Re: [qmailtoaster] iPhone updates / new ssl breaks connection
Thanks!
On Wed, Apr 27, 2022 at 2:41 PM Eric Broch wrote:
> make sure to change the 'days' setting to 2 or 3.
> On 4/27/2022 3:38 PM, Benjamin Baez wrote:
>
> Thank you Eric!
>
> On Wed, Apr 27, 2022 at 2:23 PM Eric Broch
> wrote:
>
>> This is one gets all the certs as well as the qt mail cert as well
>>
>> #!/bin/bash
>>
>> mailcert () {
>>
>> cat /etc/letsencrypt/live/$1/privkey.pem
>> /etc/letsencrypt/live/$1/fullchain.pem > ./servercert.pem
>> cp -p /var/qmail/control/servercert.pem
>> /var/qmail/control/servercert.pem.bak
>> cp ./servercert.pem /var/qmail/control/servercert.pem
>> systemctl reload dovecot
>> qmailctl stop && sleep 2 && qmailctl start
>> }
>>
>> LOG=/var/log/certs.log
>> days=100
>>
>> today=`date`
>> today=`date --date="$today" --utc +%s`
>> certdir=/etc/letsencrypt/live
>> certfile=fullchain.pem
>>
>> qtcertdom=`openssl x509 -noout -subject -in
>> /var/qmail/control/servercert.pem|sed 's/subject= \/CN=//'`
>>
>> for certdom in `ls $certdir`
>> do
>> [[ "$certdom" = "README" ]] && continue
>> exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile | grep
>> notAfter | sed 's/notAfter=//'`
>> off=`date --date="$exp" --utc +%s`
>> diff=$(( (off - today)/86400 ))
>> echo "Certificate Domain: $certdom, Days to expire: $diff"
>> echo ""
>> if [ $diff -le $days ]
>> then
>>certbot renew --cert-name $certdom
>>systemctl reload httpd
>>[ "$certdom" = "$qtcertdom" ] && mailcert $qtcertdom
>> fi
>> done
>>
>> exit 0
>>
>> On 4/27/2022 2:59 PM, Remo Mattei wrote:
>> > Thank you!
>> >
>> >> On Apr 27, 2022, at 13:43, Eric Broch wrote:
>> >>
>> >> This is the correct procedure for creating file updcerts.sh :
>> >>
>> >> cat <<'EOL'>> updcerts.sh
>> >> #!/bin/bash
>> >>
>> >> mailcert () {
>> >> cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
>> /etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem >
>> ./servercert.pem
>> >> cp -p /var/qmail/control/servercert.pem
>> /var/qmail/control/servercert.pem.bak
>> >> cp ./servercert.pem /var/qmail/control/servercert.pem
>> >> systemctl reload dovecot
>> >> qmailctl stop && sleep 2 && qmailctl start
>> >> }
>> >>
>> >> LOG=/var/log/certs.log
>> >> days=3
>> >> today=`date`
>> >> today=`date --date="$today" --utc +%s`
>> >> certdir=/etc/letsencrypt/live
>> >> certfile=fullchain.pem
>> >>
>> >> for certdom in `ls $certdir`
>> >> do
>> >> exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile |
>> grep notAfter | sed 's/notAfter=//'`
>> >> off=`date --date="$exp" --utc +%s`
>> >> diff=$(( (off - today)/86400 ))
>> >> echo "Certificate Domain: $certdom, Days to expire: $diff"
>> >> echo ""
>> >> if [ $diff -le $days ]
>> >> then
>> >>certbot renew --cert-name $certdom
>> >>systemctl reload httpd
>> >>[ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
>> >> fi
>> >> done
>> >> exit 0
>> >> EOL
>> >>
>> >> On 4/27/2022 2:18 PM, Eric Broch wrote:
>> >>> I run updcert.sh every night (set 'days=X', which is the number of
>> days before expiration at which time the certificate will be updated):
