I tried to find a thread on this subject but was unable to find something that quite fits.
My problem: Nginx does not start, because it looks for an outdated .pem cert that refers to the autoconfig of my secondary domain, which I use for email addresses but it is not the domain the server is hosted at. I can’t figure out how to make it look for the right one.
Essentially, I’ve changed my IPv6 address (because the old one’s /64 range was blacklisted by Spamhaus, I was assigned a fresh range by Linode) and was trying to get the admin panel to stop showing an error (it was working otherwise, just not showing up correctly) about the DNS pointing at the wrong IPv6 address.
I made changes to /etc/systemd/network/05-eth0.network according to Linode instructions, then /etc/postfix/main.cf and /etc/mailinabox.conf to make sure it was correct, rebooted, restarted postfix and ran sudo mailinabox just to be sure. When stuff didn’t work I also ran the install script (curl -s https://mailinabox.email/setup.sh | sudo bash) to see if that fixed it. It did not.
Apr 06 15:46:12 mail.arborvitae.xyz nginx[721]: nginx: [emerg] cannot load certificate "/home/user-data/ssl/autoconfig.wklnd.me-20230317-9d5dd819.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/home/user-data/ssl/autoconfig.wklnd.me-20230317-9d5dd819.pem, r) error:10000080:BIO routines::no such file)
Apr 06 15:46:12 mail.arborvitae.xyz nginx[721]: nginx: configuration file /etc/nginx/nginx.conf test failed
Apr 06 15:46:12 mail.arborvitae.xyz systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
On the upside, it seems like emails still work, and it’s just Nginx not working which keeps me from accessing the admin panel. I also can’t ping the server, but I can SSH into it. Any suggestions welcome!
Interesting. The autoconfig subdomain should not refer to it’s own certificate. At least, it doesn’t on my box.
Can you try sudo management/ssl_certificates.py from your Mail-in-a-Box installation directory?
Also try sudo tools/web_update
Thanks for the suggestion! I ran sudo management/ssl_certificates.py and it seems to work now, except my browser complains about an invalid cert when I go to visit the admin panel. I can access the admin panel now, though!
root@mail:~/mailinabox# sudo management/ssl_certificates.py
skipped: mail.arborvitae.xyz:
The domain has a valid certificate already. (The certificate expires in 69 days on 2025-06-15. Certificate: /home/user-data/ssl/mail.arborvitae.xyz-20250615-19cb576f.pem, private key /home/user-data/ssl/ssl_private_key.pem)
skipped: mta-sts.mail.arborvitae.xyz:
The domain has a valid certificate already. (The certificate expires in 69 days on 2025-06-15. Certificate: /home/user-data/ssl/mail.arborvitae.xyz-20250615-19cb576f.pem, private key /home/user-data/ssl/ssl_private_key.pem)
skipped: arborvitae.xyz:
The domain has a valid certificate already. (The certificate expires in 72 days on 2025-06-18. Certificate: /home/user-data/ssl/arborvitae.xyz-20250618-338c1301.pem, private key /home/user-data/ssl/ssl_private_key.pem)
skipped: autoconfig.arborvitae.xyz:
The domain has a valid certificate already. (The certificate expires in 69 days on 2025-06-15. Certificate: /home/user-data/ssl/mail.arborvitae.xyz-20250615-19cb576f.pem, private key /home/user-data/ssl/ssl_private_key.pem)
skipped: autodiscover.arborvitae.xyz:
The domain has a valid certificate already. (The certificate expires in 69 days on 2025-06-15. Certificate: /home/user-data/ssl/mail.arborvitae.xyz-20250615-19cb576f.pem, private key /home/user-data/ssl/ssl_private_key.pem)
skipped: mta-sts.arborvitae.xyz:
The domain has a valid certificate already. (The certificate expires in 69 days on 2025-06-15. Certificate: /home/user-data/ssl/mail.arborvitae.xyz-20250615-19cb576f.pem, private key /home/user-data/ssl/ssl_private_key.pem)
skipped: www.arborvitae.xyz:
The domain has a valid certificate already. (The certificate expires in 72 days on 2025-06-18. Certificate: /home/user-data/ssl/arborvitae.xyz-20250618-338c1301.pem, private key /home/user-data/ssl/ssl_private_key.pem)
skipped: wklnd.me:
The domain name does not resolve to this machine: 82.196.113.67 (A), 2a01:7e00::f03c:92ff:fefe:3874 (AAAA).
skipped: autoconfig.wklnd.me:
The domain name does not resolve to this machine: 2a01:7e00::f03c:92ff:fefe:3874 (AAAA).
skipped: autodiscover.wklnd.me:
The domain name does not resolve to this machine: 2a01:7e00::f03c:92ff:fefe:3874 (AAAA).
skipped: mta-sts.wklnd.me:
The domain name does not resolve to this machine: 2a01:7e00::f03c:92ff:fefe:3874 (AAAA).
skipped: www.wklnd.me:
The domain name does not resolve to this machine: 82.196.113.67 (A), 2a01:7e00::f03c:92ff:fefe:3874 (AAAA).
Check the System / TLS (SSL) certificates menu to get certificates for all domains needed.
You probably need to update the dns entries for wklnd.me at cloudflare.
I’ve updated the AAAA records to the new IPv6 address, thanks for pointing that out because they were using a super old one from before an upgrade where I moved to a new box. Emails still worked though, so no harm done I suppose! I’m unsure about the certs though, since the wklnd.me domain is used to host a website on another server and this one is only used to handle emails for those addresses. Looking at the Status Checks page it looks fine, since I am not serving any sites on those domains here.
I am, however, getting this error on the System Status Checks page:
Public DNS (nsd4) is running and available over IPv4 but is not accessible over IPv6 at 2a01:7e00:e000:90e::1 port 53.
Update: I ran management/ssl_certificates.py again and it provisioned certs for autoconfig, autodiscover and mta-sts either way.