Re: [qmailtoaster] letsencrypt certificate issue

2020-04-29 Thread Andrew Swartz 

I meant "spamdyke" rather than "spamassassin".

-Andy


On 4/29/2020 7:10 AM, Andrew Swartz wrote:
Letsencrypt certificates are fine for email servers, I've been using 
them for several years.


I initially had this same problem.

Spamassassin/qmail starts a new instance with each new SMTP connection, 
so when a new cert is saved it starts getting used on the next SMTP 
connection.


However, dovecot is a long running daemon and therefore does not work 
like that.  The script which renews the letsencrypt cert must afterwards 
restart dovecot so that the daemon will load the new cert.  That is why 
your email clients are complaining.


You can confirm this by using openssl s_client to connect to SMTP and 
then to pop/imap, and you will likely see that spamassassin/qmail is 
using your new certificate while dovecot is using the old.


-Andy



On 4/29/2020 1:59 AM, Peter Peterse wrote:

Hi,

Are the dovecot and qmail services restarted?

Regarts,
Peter

Solo  schreef op 29 april 2020 11:42:10 CEST:


    Hi.

    I think Letsencrypt are for websites/servers and not for the specifik
    email which require another type of certificate than Letsencrypt 
issues

    - usually that is set up when qmail is installed (openssl) and placed
    /var/qmail/

    /Finn vB

    Den 29-04-2020 kl. 10:52 skrev ChandranManikandan:

    Hi Remo,

    FYI
    ssl_cert = http://panasiagroup.net/fullchain.pem>
    ssl_key = http://panasiagroup.net/privkey.pem>
    # the following will likely be the default at some point
    ssl_dh_parameters_length = 2048


    On Wed, Apr 29, 2020 at 11:48 AM Remo Mattei mailto:r...@mattei.org>> wrote:

    You need to check the /etc/dovecot/toaster.conf file that’s where
    the cert for outlook and thunder lives.

    Remo

    On Apr 28, 2020, at 20:38, ChandranManikandan 

    > wrote:

    Hi Friends,

    certbot renew command showing below message
    Saving debug log to /var/log/letsencrypt/letsencrypt.log

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - -
    - - - - - - -
    Processing /etc/letsencrypt/renewal/xxx.com.conf
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - -
    - - - - - - -
    Cert not yet due for renewal

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - -
    - - - - - - -

    The following certs are not due for renewal yet:
   /etc/letsencrypt/live/xxx.com/fullchain.pem
     expires on 2020-06-27 
(skipped)

    No renewals were attempted.
    - - - - - - - - - - - - - - -

    But outlook, thunderbird showing the certificate issue and
    certificate expire date is showing 28-Apr-2020 in 
thunderbird,
    I have checked in website in the same certificate expiry 
date is

    showing 27-06-2020.

    Do i anything done mistake.
    How do i check and fix the above issue.
    Could anyone help me.
    Appreciate your help.

    Note: Centos 7 with qmailtoaster
    --     */Regards,
    Manikandan.C
    /*




    --     */Regards,
    Manikandan.C
    /*



    To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com



--
Verstuurd vanaf mijn Android apparaat met K-9 Mail. Excuseer mijn 
beknoptheid.


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] letsencrypt certificate issue

2020-04-29 Thread Andrew Swartz 
Letsencrypt certificates are fine for email servers, I've been using 
them for several years.


I initially had this same problem.

Spamassassin/qmail starts a new instance with each new SMTP connection, 
so when a new cert is saved it starts getting used on the next SMTP 
connection.


However, dovecot is a long running daemon and therefore does not work 
like that.  The script which renews the letsencrypt cert must afterwards 
restart dovecot so that the daemon will load the new cert.  That is why 
your email clients are complaining.


You can confirm this by using openssl s_client to connect to SMTP and 
then to pop/imap, and you will likely see that spamassassin/qmail is 
using your new certificate while dovecot is using the old.


-Andy



On 4/29/2020 1:59 AM, Peter Peterse wrote:

Hi,

Are the dovecot and qmail services restarted?

Regarts,
Peter

Solo  schreef op 29 april 2020 11:42:10 CEST:


Hi.