>> >>>
>> >>> cat updcert.sh <> >>>
>> >>> #!/bin/bash
>> >>>
>> >>> mailcert () {
>> >>> cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
>> /etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem >
>> ./servercert.pem
>> >>> cp -p /var/qmail/control/servercert.pem
>> /var/qmail/control/servercert.pem.bak
>> >>> cp ./servercert.pem /var/qmail/control/servercert.pem
>> >>> systemctl reload dovecot
>> >>> qmailctl stop && sleep 2 && qmailctl start
>> >>> }
>> >>>
>> >>> LOG=/var/log/certs.log
>> >>> days=3
>> >>>
>> >>> today=`date`
>> >>> today=`date --date="$today" --utc +%s`
>> >>> certdir=/etc/letsencrypt/live
>> >>> certfile=fullchain.pem
>> >>>
>> >>> for certdom in `ls $certdir`
>> >>> do
>> >>> exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile |
>> grep notAfter | sed 's/notAfter=//'`
>> >>> off=`date --date="$exp" --utc +%s`
>> >>> diff=$(( (off - today)/86400 ))
>> >>> echo "Certificate Domain: $certdom, Days to expire: $diff"
>> >>> echo ""
>> >>> if [ $diff -le $days ]
>> >>> then
>> >>>certbot renew --cert-name $certdom
>> >>>systemctl reload httpd
>> >>>[ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
>> >>> fi
>> >>> done
>> >>>
>> >>> exit 0
>> >>>
>> >>> EOL
>> >>>
>> >>> On 4/27/2022 1:07 PM, Remo Mattei wrote:
>> Hi David, can you share your config maybe I ping you offlinee.
>>
>> Remo
>>
>> > On Apr 26, 2022, at 23:55, David Bray wrote:
>> >
>> > I'm using Letsencrypt and it renews every - well not sure, is it
>> 10/11 weeks - the certs are valid for 3 months
>> >
>> > It never has an issue with iOS
>> >
>> > Cheers
>> >
>> > David Bray
>> > e. da...@brayworth.com
>> >
>> > April 27, 2022
Re: [qmailtoaster] iPhone updates / new ssl breaks connection
make sure to change the 'days' setting to 2 or 3.
On 4/27/2022 3:38 PM, Benjamin Baez wrote:
Thank you Eric!
On Wed, Apr 27, 2022 at 2:23 PM Eric Broch
wrote:
This is one gets all the certs as well as the qt mail cert as well
#!/bin/bash
mailcert () {
cat /etc/letsencrypt/live/$1/privkey.pem
/etc/letsencrypt/live/$1/fullchain.pem > ./servercert.pem
cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.bak
cp ./servercert.pem /var/qmail/control/servercert.pem
systemctl reload dovecot
qmailctl stop && sleep 2 && qmailctl start
}
LOG=/var/log/certs.log
days=100
today=`date`
today=`date --date="$today" --utc +%s`
certdir=/etc/letsencrypt/live
certfile=fullchain.pem
qtcertdom=`openssl x509 -noout -subject -in
/var/qmail/control/servercert.pem|sed 's/subject= \/CN=//'`
for certdom in `ls $certdir`
do
[[ "$certdom" = "README" ]] && continue
exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile
| grep
notAfter | sed 's/notAfter=//'`
off=`date --date="$exp" --utc +%s`
diff=$(( (off - today)/86400 ))
echo "Certificate Domain: $certdom, Days to expire: $diff"
echo ""
if [ $diff -le $days ]
then
certbot renew --cert-name $certdom
systemctl reload httpd
[ "$certdom" = "$qtcertdom" ] && mailcert $qtcertdom
fi
done
exit 0
On 4/27/2022 2:59 PM, Remo Mattei wrote:
> Thank you!
