Re: Letsencrypt/OpenSSL test - Verify return code: 21

On 2021-04-10 12:09 p.m., Brady Shea wrote: I finally 'fixed' it myself by using the LE 'fullchain.pem' certificate as the location for the 'ssl_cert' entry (and chain.pem for the ca entry). Previously, it was using the normal cert.pem file location. This is still the way it's setup on the

Re: Letsencrypt/OpenSSL test - Verify return code: 21

On 11/04/2021 01:04, @lbutlr wrote: > On 10 Apr 2021, at 12:57, Juri Haberland wrote: >> On 10/04/2021 19:52, @lbutlr wrote: >>> On 10 Apr 2021, at 09:55, B Shea wrote: OpenSSL (Ubuntu default/repo version): 1.1.1f 31 Mar 2020 >>> >>> There have been a few critical patches to open SSL in

Re: Letsencrypt/OpenSSL test - Verify return code: 21

On 10 Apr 2021, at 12:57, Juri Haberland wrote: > On 10/04/2021 19:52, @lbutlr wrote: >> On 10 Apr 2021, at 09:55, B Shea wrote: >>> OpenSSL (Ubuntu default/repo version): 1.1.1f 31 Mar 2020 >> >> There have been a few critical patches to open SSL in the last year, >> including a very

Re: Letsencrypt/OpenSSL test - Verify return code: 21

On 10/04/2021 19:52, @lbutlr wrote: > On 10 Apr 2021, at 09:55, B Shea wrote: >> OpenSSL (Ubuntu default/repo version): 1.1.1f 31 Mar 2020 > > There have been a few critical patches to open SSL in the last year, > including a very important one to 1.1.1k just recently. > > Not to do with

Re: Letsencrypt/OpenSSL test - Verify return code: 21

On 10 Apr 2021, at 09:55, B Shea wrote: > OpenSSL (Ubuntu default/repo version): 1.1.1f 31 Mar 2020 There have been a few critical patches to open SSL in the last year, including a very important one to 1.1.1k just recently. Not to do with your issue, but I suspect updating both openssl and

Re: Letsencrypt/OpenSSL test - Verify return code: 21

> On 10/04/2021 19:09 Brady Shea wrote: > > > OS: Ubuntu 20.04.2 (on mutli-core VM) > Dovecot (Ubuntu default/repo version): 2.3.7.2 (3c910f64b) > OpenSSL (Ubuntu default/repo version): 1.1.1f 31 Mar 2020 > > Reproducing- > > Run: "openssl s_client -showcerts -connect

Re: Letsencrypt certificate for repo.dovecot.org expired May 14th..

So it seems. Guess our certbot does not support post hook directories, since it's not executing the hooks there. Aki On 12.09.2018 08:56, B. Reino wrote: > > FYI, it happened again :) > > On July 15, 2018 10:49:08 AM GMT+02:00, "B. Reino" wrote: >> Dear Aki, >> >> I think the renewal failed

Re: Letsencrypt certificate for repo.dovecot.org expired May 14th..

FYI, it happened again :) On July 15, 2018 10:49:08 AM GMT+02:00, "B. Reino" wrote: >Dear Aki, > >I think the renewal failed again. The SSL certificate expired Saturday, > >14 July 2018. > >This affects (at least) the repo.dovecot.org website and debian >repository. > >Thanks, >Bernardo. >

Re: Letsencrypt certificate for repo.dovecot.org expired May 14th..

ot; > Date: 15/07/2018 11:49 (GMT+02:00) > To: Aki Tuomi > Cc: Dovecot Mailing List > Subject: Re: Letsencrypt certificate for repo.dovecot.org expired May 14th.. > > Dear Aki, > > I think the renewal failed again. The SSL certificate expired Saturday, > 14 July 2018. &

Re: Letsencrypt certificate for repo.dovecot.org expired May 14th..

certbot clearly hates me ---Aki TuomiDovecot oy Original message From: "B. Reino" Date: 15/07/2018 11:49 (GMT+02:00) To: Aki Tuomi Cc: Dovecot Mailing List Subject: Re: Letsencrypt certificate for repo.dovecot.org expired May 14th.. Dear Aki, I think the rene

Re: Letsencrypt certificate for repo.dovecot.org expired May 14th..