I think Letsencrypt are for websites/servers and not for the specifik
email which require another type of certificate than Letsencrypt issues
- usually that is set up when qmail is installed (openssl) and placed
/var/qmail/

/Finn vB

Den 29-04-2020 kl. 10:52 skrev ChandranManikandan:

Hi Remo,

FYI
ssl_cert = http://panasiagroup.net/fullchain.pem>
ssl_key = http://panasiagroup.net/privkey.pem>
# the following will likely be the default at some point
ssl_dh_parameters_length = 2048


On Wed, Apr 29, 2020 at 11:48 AM Remo Mattei mailto:r...@mattei.org>> wrote:

You need to check the /etc/dovecot/toaster.conf file that’s where
the cert for outlook and thunder lives.

Remo

On Apr 28, 2020, at 20:38, ChandranManikandan mailto:kand...@gmail.com>> wrote:

Hi Friends,

certbot renew command showing below message
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
- - - - - - -
Processing /etc/letsencrypt/renewal/xxx.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
- - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
- - - - - - -

The following certs are not due for renewal yet:
   /etc/letsencrypt/live/xxx.com/fullchain.pem
 expires on 2020-06-27 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - -

But outlook, thunderbird showing the certificate issue and
certificate expire date is showing 28-Apr-2020 in thunderbird,
I have checked in website in the same certificate expiry date is
showing 27-06-2020.

Do i anything done mistake.
How do i check and fix the above issue.
Could anyone help me.
Appreciate your help.

Note: Centos 7 with qmailtoaster
-- 
*/Regards,

Manikandan.C
/*




-- 
*/Regards,

Manikandan.C
/*


To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


--
Verstuurd vanaf mijn Android apparaat met K-9 Mail. Excuseer mijn 
beknoptheid.


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] letsencrypt certificate issue

2020-04-29 Thread Gary Bowling 

  
  


You need to create the right cert for the toaster from the
  renewed cert from letsencrypt. 



Something like this:


  cat
/etc/letsencrypt/live/mail.yourdomain.com/{cert,chain,fullchain,privkey}.pem
  > /var/qmail/control/servercert.pem
  
  chown vpopmail:qmail /var/qmail/control/servercert.pem
  chmod 640 /var/qmail/control/servercert.pem







On 4/29/2020 7:01 AM, David Bray wrote:


  
  I make up a composite certificate and
include lets-encrypt-x3-cross-signed.pem.txt


https://letsencrypt.org/certificates/
  
  
  I'm not sure if I still need to, but I must have at some
stage
  

  

  David Bray
  0418 745334
2 ∞ & <

  


  

  
  
  
On Wed, 29 Apr 2020 at 19:38,
  ChandranManikandan  wrote:


  Hi Friends,


It was working well before after getting the renewal
  date only the issue is happened.
Anyone having the same issue?
Appreciate your help.
  
  
  
On Wed, Apr 29, 2020 at
  4:52 PM ChandranManikandan  wrote:


  Hi Remo,


FYI
ssl_cert = panasiagroup.net/fullchain.pem
  ssl_key = panasiagroup.net/privkey.pem
  # the following will likely be the default at some
  point
  ssl_dh_parameters_length = 2048



  
  
  
On Wed, Apr 29, 2020
  at 11:48 AM Remo Mattei 
  wrote:


  You need to check the /etc/dovecot/toaster.conf
file that’s where the cert for outlook and thunder
lives. 


Remo 
  

  On Apr 28, 2020, at 20:38,
ChandranManikandan 
wrote:
  
  
Hi Friends,
  
  
  certbot renew command showing below
message
  Saving debug log to
/var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - -
Processing
/etc/letsencrypt/renewal/xxx.com.conf
- - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - -

The following certs are not due for
renewal yet:
  /etc/letsencrypt/live/xxx.com/fullchain.pem
expires on 2020-06-27 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - 
  
  


But outlook, thunderbird showing
  the certificate issue and certificate
  expire date is showing 28-Apr-2020 in
  thunderbird,
I have checked in website in the
  same certificate expiry date is
  showing 27-06-2020.