>
>> On Apr 27, 2022, at 13:43, Eric Broch
wrote:
>>
>> This is the correct procedure for creating file updcerts.sh :
>>
>> cat <<'EOL'>> updcerts.sh
>> #!/bin/bash
>>
>> mailcert () {
>> cat
/etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
/etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem
> ./servercert.pem
>> cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.bak
>> cp ./servercert.pem /var/qmail/control/servercert.pem
>> systemctl reload dovecot
>> qmailctl stop && sleep 2 && qmailctl start
>> }
>>
>> LOG=/var/log/certs.log
>> days=3
>> today=`date`
>> today=`date --date="$today" --utc +%s`
>> certdir=/etc/letsencrypt/live
>> certfile=fullchain.pem
>>
>> for certdom in `ls $certdir`
>> do
>> exp=`openssl x509 -dates -noout <
$certdir/$certdom/$certfile | grep notAfter | sed 's/notAfter=//'`
>> off=`date --date="$exp" --utc +%s`
>> diff=$(( (off - today)/86400 ))
>> echo "Certificate Domain: $certdom, Days to expire: $diff"
>> echo ""
>> if [ $diff -le $days ]
>> then
>> certbot renew --cert-name $certdom
>> systemctl reload httpd
>> [ "$certdom" = "mail.whitehorsetc.com
" ] && mailcert
>> fi
>> done
>> exit 0
>> EOL
>>
>> On 4/27/2022 2:18 PM, Eric Broch wrote:
>>> I run updcert.sh every night (set 'days=X', which is the
number of days before expiration at which time the certificate
will be updated):
>>>
>>> cat updcert.sh <>>
>>> #!/bin/bash
>>>
>>> mailcert () {
>>> cat
/etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
/etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem
> ./servercert.pem
>>> cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.bak
>>> cp ./servercert.pem /var/qmail/control/servercert.pem
>>> systemctl reload dovecot
>>> qmailctl stop && sleep 2 && qmailctl start
>>> }
>>>
>>> LOG=/var/log/certs.log
>>> days=3
>>>
>>> today=`date`
>>> today=`date --date="$today" --utc +%s`
>>> certdir=/etc/letsencrypt/live
>>> certfile=fullchain.pem
>>>
>>> for certdom in `ls $certdir`
>>> do
>>> exp=`openssl x509 -dates -noout <
$certdir/$certdom/$certfile | grep notAfter | sed 's/notAfter=//'`
>>> off=`date --date="$exp" --utc +%s`
>>> diff=$(( (off - today)/86400 ))
>>> echo "Certificate Domain: $certdom, Days to expire: $diff"
>>> echo ""
>>> if [ $diff -le $days ]
>>> then
>>> certbot renew --cert-name $certdom
>>> systemctl reload httpd
>>> [ "$certdom" = "mail.whitehorsetc.com
" ] && mailcert
>>> fi
>>> done
>>>
>>> exit 0
>>>
>>> EOL
>>>
>>> On 4/27/2022 1:07 PM, Remo Mattei wrote:
Hi David, can you share your config maybe I ping you offlinee.
Remo
> On Apr 26, 2022, at 23:55,
Re: [qmailtoaster] iPhone updates / new ssl breaks connection
Thank you Eric!
On Wed, Apr 27, 2022 at 2:23 PM Eric Broch wrote:
> This is one gets all the certs as well as the qt mail cert as well
>
> #!/bin/bash
>
> mailcert () {
>
> cat /etc/letsencrypt/live/$1/privkey.pem
> /etc/letsencrypt/live/$1/fullchain.pem > ./servercert.pem
> cp -p /var/qmail/control/servercert.pem
> /var/qmail/control/servercert.pem.bak
> cp ./servercert.pem /var/qmail/control/servercert.pem
> systemctl reload dovecot
> qmailctl stop && sleep 2 && qmailctl start
> }
>
> LOG=/var/log/certs.log
> days=100
>
> today=`date`
> today=`date --date="$today" --utc +%s`
> certdir=/etc/letsencrypt/live
> certfile=fullchain.pem
>
> qtcertdom=`openssl x509 -noout -subject -in
> /var/qmail/control/servercert.pem|sed 's/subject= \/CN=//'`
>
> for certdom in `ls $certdir`
> do
> [[ "$certdom" = "README" ]] && continue
> exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile | grep
> notAfter | sed 's/notAfter=//'`
> off=`date --date="$exp" --utc +%s`
> diff=$(( (off - today)/86400 ))
> echo "Certificate Domain: $certdom, Days to expire: $diff"
> echo ""
> if [ $diff -le $days ]
> then
>certbot renew --cert-name $certdom
>systemctl reload httpd
>[ "$certdom" = "$qtcertdom" ] && mailcert $qtcertdom
> fi
> done
>
> exit 0
>
> On 4/27/2022 2:59 PM, Remo Mattei wrote:
> > Thank you!
