothing to change whereas,
> letencrypt, need to change every 90 days and IMAP will prompt you for a new
> cert.. not ideal for customers if you do for your personal servers then
> that’s good.
>
>
>
> Remo
>
>
>
> On May 11, 2021, at 4:04 PM, Rodrigo Cortes  wrote:
>
>
>
> Hi!
>
>
>
> Use letencrypt, is free :)
>
>
>
> El mar, 11 may 2021 a las 18:49,  escribió:
>
> Ssls.com
>
> > Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes <
> sonicscott9...@gmail.com> ha scritto:
> >
> > Where is the cheapest place to get a certificate for my server.  The
> server is in the USA if that matters. Thank you!
> > -
> > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> >
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
>
>
>

Re: [qmailtoaster] Certificate

[Scott Hughes]

Thanks!

> On May 13, 2021, at 13:54, Eric Broch  wrote:
> 
> 
> Here's the link
> 
> https://www.qmailtoaster.org/ssl.html
> 
> On 5/13/2021 11:04 AM, Scott Hughes wrote:
>> Is there a howto or a page that details how to properly install the 
>> certificate I purchased? Thanks!
>> 
>>> On May 12, 2021, at 11:29, Eric Broch  wrote:
>>> 
>>> 
>>> Here's my auto renew script:
>>> 
>>> 
>>> 
>>> #!/bin/bash
>>> 
>>> 
>>> # When to renew, days before expiration
>>> days=3
>>> 
>>> today=`date`
>>> today=`date --date="$today" --utc +%s`
>>> 
>>> # FQDN for which to renew certificate
>>> fqdn=host.domain.tld
>>> certfile=/etc/letsencrypt/live/$fqdn/fullchain.pem
>>> exp=`openssl x509 -dates -noout < $certfile | grep notAfter | sed 
>>> 's/notAfter=//'`
>>> off=`date --date="$exp" --utc +%s`
>>> diff=$(( (off - today)/86400 ))
>>> echo "Certificate for FQDN $fqdn expires in $diff day(s)"
>>> 
>>> # Renew if we're within the days parameter
>>> if [ $diff -le $days ]
>>> then
>>>echo "Renew certificate $fqdn ..."
>>>certbot renew --cert-name $fqdn
>>>echo "Reload httpd..."
>>>systemctl reload httpd
>>>systemctl status httpd
>>>echo "Install certificate for QMT..."
>>>cat /etc/letsencrypt/live/$fqdn/privkey.pem 
>>> /etc/letsencrypt/live/$fqdn/fullchain.pem > /my/dir/path/servercert.pem
>>>cp -p /var/qmail/control/servercert.pem 
>>> /var/qmail/control/servercert.pem.bak
>>>cp /my/dir/path/servercert.pem  /var/qmail/control/servercert.pem
>>>qmailctl stop && sleep 5 && qmailctl start
>>>systemctl restart dovecot
>>> fi
>>> 
>>> echo "Done..."
>>> exit 0
>>> 
>>> 
>>> 
>>> 
>>> 
>>> In crontab
>>> 
>>> @daily  /my/dir/path/le
>>> 
>>> 
>>> On 5/12/2021 5:34 AM, CarlC Internet Services Service Desk wrote:
>>>> Remo,
>>>>  
>>>> I use LetsEncrypt, but I tell everyone who uses the service to use 
>>>> “secure.carlc.com” as the email server name. This causes the IMAP SSL to 
>>>> match up with the FQDN they are looking for. I never have an issue when 
>>>> LetsEncrypt does it automatic update [which is every 60 days as 
>>>> recommended by LetsEncrypt’s certbot] and the customer never gets a SSL 
>>>> cert mismatch.
>>>>  
>>>> Carl
>>>>  
>>>> From: Remo Mattei [mailto:r...@mattei.org] 
>>>> Sent: Tuesday, May 11, 2021 09:07 PM
>>>> To: qmailtoaster-list@qmailtoaster.com
>>>> Subject: Re: [qmailtoaster] Certificate
>>>>  
>>>> Yes the thing is 10 dollars for 2 years nothing to change whereas, 
>>>> letencrypt, need to change every 90 days and IMAP will prompt you for a 
>>>> new cert.. not ideal for customers if you do for your personal servers 
>>>> then that’s good. 
>>>>  
>>>> Remo  
>>>> 
>>>> 
>>>> On May 11, 2021, at 4:04 PM, Rodrigo Cortes  wrote:
>>>>  
>>>> Hi!
>>>>  
>>>> Use letencrypt, is free :)
>>>>  
>>>> El mar, 11 may 2021 a las 18:49,  escribió:
>>>> Ssls.com
>>>> 
>>>> > Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes 
>>>> >  ha scritto:
>>>> > 
>>>> > Where is the cheapest place to get a certificate for my server.  The 
>>>> > server is in the USA if that matters. Thank you!
>>>> > -
>>>> > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>>> > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>>> > 
>>>> -
>>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>>>  

