Problem with let's encrypt


#1

Hi,

my all certificate is old now and can’t upgrade. So what I do? When I try press “provision certificate” button I just get this “Error Something went wrong, sorry.”

This certificate issue broke whole email… so any users can’t access mail via web or outlook 2016. Also I try run mailinabox command.

I don’t have modified mailinabox machine… Maybe this is beginner coder mistake.

my mailinabox version is: v0.25


#2

Some stuff changed in Let’s encrypt between 0.25 and 0.26, (They updated their API I think) I would upgrade as soon as possible. 0.26 is very stable as of right now.


#3

I think I don’t want do that. v0.26 have some bad bugs…


#4

We are having all kinds of problems with .25 and .26. I tried migrating to a new box and with a fresh install .26 didn’t work at all. .25 is stuck with an expired cert and there doesn’t seem to be anything we can do about it. I’ve got maybe a day’s time trying to fix this stuff and it hasn’t been great.


#5

Agree with you on v0.26
but now seem fixed on latest v0.26c

If you really mean v0.26c being buggy - please be more descriptive of the bug so it can be fixed and we can all confirm.

versions less than v0.26b are way out-of-date


#6

@stegan totally - I actually just opened an issue that goes over what we’ve been seeing. I actually spun up a new VM and verified it was running .26c and Roundcube wasn’t working and the same SSL error was happening: Something went wrong. The only similarity between the two boxes, old and new, was that the user-data folder was transferred. Since it’s a VM and making an internal networking change like that could sometimes mean you’re still seeing the old box, I triple checked that the new one was .26c and then SSH’d to the new box and ran the ssl_certs.py script which threw a syntax error.

edit: thank you for any assistance you may have, even pointing me in the right direction. we’ve been offline for two days and I’m stressed and frustrated. With a few projects pending it is a tough time to lose email.


#7

So was v.026c working good or have you problems right now?


#8

So I upgraded this to v0.26c and now I can’t even login…

I got this when I try login: “Login Failed Incorrect username or password”


#9

So my “stable” isn’t same than your stable I think… stegan


#10

I would try:

  • Rebooting the box, if you haven’t tried yet.
  • Looking at the Status Checks page in the admin — let us know if anything isn’t green.

#11

JoshData, invalid ssl cert so can’t go site and login. So I don’t have anyways to check status check page


#12

Go back to DO login page (not your local terminal to box) if you have followed the “PasswordAuthentication to no” your only way into the “box” will be through DO:
I’d reboot from their console - if that doesn’t solve it I would start completely afresh being extra careful on each step and not implementing the “PasswordAuthentication = no” step. (just use a super secure ie VERY long password for root access).
You CAN live without implementing that step for ages without ill effect on MAIB just one ‘X’ in your status report.

BTW: this problem with your ssl access is not the same as a Lets Encrypt issue, they are different.


#13

If you can log into your box with SSH, you can run the status checks on the command line. You can also reset your password in case that’s the problem.

(ssh into your box)
sudo su                     # become root
cd ~/mailinabox             # this is where Mail-in-a-Box is normally instaled
management/status_checks.py # runs status checks
tools/mail.py user password you@yourdomain.com # asks for a new password

#14

Oh and you can provision new SSL certificates from the command-line as well:

(ssh into your box, sudo su, cd mailinabox....)
management/ssl_certificates.py

#15

Hello. I have same serious problem

Certificate renewal does not work. Certificates are expired and I can not create any new ones now.

Mailinabox v 0.26c, updated, rebooted
I have a mailinabox from 09/2017. in 12/17 SSL updated OK. In 01/12 or 02/12 I updated from 0.23 to 0.26. Today (since refresh does not work cert) I updated from 0.26 (a or b) to 0.26c
I tried:#1101 (comment)
Next I run: sudo pip3 install --upgrade pyOpenSSL
Renew:
./management/ssl_certificates.py
/usr/local/lib/mailinabox/env/lib/python3.4/site-packages/acme/jose/jwa.py:110: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)

A TLS certificate was requested for: box. example.com, example.com, www.example.com.
We have to wait 60 seconds for the certificate to be issued…
We have to wait 50 seconds for the certificate to be issued…
We have to wait 40 seconds for the certificate to be issued…
We have to wait 30 seconds for the certificate to be issued…
We have to wait 20 seconds for the certificate to be issued…
We have to wait 10 seconds for the certificate to be issued…
Traceback (most recent call last):
File “./ssl_certificates.py”, line 803, in
provision_certificates_cmdline()
File “./ssl_certificates.py”, line 446, in provision_certificates_cmdline
status = provision_certificates(env, agree_to_tos_url=agree_to_tos_url, logger=my_logger, force_domains=force_domains, show_extended_problems=show_extended_problems)
File “./ssl_certificates.py”, line 331, in provision_certificates
logger=my_logger)
File “/usr/local/lib/mailinabox/env/lib/python3.4/site-packages/free_tls_certificates/client.py”, line 64, in issue_certificate
agree_to_tos_url, validation_method, acme_server, logger)
File “/usr/local/lib/mailinabox/env/lib/python3.4/site-packages/free_tls_certificates/client.py”, line 121, in validate_domain_ownership
challg = submit_domain_validation(client, regr, account, challenges_file, domain, validation_method, logger)
File “/usr/local/lib/mailinabox/env/lib/python3.4/site-packages/free_tls_certificates/client.py”, line 433, in submit_domain_validation
message = '; '.join(c.error.detail for c in challg.challenges if c.status.name == “invalid”)
File “/usr/local/lib/mailinabox/env/lib/python3.4/site-packages/free_tls_certificates/client.py”, line 433, in
message = '; '.join(c.error.detail for c in challg.challenges if c.status.name == “invalid”)
AttributeError: ‘NoneType’ object has no attribute ‘detail’

How to solve it?


#16

I think LE made changes to their API - I do believe there is someone looking at this though, can you report this bug on the github?


#17

yes, I add this bug on the github.
https://github.com/mail-in-a-box/mailinabox/issues/1368


#18

I wouldn’t recommend downgrading but if you have to, go into ~/mailinabox/setup/bootstrap.sh and change the TAG variable then run.

NOTE: This is 100% unsupported by the dev (afaik) and I will not really support it either (as a user) since it completely modifies what MIAB is right now. (Maybe bad wording, but I hope you get the gist)


#19

There’s no chance that an earlier version is going to work better than a later version. :slight_smile: And in general this could lead to data loss of Nextcloud and Roundcube data since the database can’t be migrated backwards.


#20

Yea that’s also a good point as well. - Which is why I put the not in.

Honestly wouldn’t recommend.