Do i anything done mistake.
How do i check and fix the above
  issue.
Could anyone help me.
Appreciate your help.

Re: [qmailtoaster] letsencrypt certificate issue

2020-04-29 Thread David Bray 
I make up a composite certificate and
include lets-encrypt-x3-cross-signed.pem.txt

https://letsencrypt.org/certificates/

I'm not sure if I still need to, but I must have at some stage

David Bray
0418 745334
2 ∞ & <


On Wed, 29 Apr 2020 at 19:38, ChandranManikandan  wrote:

> Hi Friends,
>
> It was working well before after getting the renewal date only the issue
> is happened.
> Anyone having the same issue?
> Appreciate your help.
>
> On Wed, Apr 29, 2020 at 4:52 PM ChandranManikandan 
> wrote:
>
>> Hi Remo,
>>
>> FYI
>> ssl_cert = > ssl_key = > # the following will likely be the default at some point
>> ssl_dh_parameters_length = 2048
>>
>>
>> On Wed, Apr 29, 2020 at 11:48 AM Remo Mattei  wrote:
>>
>>> You need to check the /etc/dovecot/toaster.conf file that’s where the
>>> cert for outlook and thunder lives.
>>>
>>> Remo
>>>
>>> On Apr 28, 2020, at 20:38, ChandranManikandan  wrote:
>>>
>>> Hi Friends,
>>>
>>> certbot renew command showing below message
>>> Saving debug log to /var/log/letsencrypt/letsencrypt.log
>>>
>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - - - -
>>> Processing /etc/letsencrypt/renewal/xxx.com.conf
>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - - - -
>>> Cert not yet due for renewal
>>>
>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> - - - -
>>>
>>> The following certs are not due for renewal yet:
>>>   /etc/letsencrypt/live/xxx.com/fullchain.pem expires on 2020-06-27
>>> (skipped)
>>> No renewals were attempted.
>>> - - - - - - - - - - - - - - -
>>>
>>> But outlook, thunderbird showing the certificate issue and certificate
>>> expire date is showing 28-Apr-2020 in thunderbird,
>>> I have checked in website in the same certificate expiry date is showing
>>> 27-06-2020.
>>>
>>> Do i anything done mistake.
>>> How do i check and fix the above issue.
>>> Could anyone help me.
>>> Appreciate your help.
>>>
>>> Note: Centos 7 with qmailtoaster
>>> --
>>>
>>>
>>> *Regards,Manikandan.C*
>>>
>>>
>>>
>>
>> --
>>
>>
>> *Regards,Manikandan.C*
>>
>
>
> --
>
>
> *Regards,Manikandan.C*
>

Re: [qmailtoaster] letsencrypt certificate issue

2020-04-29 Thread Peter Peterse 
Hi,

Are the dovecot and qmail services restarted?

Regarts,
Peter

Solo  schreef op 29 april 2020 11:42:10 CEST:
>
>Hi.
>
>I think Letsencrypt are for websites/servers and not for the specifik 
>email which require another type of certificate than Letsencrypt issues
>
>- usually that is set up when qmail is installed (openssl) and placed 
>/var/qmail/
>
>/Finn vB
>
>Den 29-04-2020 kl. 10:52 skrev ChandranManikandan:
>> Hi Remo,
>> 
>> FYI
>> ssl_cert = > 
>> ssl_key = > 
>> # the following will likely be the default at some point
>> ssl_dh_parameters_length = 2048
>> 
>> 
>> On Wed, Apr 29, 2020 at 11:48 AM Remo Mattei > > wrote:
>> 
>> You need to check the /etc/dovecot/toaster.conf file that’s where
>> the cert for outlook and thunder lives.
>> 
>> Remo
>> 
>>> On Apr 28, 2020, at 20:38, ChandranManikandan >> > wrote:
>>>
>>> Hi Friends,
>>>
>>> certbot renew command showing below message
>>> Saving debug log to /var/log/letsencrypt/letsencrypt.log
>>>
>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>-
>>> - - - - - - -
>>> Processing /etc/letsencrypt/renewal/xxx.com.conf
>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>-
>>> - - - - - - -
>>> Cert not yet due for renewal
>>>
>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>-
>>> - - - - - - -
>>>
>>> The following certs are not due for renewal yet:
>>>   /etc/letsencrypt/live/xxx.com/fullchain.pem
>>>  expires on 2020-06-27 (skipped)
>>> No renewals were attempted.
>>> - - - - - - - - - - - - - - -
>>>
>>> But outlook, thunderbird showing the certificate issue and
>>> certificate expire date is showing 28-Apr-2020 in thunderbird,
>>> I have checked in website in the same certificate expiry date is
>>> showing 27-06-2020.
>>>
>>> Do i anything done mistake.
>>> How do i check and fix the above issue.
>>> Could anyone help me.
>>> Appreciate your help.
>>>
>>> Note: Centos 7 with qmailtoaster
>>> -- 
>>> */Regards,
>>> Manikandan.C
>>> /*
>> 
>> 
>> 
>> -- 
>> */Regards,
>> Manikandan.C
>> /*
>
>-
>To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>For additional commands, e-mail:
>qmailtoaster-list-h...@qmailtoaster.com