Re: [qmailtoaster] Certificate

[Eric Broch]

Here's the link

https://www.qmailtoaster.org/ssl.html

On 5/13/2021 11:04 AM, Scott Hughes wrote:
Is there a howto or a page that details how to properly install the 
certificate I purchased? Thanks!



On May 12, 2021, at 11:29, Eric Broch  wrote:



Here's my auto renew script:



#!/bin/bash


# When to renew, days before expiration
days=3

today=`date`
today=`date --date="$today" --utc +%s`

# FQDN for which to renew certificate
fqdn=host.domain.tld
certfile=/etc/letsencrypt/live/$fqdn/fullchain.pem
exp=`openssl x509 -dates -noout < $certfile | grep notAfter | sed 
's/notAfter=//'`

off=`date --date="$exp" --utc +%s`
diff=$(( (off - today)/86400 ))
echo "Certificate for FQDN $fqdn expires in $diff day(s)"

# Renew if we're within the days parameter
if [ $diff -le $days ]
then
   echo "Renew certificate $fqdn ..."
   certbot renew --cert-name $fqdn
   echo "Reload httpd..."
   systemctl reload httpd
   systemctl status httpd
   echo "Install certificate for QMT..."
   cat /etc/letsencrypt/live/$fqdn/privkey.pem 
/etc/letsencrypt/live/$fqdn/fullchain.pem > /my/dir/path/servercert.pem
   cp -p /var/qmail/control/servercert.pem 
/var/qmail/control/servercert.pem.bak

   cp /my/dir/path/servercert.pem /var/qmail/control/servercert.pem
   qmailctl stop && sleep 5 && qmailctl start
   systemctl restart dovecot
fi

echo "Done..."

exit 0




In crontab

@daily  /my/dir/path/le


On 5/12/2021 5:34 AM, CarlC Internet Services Service Desk wrote:


Remo,

I use LetsEncrypt, but I tell everyone who uses the service to use 
“secure.carlc.com” as the email server name. This causes the IMAP 
SSL to match up with the FQDN they are looking for. I never have an 
issue when LetsEncrypt does it automatic update [which is every 60 
days as recommended by LetsEncrypt’s certbot] and the customer never 
gets a SSL cert mismatch.


Carl

*From:*Remo Mattei [mailto:r...@mattei.org]
*Sent:* Tuesday, May 11, 2021 09:07 PM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] Certificate

Yes the thing is 10 dollars for 2 years nothing to change whereas, 
letencrypt, need to change every 90 days and IMAP will prompt you 
for a new cert.. not ideal for customers if you do for your personal 
servers then that’s good.


Remo



On May 11, 2021, at 4:04 PM, Rodrigo Cortes mailto:rap...@gmail.com>> wrote:

Hi!