> >
> >> On Apr 27, 2022, at 13:43, Eric Broch wrote:
> >>
> >> This is the correct procedure for creating file updcerts.sh :
> >>
> >> cat <<'EOL'>> updcerts.sh
> >> #!/bin/bash
> >>
> >> mailcert () {
> >> cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
> /etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem >
> ./servercert.pem
> >> cp -p /var/qmail/control/servercert.pem
> /var/qmail/control/servercert.pem.bak
> >> cp ./servercert.pem /var/qmail/control/servercert.pem
> >> systemctl reload dovecot
> >> qmailctl stop && sleep 2 && qmailctl start
> >> }
> >>
> >> LOG=/var/log/certs.log
> >> days=3
> >> today=`date`
> >> today=`date --date="$today" --utc +%s`
> >> certdir=/etc/letsencrypt/live
> >> certfile=fullchain.pem
> >>
> >> for certdom in `ls $certdir`
> >> do
> >> exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile |
> grep notAfter | sed 's/notAfter=//'`
> >> off=`date --date="$exp" --utc +%s`
> >> diff=$(( (off - today)/86400 ))
> >> echo "Certificate Domain: $certdom, Days to expire: $diff"
> >> echo ""
> >> if [ $diff -le $days ]
> >> then
> >>certbot renew --cert-name $certdom
> >>systemctl reload httpd
> >>[ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
> >> fi
> >> done
> >> exit 0
> >> EOL
> >>
> >> On 4/27/2022 2:18 PM, Eric Broch wrote:
> >>> I run updcert.sh every night (set 'days=X', which is the number of
> days before expiration at which time the certificate will be updated):
> >>>
> >>> cat updcert.sh < >>>
> >>> #!/bin/bash
> >>>
> >>> mailcert () {
> >>> cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
> /etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem >
> ./servercert.pem
> >>> cp -p /var/qmail/control/servercert.pem
> /var/qmail/control/servercert.pem.bak
> >>> cp ./servercert.pem /var/qmail/control/servercert.pem
> >>> systemctl reload dovecot
> >>> qmailctl stop && sleep 2 && qmailctl start
> >>> }
> >>>
> >>> LOG=/var/log/certs.log
> >>> days=3
> >>>
> >>> today=`date`
> >>> today=`date --date="$today" --utc +%s`
> >>> certdir=/etc/letsencrypt/live
> >>> certfile=fullchain.pem
> >>>
> >>> for certdom in `ls $certdir`
> >>> do
> >>> exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile |
> grep notAfter | sed 's/notAfter=//'`
> >>> off=`date --date="$exp" --utc +%s`
> >>> diff=$(( (off - today)/86400 ))
> >>> echo "Certificate Domain: $certdom, Days to expire: $diff"
> >>> echo ""
> >>> if [ $diff -le $days ]
> >>> then
> >>>certbot renew --cert-name $certdom
> >>>systemctl reload httpd
> >>>[ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
> >>> fi
> >>> done
> >>>
> >>> exit 0
> >>>
> >>> EOL
> >>>
> >>> On 4/27/2022 1:07 PM, Remo Mattei wrote:
> Hi David, can you share your config maybe I ping you offlinee.