-- 
Verstuurd vanaf mijn Android apparaat met K-9 Mail. Excuseer mijn beknoptheid.

Re: [qmailtoaster] letsencrypt certificate issue

2020-04-29 Thread Solo 



Hi.

I think Letsencrypt are for websites/servers and not for the specifik 
email which require another type of certificate than Letsencrypt issues 
- usually that is set up when qmail is installed (openssl) and placed 
/var/qmail/


/Finn vB

Den 29-04-2020 kl. 10:52 skrev ChandranManikandan:

Hi Remo,

FYI
ssl_cert = 
ssl_key = 

# the following will likely be the default at some point
ssl_dh_parameters_length = 2048


On Wed, Apr 29, 2020 at 11:48 AM Remo Mattei > wrote:


You need to check the /etc/dovecot/toaster.conf file that’s where
the cert for outlook and thunder lives.

Remo


On Apr 28, 2020, at 20:38, ChandranManikandan mailto:kand...@gmail.com>> wrote:

Hi Friends,

certbot renew command showing below message
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - -
Processing /etc/letsencrypt/renewal/xxx.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/xxx.com/fullchain.pem
 expires on 2020-06-27 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - -

But outlook, thunderbird showing the certificate issue and
certificate expire date is showing 28-Apr-2020 in thunderbird,
I have checked in website in the same certificate expiry date is
showing 27-06-2020.

Do i anything done mistake.
How do i check and fix the above issue.
Could anyone help me.
Appreciate your help.

Note: Centos 7 with qmailtoaster
-- 
*/Regards,

Manikandan.C
/*




--
*/Regards,
Manikandan.C
/*


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] letsencrypt certificate issue

2020-04-29 Thread ChandranManikandan 
Hi Friends,

It was working well before after getting the renewal date only the issue is
happened.
Anyone having the same issue?
Appreciate your help.

On Wed, Apr 29, 2020 at 4:52 PM ChandranManikandan 
wrote:

> Hi Remo,
>
> FYI
> ssl_cert =  ssl_key =  # the following will likely be the default at some point
> ssl_dh_parameters_length = 2048
>
>
> On Wed, Apr 29, 2020 at 11:48 AM Remo Mattei  wrote:
>
>> You need to check the /etc/dovecot/toaster.conf file that’s where the
>> cert for outlook and thunder lives.
>>
>> Remo
>>
>> On Apr 28, 2020, at 20:38, ChandranManikandan  wrote:
>>
>> Hi Friends,
>>
>> certbot renew command showing below message
>> Saving debug log to /var/log/letsencrypt/letsencrypt.log
>>
>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> - - -
>> Processing /etc/letsencrypt/renewal/xxx.com.conf
>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> - - -
>> Cert not yet due for renewal
>>
>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> - - -
>>
>> The following certs are not due for renewal yet:
>>   /etc/letsencrypt/live/xxx.com/fullchain.pem expires on 2020-06-27
>> (skipped)
>> No renewals were attempted.
>> - - - - - - - - - - - - - - -
>>
>> But outlook, thunderbird showing the certificate issue and certificate
>> expire date is showing 28-Apr-2020 in thunderbird,
>> I have checked in website in the same certificate expiry date is showing
>> 27-06-2020.
>>
>> Do i anything done mistake.
>> How do i check and fix the above issue.
>> Could anyone help me.
>> Appreciate your help.
>>
>> Note: Centos 7 with qmailtoaster
>> --
>>
>>
>> *Regards,Manikandan.C*
>>
>>
>>
>
> --
>
>
> *Regards,Manikandan.C*
>