Use letencrypt, is free :)

El mar, 11 may 2021 a las 18:49, mailto:r...@mattei.org>> escribió:

Ssls.com <http://Ssls.com>

> Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes
mailto:sonicscott9...@gmail.com>>
ha scritto:
>
> Where is the cheapest place to get a certificate for my
server.  The server is in the USA if that matters. Thank you!
>
-
> To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
> For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>
>
-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>

Re: [qmailtoaster] Certificate

[Eric Broch]

This has Godaddy, LetsEncrypt, and Self-Signed.

On 5/13/2021 11:04 AM, Scott Hughes wrote:
Is there a howto or a page that details how to properly install the 
certificate I purchased? Thanks!



On May 12, 2021, at 11:29, Eric Broch  wrote:



Here's my auto renew script:



#!/bin/bash


# When to renew, days before expiration
days=3

today=`date`
today=`date --date="$today" --utc +%s`

# FQDN for which to renew certificate
fqdn=host.domain.tld
certfile=/etc/letsencrypt/live/$fqdn/fullchain.pem
exp=`openssl x509 -dates -noout < $certfile | grep notAfter | sed 
's/notAfter=//'`

off=`date --date="$exp" --utc +%s`
diff=$(( (off - today)/86400 ))
echo "Certificate for FQDN $fqdn expires in $diff day(s)"

# Renew if we're within the days parameter
if [ $diff -le $days ]
then
   echo "Renew certificate $fqdn ..."
   certbot renew --cert-name $fqdn
   echo "Reload httpd..."
   systemctl reload httpd
   systemctl status httpd
   echo "Install certificate for QMT..."
   cat /etc/letsencrypt/live/$fqdn/privkey.pem 
/etc/letsencrypt/live/$fqdn/fullchain.pem > /my/dir/path/servercert.pem
   cp -p /var/qmail/control/servercert.pem 
/var/qmail/control/servercert.pem.bak

   cp /my/dir/path/servercert.pem /var/qmail/control/servercert.pem
   qmailctl stop && sleep 5 && qmailctl start
   systemctl restart dovecot
fi

echo "Done..."

exit 0




In crontab

@daily  /my/dir/path/le


On 5/12/2021 5:34 AM, CarlC Internet Services Service Desk wrote:


Remo,

I use LetsEncrypt, but I tell everyone who uses the service to use 
“secure.carlc.com” as the email server name. This causes the IMAP 
SSL to match up with the FQDN they are looking for. I never have an 
issue when LetsEncrypt does it automatic update [which is every 60 
days as recommended by LetsEncrypt’s certbot] and the customer never 
gets a SSL cert mismatch.


Carl

*From:*Remo Mattei [mailto:r...@mattei.org]
*Sent:* Tuesday, May 11, 2021 09:07 PM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] Certificate

Yes the thing is 10 dollars for 2 years nothing to change whereas, 
letencrypt, need to change every 90 days and IMAP will prompt you 
for a new cert.. not ideal for customers if you do for your personal 
servers then that’s good.


Remo



On May 11, 2021, at 4:04 PM, Rodrigo Cortes mailto:rap...@gmail.com>> wrote:

Hi!

Use letencrypt, is free :)

El mar, 11 may 2021 a las 18:49, mailto:r...@mattei.org>> escribió:

Ssls.com <http://Ssls.com>

> Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes
mailto:sonicscott9...@gmail.com>>
ha scritto:
>
> Where is the cheapest place to get a certificate for my
server.  The server is in the USA if that matters. Thank you!
>
-
> To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
> For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>
>
-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>

Re: [qmailtoaster] Certificate

[Scott Hughes]

Is there a howto or a page that details how to properly install the certificate 
I purchased? Thanks!