Dear Aki, I think the renewal failed again. The SSL certificate expired Saturday, 14 July 2018. This affects (at least) the repo.dovecot.org website and debian repository. Thanks, Bernardo. On 2018-05-15 08:15, Aki Tuomi wrote: On 15.05.2018 09:14, B. Reino wrote: Dear all, Just in

Re: Letsencrypt certificate for repo.dovecot.org expired May 14th..

On Tue, 15 May 2018, Aki Tuomi wrote: On 15.05.2018 09:14, B. Reino wrote: Dear all, Just in case you've missed it, the certificate for repo.dovecot.org just expired yesterday. This causes errors in e.g. apt-get update. Thanks in advance for fixing it, -- B. Reino Seems something went

Re: Letsencrypt certificate for repo.dovecot.org expired May 14th..

On 15.05.2018 09:14, B. Reino wrote: > Dear all, > > Just in case you've missed it, the certificate for repo.dovecot.org > just expired yesterday. > > This causes errors in e.g. apt-get update. > > Thanks in advance for fixing it, > > -- > B. Reino Seems something went wrong during deployment,

Re: letsencrypt

On 04/03/17 04:07, David Mehler wrote: With the web it was easy just let apache serve the token that letsencrypt needed and I got certificates. How do I do this with regards email? I know there have been some answers to this already but FWIW I use dehydrated directly from Github and this

Re: letsencrypt

Thanks. Is there another way of doing this? I've got a web server running on 80 and 443. Are there any other options? I'm getting this list in digest mode, so it's possible by the time this gets to you, I will have repeated someone else' suggestion. In this situation, where your dovecot

Re: letsencrypt

You can either drop the authentication token into /.wellknown on your running server, or take down the server for a minute to run certbot every couple months. I'm not a fan of symlinks out of config directories and certainly not across chroot / jail boundaries so I manually copy the certs into

Re: letsencrypt

David Mehler writes: I'm wanting letsencrypt to take over as my CA, replacing existing self signed certificates. I've got web working, a certificate for https sites and one for webmail as they have different names. What I'm now wanting to do is get letsencrypt going for

Re: letsencrypt

Hello, Have you considered running getssl bash script? It is well documented, self-updates automatically, supports https, imaps, pop3s, ... and can push validation tokens to your web server using rsync, ftp, ... See https://github.com/srvrco/getssl/blob/master/README.md Cheers On 03/03/2017

Re: letsencrypt

Yes: I'm using the acme.sh client, and I can do: > acme.sh --issue --standalone -d example.com --httpport 88 It does what you'd expect: it runs using a small webserver on port 88 I only just discovered that option myself :-) MJ On 03/03/2017 08:22 PM, David Mehler wrote: Hello, Thanks. Is

Re: letsencrypt

Hello, Thanks. Is there another way of doing this? I've got a web server running on 80 and 443. Are there any other options? Thanks. Dave. On 3/3/17, Michael Neurohr wrote: > On 2017-03-03 19:07, David Mehler wrote: >> Hello, >> >> I know some users here are using letsencrypt

Re: letsencrypt

On 2017-03-03 19:07, David Mehler wrote: > Hello, > > I know some users here are using letsencrypt for their CA. If this is > to off topic write me privately. > > I'm wanting letsencrypt to take over as my CA, replacing existing self > signed certificates. I've got web working, a certificate for

Re: letsencrypt

You can also setup web server to handle auth for particular domain or use certbot's standalone auth, but in that case, 80 or 443 port must be free to allow certbot's temporary web server to run on that port. -- KSB On 2017.03.03. 20:08, Larry Rosenman wrote: I have DNS setup as my auth, and

Re: letsencrypt

Hello, Thanks, should have mentioned dns tokens are not possible in my situation. Thanks. Dave. On 3/3/17, Larry Rosenman wrote: > I have DNS setup as my auth, and use nsupdate to let it get the token. > > > > On 3/3/17, 12:07 PM, "dovecot on behalf of David Mehler" >

Re: letsencrypt

I have DNS setup as my auth, and use nsupdate to let it get the token. On 3/3/17, 12:07 PM, "dovecot on behalf of David Mehler" wrote: Hello, I know some users here are using letsencrypt for their CA. If this is