Replace ssl cert

i’m not sure how but i screwed up my ssl cert. now it says staging and Let’sEncrypt runs every night to renew but cannot replace the cert

i would like manual directions to remove the cert from mail in a box.
tia

Have you tried running sudo mailinabox to see if that corrects the problem?

yes, it made no difference

found it. someone installed certbot to ubunutu, i tried removing certbot and run setup again but the cert is still there

any suggestions on removing the cert? blowing away the server is not a great solution

the LetsEncrypt included in MIAB says this when i try to provision

Congratulations! Your certificate and chain have been saved at: /tmp/tmpvge6x1p9/cert_and_chain.pem
edit, this folder does not exist

ok, feel free to close this. i’ll just build it myself, the exchange sync doesn’t work anyway. thnx for all the fish

rebuilding a new server did not fix it. the ssl cert’s are part of the backup
ffs
does no one know how to remove Staging cert so i can get my mail back?

I’m not sure what a staging cert is, but MiaB stores all certs and keys in /home/user-data/ssl/. You could try moving everything in that directory some place else, then run sudo mailinabox. If this seemed to irreparably break something, you can just move everything back. If not, then try and set up certs through the dashboard.

Make sure you have your backup file before doing this sort of Easter-egging.

What is difficult from my perspective is that you appear to have changed something. Without knowing what you changed, all I can do is guess, or offer that you should create a brand-new install and migrate the messages without using the restore feature.

I think at this point I’d be opting for just using my own cert though the admin gui. You could get the csr and the use https://www.namecheap.com/security/ssl-certificates/comodo/ to get a cert for $5.99 US

It’s going to be hard for any of us on the forum to remote diagnostic the certificate without ssh’ing into your box.

Things I would be looking for there is who owns that directory, what are the permissions on it, etc.

Thanks for the reply!
how would you suggest i migrate all message without using the restore feature?

I guess it depends on your level of comfort doing the migration work.

How many users do you have?

A lot of people seem to use https://imapsync.lamiral.info/
You will need to create all the email mailboxes again, set passwords, probably delete and reconnect any phones you have using ActiveSync, etc. Also, keep in mind you still need to migrate calendar and contacts yourself - Also if your using nextcloud for other things that as well.

I think the simplest method is to just tar gz the mailbox domain directory “/home/user-data/mail/mailboxes” and untar gz it on the new server.
You will need to create all the email mailboxes again, set passwords, probably delete and reconnect any phones you have using ActiveSync, etc. Also, keep in mind you still need to migrate calendar and contacts yourself - Also if your using nextcloud for other things that as well.

tar -zcvf archive-name.tar.gz source-directory-name

so tar -zcvf /home/mailboxes.tar.gz /home/user-data/mail/mailboxes/

Copy the /home/mailboxes.tar.gz to the new server and then tar -xvf /home/mailboxes.tar.gz
you might need to move the directory to the correct place if you dont untar it in the correct location.
mv mailboxes /home/user-data/mail/

That should at least get your mail back on the new server and hopefully the new server will have the ssl certificates working at that point. Also dont forget any DNS entries you might need to change/gluerecords/etc.

1 Like

ouch, the manual method eh? and pray that this doesn’t contain something else no one could possibly expect

Thanks for the suggestion

I’ve done it before and it works well

i’m not sure how you figure a paid cert would fix what the free ones can’t? LetsEncrypt gets a new cert every night, it just wont remove the staging one.
and no, you can’t ssh into my box
Perms are set with my user as owner chmod to 775

i get permission denied on mail/mailboxes/my.domain

are you root?

sudo -i

duh, of course I’m running on ec2 instance and sudo isnt’ always required here

a regular cert doesnt expire for a year+ depending on what you buy. That cert can put installed and perhaps MiaB will just fix things using that cert. once installed you dont have to worry about the 90 day lets encrypt cert limit, because you chose 1 year or 2 years or whatever at the time you pay for the cert.

Honestly, I’d probably do something like this first.

sudo -i
so tar -zcvf /home/ssl.tar.gz /home/user-data/ssl
cd /home/user-data/ssl
rm mydomain.pem

then /mailinabox/management/ssl_certificates.py

and see if the certificates regenerate.

1 Like

are you saying that you actually needed to be root or that ec2 doesnt require you to be root? your comment is a bit confusing because I dont run anything on AWS. Not sure if they did some special custom weirdness - In the real world, a self installed fresh copy of ubuntu 18.04 LTS you would either need to enter sudo commands or sudo -i to become root.

This is the first time you have mentioned using AWS. There is nothing otherwise obvious about your post to communicate you are using AWS. Please include in posts when you are using AWS so users can be aware. Also, please refrain from the “duh, of course…” type statements as this often interpreted as condescending and can generate friction.

Most people here, myself included, have never used AWS, and given the number of people who come here with problems of using MiaB on AWS, you probably will get better help by stating this immediately in your posts.