> On May 12, 2021, at 11:29, Eric Broch  wrote:
> 
> 
> Here's my auto renew script:
> 
> 
> 
> #!/bin/bash
> 
> 
> # When to renew, days before expiration
> days=3
> 
> today=`date`
> today=`date --date="$today" --utc +%s`
> 
> # FQDN for which to renew certificate
> fqdn=host.domain.tld
> certfile=/etc/letsencrypt/live/$fqdn/fullchain.pem
> exp=`openssl x509 -dates -noout < $certfile | grep notAfter | sed 
> 's/notAfter=//'`
> off=`date --date="$exp" --utc +%s`
> diff=$(( (off - today)/86400 ))
> echo "Certificate for FQDN $fqdn expires in $diff day(s)"
> 
> # Renew if we're within the days parameter
> if [ $diff -le $days ]
> then
>echo "Renew certificate $fqdn ..."
>certbot renew --cert-name $fqdn
>echo "Reload httpd..."
>systemctl reload httpd
>systemctl status httpd
>echo "Install certificate for QMT..."
>cat /etc/letsencrypt/live/$fqdn/privkey.pem 
> /etc/letsencrypt/live/$fqdn/fullchain.pem > /my/dir/path/servercert.pem
>cp -p /var/qmail/control/servercert.pem 
> /var/qmail/control/servercert.pem.bak
>cp /my/dir/path/servercert.pem  /var/qmail/control/servercert.pem
>qmailctl stop && sleep 5 && qmailctl start
>systemctl restart dovecot
> fi
> 
> echo "Done..."
> exit 0
> 
> 
> 
> 
> 
> In crontab
> 
> @daily  /my/dir/path/le
> 
> 
> On 5/12/2021 5:34 AM, CarlC Internet Services Service Desk wrote:
>> Remo,
>>  
>> I use LetsEncrypt, but I tell everyone who uses the service to use 
>> “secure.carlc.com” as the email server name. This causes the IMAP SSL to 
>> match up with the FQDN they are looking for. I never have an issue when 
>> LetsEncrypt does it automatic update [which is every 60 days as recommended 
>> by LetsEncrypt’s certbot] and the customer never gets a SSL cert mismatch.
>>  
>> Carl
>>  
>> From: Remo Mattei [mailto:r...@mattei.org] 
>> Sent: Tuesday, May 11, 2021 09:07 PM
>> To: qmailtoaster-list@qmailtoaster.com
>> Subject: Re: [qmailtoaster] Certificate
>>  
>> Yes the thing is 10 dollars for 2 years nothing to change whereas, 
>> letencrypt, need to change every 90 days and IMAP will prompt you for a new 
>> cert.. not ideal for customers if you do for your personal servers then 
>> that’s good. 
>>  
>> Remo  
>> 
>> 
>> On May 11, 2021, at 4:04 PM, Rodrigo Cortes  wrote:
>>  
>> Hi!
>>  
>> Use letencrypt, is free :)
>>  
>> El mar, 11 may 2021 a las 18:49,  escribió:
>> Ssls.com
>> 
>> > Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes 
>> >  ha scritto:
>> > 
>> > Where is the cheapest place to get a certificate for my server.  The 
>> > server is in the USA if that matters. Thank you!
>> > -
>> > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>> > 
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>  

Re: [qmailtoaster] Certificate

[Eric Broch]

Here's my auto renew script:



#!/bin/bash


# When to renew, days before expiration
days=3

today=`date`
today=`date --date="$today" --utc +%s`

# FQDN for which to renew certificate
fqdn=host.domain.tld
certfile=/etc/letsencrypt/live/$fqdn/fullchain.pem
exp=`openssl x509 -dates -noout < $certfile | grep notAfter | sed 
's/notAfter=//'`

off=`date --date="$exp" --utc +%s`
diff=$(( (off - today)/86400 ))
echo "Certificate for FQDN $fqdn expires in $diff day(s)"

