Certificate management, Let's Encrypt, symlinks


When I set up my MiaB on a Ubuntu 18.04 (brand new, out of box, etc etc), system, most things worked fine, however, the Let’s Encrypt certificate provisioning did not happen - the Admin panel for the certificates did not have the Provision option at all, although, weirdly, it did appear about a day later.

DNS was right for the system in question, so I don’t know what internal checks MiaB is doing to determine whether or not to show the Provision button.

Regardless, I manually ran certbot/letsencrypt from the CLI and that correctly installed the fullchain.pem and privkey.pem to /etc/letsencrypt/live/myhostname.domain.tld/. I was able to configure dovecot, postfix and nginx to point to that location.

However, something seems to be running (not out of cron, weirdly) at 0322 in the morning, which is doing something with certificate management and insists upon the /home/user-data/ssl/ssl_certificate.pem location for the certificate, and for some reason is removing the symlink I put there to Lets Encrypt, and creating a symlink to itself, which, well, breaks everything.

Happy to solve this the “right” way for MiaB, but, can’t quite tell what that is. Do I just need to re-do the “Provision” process and hope it works right this time?

Actually, that did NOT issue the cert to the ‘correct’ location as you have suggested.

This would be the first thing that I’d try.

What is happening is that daily maintenance is reverting the system to what it is expecting and your issuing certs outside of MiaB breaks that. It is going to be much easier to let MiaB use the cert locations that it expects rather then the ‘usual’ location that LE uses by default.

Thanks. Obviously, the certificates WERE installed to the correct location relative to the manual invocation of Let’s Encrypt, which is what I described having done.

That is NOT the location that MiaB wants the certificates to be located in, sadly.

Clearly there’s some sort of a bug/glitch in that the LE certificates did not provision on setup, and the Provision button was not available, but, once it was, I did use it and things are slightly improved with respect to the 0300 automation (roughly) that takes place. The private certificate is incorrectly symlinked still to LE, but, I’ll worry about that in 85 and a bit days.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.