>
> Remo
>
> > On Apr 26, 2022, at 23:55, David Bray wrote:
> >
> > I'm using Letsencrypt and it renews every - well not sure, is it
> 10/11 weeks - the certs are valid for 3 months
> >
> > It never has an issue with iOS
> >
> > Cheers
> >
> > David Bray
> > e. da...@brayworth.com
> >
> > April 27, 2022 1:47 AM, "Remo Mattei" wrote:
> >
> >> Hello guys,
> >> I got a few of my customers that every year after the upgrade of
> the SSL cert do have issues and
> >> shows cert expired or not valid. I did not have the issue on my
> iOS, but I just wonder if anyone
> >> has seen that and how they planned to
Re: [qmailtoaster] iPhone updates / new ssl breaks connection
This is one gets all the certs as well as the qt mail cert as well
#!/bin/bash
mailcert () {
cat /etc/letsencrypt/live/$1/privkey.pem
/etc/letsencrypt/live/$1/fullchain.pem > ./servercert.pem
cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.bak
cp ./servercert.pem /var/qmail/control/servercert.pem
systemctl reload dovecot
qmailctl stop && sleep 2 && qmailctl start
}
LOG=/var/log/certs.log
days=100
today=`date`
today=`date --date="$today" --utc +%s`
certdir=/etc/letsencrypt/live
certfile=fullchain.pem
qtcertdom=`openssl x509 -noout -subject -in
/var/qmail/control/servercert.pem|sed 's/subject= \/CN=//'`
for certdom in `ls $certdir`
do
[[ "$certdom" = "README" ]] && continue
exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile | grep
notAfter | sed 's/notAfter=//'`
off=`date --date="$exp" --utc +%s`
diff=$(( (off - today)/86400 ))
echo "Certificate Domain: $certdom, Days to expire: $diff"
echo ""
if [ $diff -le $days ]
then
certbot renew --cert-name $certdom
systemctl reload httpd
[ "$certdom" = "$qtcertdom" ] && mailcert $qtcertdom
fi
done
exit 0
On 4/27/2022 2:59 PM, Remo Mattei wrote:
Thank you!
On Apr 27, 2022, at 13:43, Eric Broch wrote:
This is the correct procedure for creating file updcerts.sh :
cat <<'EOL'>> updcerts.sh
#!/bin/bash
mailcert () {
cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
/etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem > ./servercert.pem
cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.bak
cp ./servercert.pem /var/qmail/control/servercert.pem
systemctl reload dovecot
qmailctl stop && sleep 2 && qmailctl start
}
LOG=/var/log/certs.log
days=3
today=`date`
today=`date --date="$today" --utc +%s`
certdir=/etc/letsencrypt/live
certfile=fullchain.pem
for certdom in `ls $certdir`
do
exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile | grep
notAfter | sed 's/notAfter=//'`
off=`date --date="$exp" --utc +%s`
diff=$(( (off - today)/86400 ))
echo "Certificate Domain: $certdom, Days to expire: $diff"
echo ""
if [ $diff -le $days ]
then
certbot renew --cert-name $certdom
systemctl reload httpd
[ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
fi
done
exit 0
EOL
On 4/27/2022 2:18 PM, Eric Broch wrote:
I run updcert.sh every night (set 'days=X', which is the number of days before
expiration at which time the certificate will be updated):
cat updcert.sh < ./servercert.pem
cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.bak
cp ./servercert.pem /var/qmail/control/servercert.pem
systemctl reload dovecot
qmailctl stop && sleep 2 && qmailctl start
}
LOG=/var/log/certs.log
days=3
today=`date`
today=`date --date="$today" --utc +%s`
certdir=/etc/letsencrypt/live
certfile=fullchain.pem
for certdom in `ls $certdir`
do
exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile | grep
notAfter | sed 's/notAfter=//'`
off=`date --date="$exp" --utc +%s`
diff=$(( (off - today)/86400 ))
echo "Certificate Domain: $certdom, Days to expire: $diff"
echo ""
if [ $diff -le $days ]
then
certbot renew --cert-name $certdom
systemctl reload httpd
[ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
fi
done
exit 0
EOL
On 4/27/2022 1:07 PM, Remo Mattei wrote:
Hi David, can you share your config maybe I ping you offlinee.
Remo
On Apr 26, 2022, at 23:55, David Bray wrote:
I'm using Letsencrypt and it renews every - well not sure, is it 10/11 weeks -
the certs are valid for 3 months
It never has an issue with iOS
Cheers
David Bray
e. da...@brayworth.com
April 27, 2022 1:47 AM, "Remo Mattei" wrote:
Hello guys,
I got a few of my customers that every year after the upgrade of the SSL cert
do have issues and
shows cert expired or not valid. I did not have the issue on my iOS, but I just
wonder if anyone
has seen that and how they planned to overcome to this issue.