# Renew if we're within the days parameter
if [ $diff -le $days ]
then
   echo "Renew certificate $fqdn ..."
   certbot renew --cert-name $fqdn
   echo "Reload httpd..."
   systemctl reload httpd
   systemctl status httpd
   echo "Install certificate for QMT..."
   cat /etc/letsencrypt/live/$fqdn/privkey.pem 
/etc/letsencrypt/live/$fqdn/fullchain.pem > /my/dir/path/servercert.pem
   cp -p /var/qmail/control/servercert.pem 
/var/qmail/control/servercert.pem.bak

   cp /my/dir/path/servercert.pem  /var/qmail/control/servercert.pem
   qmailctl stop && sleep 5 && qmailctl start
   systemctl restart dovecot
fi

echo "Done..."

exit 0




In crontab

@daily  /my/dir/path/le


On 5/12/2021 5:34 AM, CarlC Internet Services Service Desk wrote:


Remo,

I use LetsEncrypt, but I tell everyone who uses the service to use 
“secure.carlc.com” as the email server name. This causes the IMAP SSL 
to match up with the FQDN they are looking for. I never have an issue 
when LetsEncrypt does it automatic update [which is every 60 days as 
recommended by LetsEncrypt’s certbot] and the customer never gets a 
SSL cert mismatch.


Carl

*From:*Remo Mattei [mailto:r...@mattei.org]
*Sent:* Tuesday, May 11, 2021 09:07 PM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoaster] Certificate

Yes the thing is 10 dollars for 2 years nothing to change whereas, 
letencrypt, need to change every 90 days and IMAP will prompt you for 
a new cert.. not ideal for customers if you do for your personal 
servers then that’s good.


Remo



On May 11, 2021, at 4:04 PM, Rodrigo Cortes mailto:rap...@gmail.com>> wrote:

Hi!

Use letencrypt, is free :)

El mar, 11 may 2021 a las 18:49, mailto:r...@mattei.org>> escribió:

Ssls.com <http://Ssls.com>

> Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes
mailto:sonicscott9...@gmail.com>>
ha scritto:
>
> Where is the cheapest place to get a certificate for my
server.  The server is in the USA if that matters. Thank you!
>
-
> To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
> For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>
>
-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>

RE: [qmailtoaster] Certificate

[CarlC Internet Services Service Desk]

Remo,

 

I use LetsEncrypt, but I tell everyone who uses the service to use 
“secure.carlc.com” as the email server name. This causes the IMAP SSL to match 
up with the FQDN they are looking for. I never have an issue when LetsEncrypt 
does it automatic update [which is every 60 days as recommended by 
LetsEncrypt’s certbot] and the customer never gets a SSL cert mismatch.

 

Carl

 

From: Remo Mattei [mailto:r...@mattei.org] 
Sent: Tuesday, May 11, 2021 09:07 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Certificate

 

Yes the thing is 10 dollars for 2 years nothing to change whereas, letencrypt, 
need to change every 90 days and IMAP will prompt you for a new cert.. not 
ideal for customers if you do for your personal servers then that’s good. 

 

Remo  





On May 11, 2021, at 4:04 PM, Rodrigo Cortes mailto:rap...@gmail.com> > wrote:

 

Hi!

 

Use letencrypt, is free :)

 

El mar, 11 may 2021 a las 18:49, mailto:r...@mattei.org> > 
escribió:

Ssls.com <http://Ssls.com> 

> Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes  <mailto:sonicscott9...@gmail.com> > ha scritto:
> 
> Where is the cheapest place to get a certificate for my server.  The server 
> is in the USA if that matters. Thank you!
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
> <mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com> 
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
> <mailto:qmailtoaster-list-h...@qmailtoaster.com> 
> 
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com> 
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
<mailto:qmailtoaster-list-h...@qmailtoaster.com> 

 

RE: [qmailtoaster] Certificate

[CarlC Internet Services Service Desk]

Rodrigo,

 

Here’s my script for Letsencrypt, obviously, you would change out 
secure.carlc.com with the name of website on the email server that QMAIL runs:

 

[root@mail7 ~]# more copy_letsencrypt_files.sh

#!/bin/bash

#

# Script to copy lets encrypt files to the right area and restart the needed 
services.

#

# Initial concept by RCC 06/08/2018

#

# Test if the letsencrypt live cert.pem file was changed in the last 24 hours...

#

if test `find "/etc/letsencrypt/live/secure.carlc.com/cert.pem" -mmin +1440`

then

echo "Cert file is older than 1440 test minutes (24 hours)... STOP!"

exit

fi

echo "Get to work, New cert file is younger than 1440 minutes (24 hours)..."