-- 


*Regards,Manikandan.C*

Re: [qmailtoaster] letsencrypt certificate issue

2020-04-29 Thread ChandranManikandan 
Hi Remo,

FYI
ssl_cert =  wrote:

> You need to check the /etc/dovecot/toaster.conf file that’s where the cert
> for outlook and thunder lives.
>
> Remo
>
> On Apr 28, 2020, at 20:38, ChandranManikandan  wrote:
>
> Hi Friends,
>
> certbot renew command showing below message
> Saving debug log to /var/log/letsencrypt/letsencrypt.log
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - -
> Processing /etc/letsencrypt/renewal/xxx.com.conf
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - -
> Cert not yet due for renewal
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - -
>
> The following certs are not due for renewal yet:
>   /etc/letsencrypt/live/xxx.com/fullchain.pem expires on 2020-06-27
> (skipped)
> No renewals were attempted.
> - - - - - - - - - - - - - - -
>
> But outlook, thunderbird showing the certificate issue and certificate
> expire date is showing 28-Apr-2020 in thunderbird,
> I have checked in website in the same certificate expiry date is showing
> 27-06-2020.
>
> Do i anything done mistake.
> How do i check and fix the above issue.
> Could anyone help me.
> Appreciate your help.
>
> Note: Centos 7 with qmailtoaster
> --
>
>
> *Regards,Manikandan.C*
>
>
>

-- 


*Regards,Manikandan.C*

Re: [qmailtoaster] letsencrypt certificate issue

2020-04-28 Thread Remo Mattei 
You need to check the /etc/dovecot/toaster.conf file that’s where the cert for 
outlook and thunder lives. 

Remo 

> On Apr 28, 2020, at 20:38, ChandranManikandan  wrote:
> 
> Hi Friends,
> 
> certbot renew command showing below message
> Saving debug log to /var/log/letsencrypt/letsencrypt.log
> 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
> -
> Processing /etc/letsencrypt/renewal/xxx.com.conf
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
> -
> Cert not yet due for renewal
> 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
> -
> 
> The following certs are not due for renewal yet:
>   /etc/letsencrypt/live/xxx.com/fullchain.pem  
> expires on 2020-06-27 (skipped)
> No renewals were attempted.
> - - - - - - - - - - - - - - - 
> 
> But outlook, thunderbird showing the certificate issue and certificate expire 
> date is showing 28-Apr-2020 in thunderbird,
> I have checked in website in the same certificate expiry date is showing 
> 27-06-2020.
> 
> Do i anything done mistake.
> How do i check and fix the above issue.
> Could anyone help me.
> Appreciate your help.
> 
> Note: Centos 7 with qmailtoaster
> -- 
> Regards,
> Manikandan.C

[qmailtoaster] letsencrypt certificate issue

2020-04-28 Thread ChandranManikandan 
Hi Friends,

certbot renew command showing below message
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
Processing /etc/letsencrypt/renewal/xxx.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/xxx.com/fullchain.pem expires on 2020-06-27
(skipped)
No renewals were attempted.
- - - - - - - - - - - - - - -

But outlook, thunderbird showing the certificate issue and certificate
expire date is showing 28-Apr-2020 in thunderbird,
I have checked in website in the same certificate expiry date is showing
27-06-2020.

Do i anything done mistake.
How do i check and fix the above issue.
Could anyone help me.
Appreciate your help.

Note: Centos 7 with qmailtoaster
-- 


*Regards,Manikandan.C*