Thanks,
Remo
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] iPhone updates / new ssl breaks connection
Thank you!
> On Apr 27, 2022, at 13:43, Eric Broch wrote:
>
> This is the correct procedure for creating file updcerts.sh :
>
> cat <<'EOL'>> updcerts.sh
> #!/bin/bash
>
> mailcert () {
> cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
> /etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem > ./servercert.pem
> cp -p /var/qmail/control/servercert.pem
> /var/qmail/control/servercert.pem.bak
> cp ./servercert.pem /var/qmail/control/servercert.pem
> systemctl reload dovecot
> qmailctl stop && sleep 2 && qmailctl start
> }
>
> LOG=/var/log/certs.log
> days=3
> today=`date`
> today=`date --date="$today" --utc +%s`
> certdir=/etc/letsencrypt/live
> certfile=fullchain.pem
>
> for certdom in `ls $certdir`
> do
>exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile | grep
> notAfter | sed 's/notAfter=//'`
>off=`date --date="$exp" --utc +%s`
>diff=$(( (off - today)/86400 ))
>echo "Certificate Domain: $certdom, Days to expire: $diff"
>echo ""
>if [ $diff -le $days ]
>then
> certbot renew --cert-name $certdom
> systemctl reload httpd
> [ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
>fi
> done
> exit 0
> EOL
>
> On 4/27/2022 2:18 PM, Eric Broch wrote:
>> I run updcert.sh every night (set 'days=X', which is the number of days
>> before expiration at which time the certificate will be updated):
>>
>> cat updcert.sh <>
>> #!/bin/bash
>>
>> mailcert () {
>>cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
>> /etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem > ./servercert.pem
>>cp -p /var/qmail/control/servercert.pem
>> /var/qmail/control/servercert.pem.bak
>>cp ./servercert.pem /var/qmail/control/servercert.pem
>>systemctl reload dovecot
>>qmailctl stop && sleep 2 && qmailctl start
>> }
>>
>> LOG=/var/log/certs.log
>> days=3
>>
>> today=`date`
>> today=`date --date="$today" --utc +%s`
>> certdir=/etc/letsencrypt/live
>> certfile=fullchain.pem
>>
>> for certdom in `ls $certdir`
>> do
>>exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile | grep
>> notAfter | sed 's/notAfter=//'`
>>off=`date --date="$exp" --utc +%s`
>>diff=$(( (off - today)/86400 ))
>>echo "Certificate Domain: $certdom, Days to expire: $diff"
>>echo ""
>>if [ $diff -le $days ]
>>then
>> certbot renew --cert-name $certdom
>> systemctl reload httpd
>> [ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
>>fi
>> done
>>
>> exit 0
>>
>> EOL
>>
>> On 4/27/2022 1:07 PM, Remo Mattei wrote:
>>> Hi David, can you share your config maybe I ping you offlinee.
>>>
>>> Remo
>>>
On Apr 26, 2022, at 23:55, David Bray wrote:
I'm using Letsencrypt and it renews every - well not sure, is it 10/11
weeks - the certs are valid for 3 months
It never has an issue with iOS
Cheers
David Bray
e. da...@brayworth.com
April 27, 2022 1:47 AM, "Remo Mattei" wrote:
> Hello guys,
> I got a few of my customers that every year after the upgrade of the SSL
> cert do have issues and
> shows cert expired or not valid. I did not have the issue on my iOS, but
> I just wonder if anyone
> has seen that and how they planned to overcome to this issue.
