Got a problem with a cert not working/renewing properly

ilco3 · February 18, 2022, 4:00pm

i noticed that the lets encrypt cert for my main domein has not auto-renewd without problem
and got this error on the the admin page
Certificate has a problem: The certificate has expired or is not yet valid. It is valid from 2021-07-29 00:59:52 to 2021-10-27 00:59:50.

i want to remove/force renew the cert so i can isue a new one
so that i can reach my mail and nextcloud again

has anyone an idea on how to solve this

sincerly a fan of the mail-in-a-box project

openletter · February 18, 2022, 4:01pm

What version of MiaB are you running? Have you maintained system updates?

ilco3 · February 18, 2022, 4:07pm

ive updated to the newest version today -
the problem was there before ive updated to the newest version
(i didnt take note the prev version )

openletter · February 18, 2022, 4:08pm

Does the Status checks page in the dashboard report any errors?

ilco3 · February 18, 2022, 4:11pm

none exept for the one i mentioned about the cert

ilco3 · February 18, 2022, 4:20pm

The TLS (SSL) certificate has a problem: The certificate has expired or is not yet valid. It is valid from 2021-07-29 00:59:52 to 2021-10-27 00:59:50.

ilco3 · February 18, 2022, 4:27pm

if i open mail.mydomein in chrome /or/firefox
the error i get is
NET::ERR_CERT_DATE_INVALID

pbjwalker · February 18, 2022, 11:43pm

I had a similar problem and wanted to share what I did to fix it.

My issue:
My certificates expired today and did not automatically renew. When I tried to provision new ones automatically through the admin panel, nothing seemed to happen. I looked at the feedback a little closer on the screen where I tried to do the provision and noticed something suggesting there was more than one account, and it gave the location of the Let’s Encrypt log:

/var/log/letsencrypt/letsencrypt.log

It’s a pretty long log to look through in the terminal, so I downloaded it and viewed it through a text editor. Sure enough, the last entry was:

certbot.errors.MissingCommandlineFlag: Missing command line flag or config entry for this setting:
Please choose an account
Choices: [‘box.example.com@2022-01-22T02:52:20Z (b19f)’, ‘box.example.com@2020-03-19T15:30:23Z (1534)’]

More digging through the log and it led me to the accounts location:
/home/user-data/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/directory

Again, sure enough there were two entries. The first 4 characters of the each entry corresponded to the 4 characters in parenthesis at the end of the accounts listed in the log (b19f) and (1534).

My Fix:

download a copy of the directory to my local computer
/home/user-data/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/directory
make a new snapshot on my VPS for a quick restore (just in case)
remove the older account
rm -rf /home/user-data/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/directory/1534…
reboot the server
running the command: “sudo mailinabox”
login as administrator as directed at the end of the mailinabox script:
https://xxx.xxx.xxx.xxx/admin
Hit the “Provision” button in the TLS(SSL) Certificates panel
I ran the provision once, and it provisioned all but box.example.com
I ran the provision a second time, all successfully provisioned

Result:
All my certificates are now good for 89 days, except two:
mta-sts.box.example.com (59 days)
mta-sts.example.com (59 days)
The only thing still red in the system status is this:
MTA-STS policy is missing: STSFetchResult.NONE

So for me, that’s a good fix until I can figure out what’s the deal with mta-sts. Emails are sending/receiving, caldav and nextcloud app sync is working fine. I know this was pretty basic for many here, but hope this helps somebody.

system · March 30, 2022, 11:44pm

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.