#

#

# Dovecot just needs a restart as they are using the /etc/letsencrypt/live 
files already

#

/usr/sbin/service dovecot restart

#

# Qmail SMTP-SSL

#

# Create a new /var/qmail/control/servercert.pem-NEW

#

# NOTE: order is critical, start with private key, then URL cert, then any 
intermediate files.

#

cat /etc/letsencrypt/live/secure.carlc.com/privkey.pem > 
/var/qmail/control/servercert.pem-NEW

cat /etc/letsencrypt/live/secure.carlc.com/cert.pem >> 
/var/qmail/control/servercert.pem-NEW

cat /etc/letsencrypt/live/secure.carlc.com/chain.pem >> 
/var/qmail/control/servercert.pem-NEW

#

# Swap out files, move current to OLD then NEW to current

#

mv /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem-OLD

mv /var/qmail/control/servercert.pem-NEW /var/qmail/control/servercert.pem

chmod 644 /var/qmail/control/servercert.pem

chown root.vchkpw /var/qmail/control/servercert.pem

#

# Need to restart QMAIL

#

/etc/rc.d/init.d/qmail restart

#

# Webmin (thank you QMAIL, we can use the new PEM file as it's the same format)

#

/usr/sbin/service webmin stop

cat /var/qmail/control/servercert.pem > /etc/webmin/miniserv.pem

/usr/sbin/service webmin start

#

#

#

 

From: Rodrigo Cortes [mailto:rap...@gmail.com] 
Sent: Tuesday, May 11, 2021 09:27 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Certificate

 

hi!

 

is a simple script for renew and apply to qmail, dovecot and apache :)

 

I have this solution for other smtp and work fine :)

 

El mar, 11 may 2021 a las 21:07, Remo Mattei (mailto:r...@mattei.org> >) escribió:

Yes the thing is 10 dollars for 2 years nothing to change whereas, letencrypt, 
need to change every 90 days and IMAP will prompt you for a new cert.. not 
ideal for customers if you do for your personal servers then that’s good. 

 

Remo  





On May 11, 2021, at 4:04 PM, Rodrigo Cortes mailto:rap...@gmail.com> > wrote:

 

Hi!

 

Use letencrypt, is free :)

 

El mar, 11 may 2021 a las 18:49, mailto:r...@mattei.org> > 
escribió:

Ssls.com <http://Ssls.com> 

> Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes  <mailto:sonicscott9...@gmail.com> > ha scritto:
> 
> Where is the cheapest place to get a certificate for my server.  The server 
> is in the USA if that matters. Thank you!
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
> <mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com> 
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
> <mailto:qmailtoaster-list-h...@qmailtoaster.com> 
> 
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
<mailto:qmailtoaster-list-h...@qmailtoaster.com> 

 

Re: [qmailtoaster] Certificate

[Antonio Nati]

No more... Certificates are going to be released for no more than one 
year of validity.
You may buy a two years contract, but you'll be force to install a new 
certificate after one year.
Nextly all browsers will not accept certificates expiring after more 
than 15 months.


Regards,
Tonino

Il 12/05/2021 03:06, Remo Mattei ha scritto:
Yes the thing is 10 dollars for 2 years nothing to change whereas, 
letencrypt, need to change every 90 days and IMAP will prompt you for 
a new cert.. not ideal for customers if you do for your personal 
servers then that’s good.


Remo

On May 11, 2021, at 4:04 PM, Rodrigo Cortes > wrote:


Hi!