>
> Thanks,
> Remo
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>>
>>> -
>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>>
>>
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] iPhone updates / new ssl breaks connection
This is the correct procedure for creating file updcerts.sh :
cat <<'EOL'>> updcerts.sh
#!/bin/bash
mailcert () {
cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
/etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem > ./servercert.pem
cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.bak
cp ./servercert.pem /var/qmail/control/servercert.pem
systemctl reload dovecot
qmailctl stop && sleep 2 && qmailctl start
}
LOG=/var/log/certs.log
days=3
today=`date`
today=`date --date="$today" --utc +%s`
certdir=/etc/letsencrypt/live
certfile=fullchain.pem
for certdom in `ls $certdir`
do
exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile | grep
notAfter | sed 's/notAfter=//'`
off=`date --date="$exp" --utc +%s`
diff=$(( (off - today)/86400 ))
echo "Certificate Domain: $certdom, Days to expire: $diff"
echo ""
if [ $diff -le $days ]
then
certbot renew --cert-name $certdom
systemctl reload httpd
[ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
fi
done
exit 0
EOL
On 4/27/2022 2:18 PM, Eric Broch wrote:
I run updcert.sh every night (set 'days=X', which is the number of
days before expiration at which time the certificate will be updated):
cat updcert.sh < cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
/etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem >
./servercert.pem
cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.bak
cp ./servercert.pem /var/qmail/control/servercert.pem
systemctl reload dovecot
qmailctl stop && sleep 2 && qmailctl start
}
LOG=/var/log/certs.log
days=3
today=`date`
today=`date --date="$today" --utc +%s`
certdir=/etc/letsencrypt/live
certfile=fullchain.pem
for certdom in `ls $certdir`
do
exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile |
grep notAfter | sed 's/notAfter=//'`
off=`date --date="$exp" --utc +%s`
diff=$(( (off - today)/86400 ))
echo "Certificate Domain: $certdom, Days to expire: $diff"
echo ""
if [ $diff -le $days ]
then
certbot renew --cert-name $certdom
systemctl reload httpd
[ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
fi
done
exit 0
EOL
On 4/27/2022 1:07 PM, Remo Mattei wrote:
Hi David, can you share your config maybe I ping you offlinee.
Remo
On Apr 26, 2022, at 23:55, David Bray wrote:
I'm using Letsencrypt and it renews every - well not sure, is it
10/11 weeks - the certs are valid for 3 months
It never has an issue with iOS
Cheers
David Bray
e. da...@brayworth.com
April 27, 2022 1:47 AM, "Remo Mattei" wrote:
Hello guys,
I got a few of my customers that every year after the upgrade of
the SSL cert do have issues and
shows cert expired or not valid. I did not have the issue on my
iOS, but I just wonder if anyone
has seen that and how they planned to overcome to this issue.
Thanks,
Remo
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] iPhone updates / new ssl breaks connection
I run updcert.sh every night (set 'days=X', which is the number of days before expiration at which time the certificate will be updated): cat updcert.sh < cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem /etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem > ./servercert.pem cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.bak cp ./servercert.pem /var/qmail/control/servercert.pem systemctl reload dovecot qmailctl stop && sleep 2 && qmailctl start } LOG=/var/log/certs.log days=3 today=`date` today=`date --date="$today" --utc +%s` certdir=/etc/letsencrypt/live certfile=fullchain.pem for certdom in `ls $certdir` do exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile | grep notAfter | sed 's/notAfter=//'` off=`date --date="$exp" --utc +%s` diff=$(( (off - today)/86400 )) echo "Certificate Domain: $certdom, Days to expire: $diff" echo "" if [ $diff -le $days ] then certbot renew --cert-name $certdom systemctl reload httpd [ "$certdom" = "mail.whitehorsetc.com" ] && mailcert fi done exit 0 EOL On 4/27/2022 1:07 PM, Remo Mattei wrote: Hi David, can you share your config maybe I ping you offlinee. Remo On Apr 26, 2022, at 23:55, David Bray wrote: I'm using Letsencrypt and it renews every - well not sure, is it 10/11 weeks - the certs are valid for 3 months It never has an issue with iOS Cheers David Bray e. da...@brayworth.com April 27, 2022 1:47 AM, "Remo Mattei" wrote: Hello guys, I got a few of my customers that every year after the upgrade of the SSL cert do have issues and shows cert expired or not valid. I did not have the issue on my iOS, but I just wonder if anyone has seen that and how they planned to overcome to this issue. Thanks, Remo - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] iPhone updates / new ssl breaks connection