Use letencrypt, is free :)

El mar, 11 may 2021 a las 18:49, > escribió:


Ssls.com 

> Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes
mailto:sonicscott9...@gmail.com>> ha
scritto:
>
> Where is the cheapest place to get a certificate for my
server.  The server is in the USA if that matters. Thank you!
>
-
> To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com

> For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com

>
-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com







-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate

[Jaime Lerner]

LetsEncrypt  I use that on mine.

 

Free. :)

 

From: Scott Hughes 
Reply-To: 
Date: Tuesday, May 11, 2021 at 6:03 PM
To: 
Subject: [qmailtoaster] Certificate 

 

Where is the cheapest place to get a certificate for my server.  The server is 
in the USA if that matters. Thank you!

-

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

 

 

Re: [qmailtoaster] Certificate

[Rodrigo Cortes]

hi!

is a simple script for renew and apply to qmail, dovecot and apache :)

I have this solution for other smtp and work fine :)

El mar, 11 may 2021 a las 21:07, Remo Mattei () escribió:

> Yes the thing is 10 dollars for 2 years nothing to change whereas,
> letencrypt, need to change every 90 days and IMAP will prompt you for a new
> cert.. not ideal for customers if you do for your personal servers then
> that’s good.
>
> Remo
>
> On May 11, 2021, at 4:04 PM, Rodrigo Cortes  wrote:
>
> Hi!
>
> Use letencrypt, is free :)
>
> El mar, 11 may 2021 a las 18:49,  escribió:
>
>> Ssls.com
>>
>> > Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes <
>> sonicscott9...@gmail.com> ha scritto:
>> >
>> > Where is the cheapest place to get a certificate for my server.  The
>> server is in the USA if that matters. Thank you!
>> > -
>> > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> > For additional commands, e-mail:
>> qmailtoaster-list-h...@qmailtoaster.com
>> >
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
>
>

Re: [qmailtoaster] Certificate

[Remo Mattei]

Yes the thing is 10 dollars for 2 years nothing to change whereas, letencrypt, 
need to change every 90 days and IMAP will prompt you for a new cert.. not 
ideal for customers if you do for your personal servers then that’s good. 

Remo  

> On May 11, 2021, at 4:04 PM, Rodrigo Cortes  wrote:
> 
> Hi!
> 
> Use letencrypt, is free :)
> 
> El mar, 11 may 2021 a las 18:49, mailto:r...@mattei.org>> 
> escribió:
> Ssls.com
> 
> > Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes 
> > mailto:sonicscott9...@gmail.com>> ha scritto:
> > 
> > Where is the cheapest place to get a certificate for my server.  The 
> > server is in the USA if that matters. Thank you!
> > -
> > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
> > 
> > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
> > 
> > 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com 
> 
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com 
> 

Re: [qmailtoaster] Certificate

[Rodrigo Cortes]

Hi!

Use letencrypt, is free :)

El mar, 11 may 2021 a las 18:49,  escribió:

> Ssls.com
>
> > Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes <
> sonicscott9...@gmail.com> ha scritto:
> >
> > Where is the cheapest place to get a certificate for my server.  The
> server is in the USA if that matters. Thank you!
> > -
> > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> >
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate

[remo]

Ssls.com

> Il giorno 11 mag 2021, alle ore 15:03, Scott Hughes 
>  ha scritto:
> 
> Where is the cheapest place to get a certificate for my server.  The server 
> is in the USA if that matters. Thank you!
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Certificate

[Scott Hughes]

Where is the cheapest place to get a certificate for my server.  The server is 
in the USA if that matters. Thank you!
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Certificate ERROR

[Jake Vickers]

Robin W. Sanchez C. wrote:


Make a self signed certificate:

 


cd /etc/pki/tls/certs/

  make stunnel.pem

  Note: common name should be your FQDN server.your-domain.com

  mv stunnel.pem /var/qmail/control/servercert.pem

  chown root:qmail /var/qmail/control/servercert.pem

  chmod 644 /var/qmail/control/servercert.pem

  /ln -s /var/qmail/control/servercert.pem 
/var/qmail/control/clientcert.pem


 

 


I applied this proccedure but after that, mi

 


Show this error in http://web.domain.com/qmailadmin

 



What do the IMAP logs show?  This cert wouldn't normally have anything 
to do with apache or it's authentication (unless qmailadmin also 
authenticates via IMAP for login purposes)


**

[qmailtoaster] Certificate ERROR

[Robin W. Sanchez C.]

Make a self signed certificate: 

 

cd /etc/pki/tls/certs/

  make stunnel.pem

  Note: common name should be your FQDN server.your-domain.com

  mv stunnel.pem /var/qmail/control/servercert.pem 

  chown root:qmail /var/qmail/control/servercert.pem 

  chmod 644 /var/qmail/control/servercert.pem

  /ln -s /var/qmail/control/servercert.pem /var/qmail/control/clientcert.pem

 

 

I applied this proccedure but after that, mi 

 

Show this error in http://web.domain.com/qmailadmin

 

Forbidden

You don't have permission to access / on this server.

  _  

Apache/2.2.3 (CentOS) Server at Port 80

 

And show 

 

 

@400048bc17770a4ce104 WARN: [EMAIL PROTECTED]:
chdir(/home/vpopmail/domains/mydomain.com/user-temp) failed!!

@400048bc17770a4d6da4 WARN: error: Permission denied

@400048bc17770a4dac24 INFO: LOGIN FAILED, [EMAIL PROTECTED],
ip=[XXX.XXX.XXX.XXX]

@400048bc17770a4dee8c ERR: authentication error: Permission denied


Este correo electronico puede conteneder informacion confindencial y protegida 
legalmente bajo secreto profesional. La informacion esta dirigida solamente a 
la persona o entidad indicada como destinatario y su acceso por cualquier otra 
persona no esta autorizado. si ud
recibio este mensaje electronico por error, informeselo al remitente y borrelo. 
Aclaramos que los conceptos y opiniones comprendidos en este correo 
electronico, deben atribuirse exclusivamente a su auntor y no deben entenderse 
como necesariamente coincidentes con las de AIMAR, S.A. y en consecuencia, 
absolutamente
ajenos a la responsabilidad de sus directores y ejecutivos. en tanto no hayan 
participado de su confension y/o emision y quede esta participacion 
expresamente consignada en el mensaje
La divulgacion publica de este correo electronico,  como asi su copia, 
reproduccion total o parcial queda prohibida, dando lugar en caso de 
inobservancia de estas y todas las acciones legales que pudiesen corresponder. 

[qmailtoaster] Certificate

[slamp slamp]

Looking at this wiki. It says I can use the same SSL certificate for apache.
How would this work when my qmail is mail.domain.com and my apache is
www.domain.com? Isn't the cert tied to a common name? Unless if using a
wildcard which I don't think is a feature of that $9.99 certificate.

http://wiki.qmailtoaster.com/index.php/Certificate

Re: [qmailtoaster] Certificate

[Erik A. Espinoza]

That's why you use a common name that works for both. I usually do
secure.domain.com for 1 domains that will only have one server. On
domains with more than 1 server needing ssl I give names and use http
forwards for everything else.

For example, my domain, kabewm.com, has a few servers in it. I created
electron and quark as mail servers and I use a virtualhost on port 80
to forward webmail.kabewm.com to https://electron.kabewm.com/webmail.

Thanks,
Erik

On 4/21/07, slamp slamp [EMAIL PROTECTED] wrote:

Looking at this wiki. It says I can use the same SSL certificate for apache.
How would this work when my qmail is mail.domain.com and my apache is
www.domain.com ? Isn't the cert tied to a common name? Unless if using a
wildcard which I don't think is a feature of that $9.99 certificate.

http://wiki.qmailtoaster.com/index.php/Certificate


-
QmailToaster hosted by: VR Hosted http://www.vr.org
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]