Remo, Here's mine... I run the/usr/bin/certbot renewcommand nightly. Then about an hour after that, I run this [change the secure.carlc.com to what ever URL your Letsencrypt cert is under]: #!/bin/bash # # Script to copy lets encrypt files to the right area and restart the needed services. # # Initial concept by RCC 06/08.2018 # # Test if the letsencrypt live cert.pem file was changed in the last 24 hours... # if test `find "/etc/letsencrypt/live/secure.carlc.com/cert.pem" -mmin +1440` then echo "Cert file is older than 1440 test minutes (24 hours)... STOP!" exit fi echo "Get to work, New cert file is younger than 1440 minutes (24 hours)..." # # # Dovecot just needs a restart as they are using the /etc/letsencrypt/live files already # /usr/sbin/service dovecot restart # # Qmail SMTP-SSL # # Create a new /var/qmail/control/servercert.pem-NEW # # NOTE: order is critical, start with private key, then URL cert, then any intermediate files. # cat /etc/letsencrypt/live/secure.carlc.com/privkey.pem > /var/qmail/control/servercert.pem-NEW cat /etc/letsencrypt/live/secure.carlc.com/cert.pem >> /var/qmail/control/servercert.pem-NEW cat /etc/letsencrypt/live/secure.carlc.com/chain.pem >> /var/qmail/control/servercert.pem-NEW # # Swap out files, move current to OLD then NEW to current # mv /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem-OLD mv /var/qmail/control/servercert.pem-NEW /var/qmail/control/servercert.pem chmod 644 /var/qmail/control/servercert.pem chown root.vchkpw /var/qmail/control/servercert.pem # # Need to restart QMAIL # /etc/rc.d/init.d/qmail restart # # Webmin (thank you QMAIL, we can use the new PEM file as it's the same format) # /usr/sbin/service webmin stop cat /var/qmail/control/servercert.pem > /etc/webmin/miniserv.pem /usr/sbin/service webmin start # # # -Original Message- From: Remo Mattei [mailto:r...@mattei.org] Sent: Wednesday, April 27, 2022 03:07 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] iPhone updates / new ssl breaks connection Hi David, can you share your config maybe I ping you offline. Remo > On Apr 26, 2022, at 23:55, David Bray wrote: > > I'm using Letsencrypt and it renews every - well not sure, is it 10/11 weeks - the certs are valid for 3 months > > It never has an issue with iOS > > Cheers > > David Bray > e. da...@brayworth.com > > April 27, 2022 1:47 AM, "Remo Mattei" wrote: > >> Hello guys, >> I got a few of my customers that every year after the upgrade of the SSL cert do have issues and >> shows cert expired or not valid. I did not have the issue on my iOS, but I just wonder if anyone >> has seen that and how they planned to overcome to this issue. >> >> Thanks, >> Remo >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] iPhone updates / new ssl breaks connection
Hi David, can you share your config maybe I ping you offline. Remo > On Apr 26, 2022, at 23:55, David Bray wrote: > > I'm using Letsencrypt and it renews every - well not sure, is it 10/11 weeks > - the certs are valid for 3 months > > It never has an issue with iOS > > Cheers > > David Bray > e. da...@brayworth.com > > April 27, 2022 1:47 AM, "Remo Mattei" wrote: > >> Hello guys, >> I got a few of my customers that every year after the upgrade of the SSL >> cert do have issues and >> shows cert expired or not valid. I did not have the issue on my iOS, but I >> just wonder if anyone >> has seen that and how they planned to overcome to this issue. >> >> Thanks, >> Remo >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] iPhone updates / new ssl breaks connection
I'm using Letsencrypt and it renews every - well not sure, is it 10/11 weeks - the certs are valid for 3 months It never has an issue with iOS Cheers David Bray e. da...@brayworth.com April 27, 2022 1:47 AM, "Remo Mattei" wrote: > Hello guys, > I got a few of my customers that every year after the upgrade of the SSL cert > do have issues and > shows cert expired or not valid. I did not have the issue on my iOS, but I > just wonder if anyone > has seen that and how they planned to overcome to this issue. > > Thanks, > Remo > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
