SSL certificate already expired - cannot login to Admin Portal for MIAB

jxmartinez · December 22, 2016, 2:02pm

Hello there!
1st question:

I am probably overlooking something very simple or maybe I need to do something at the terminal level but I am not able to login to the Admin portal in order to manage the SSL certificates.

All my certificates have expired and I need to renew them.

Is there any way to have MIAB default to http thereby allowing me to manage the certs and renew/install them?

2nd question:

One of the SSL cert providers that I was using stopped issuing free certs so I wanted to leverage letsencrypt.

Aside from going to letsencrypt and doing performing the installation with certbot, is there any customized module that manages it for MIAB installations?

murgero · December 22, 2016, 5:10pm

Use a different browser (If you are on FF, and the cert expired)

Honestly, IE might work for you. Or manually update certs via ssh?

murgero · December 22, 2016, 5:11pm

/etc/nginx/conf.d/local.conf is the nginx config

find box.example.com and disable auto redirect to HTTPS

JoshData · December 22, 2016, 8:52pm

There is no reason to ever disable HTTPS on the box.

jxmartinez · December 28, 2016, 8:55pm

Thank you all for the responses.

I was able to find an hour to finally focus on this - I have a toddler and an 9 month old at home.

Here is the outcome:

Josh is correct, there is no need to disable SSL - Firefox let me continue with the expired cert
my “what’s the easiest way to use let’s encrypt” question was answered for me when I upgraded MIAB - that functionality is built in!

I was able to get new certs for my three domains without any issue!

Thanks again!

murgero · September 5, 2017, 1:37pm

@JoshData I was saying to disable because his browser. However in hindsight it would have been better to delete SSL cache in chrome/FF because HSTS.

pimpedoutgeek · September 5, 2018, 11:02pm

I have recently upgraded MIAB and letsencrypt still not working. Expired cert since 9/4 and now email since. MIAB working now for a few years without cert issue. Any ideas? Something changed?

alento · September 6, 2018, 4:00pm

If you recently upgraded (to 0.28) Let’s Encrypt changed something on their end which is causing the MiaB install script to skip their request to accept their ToS. Typically rerunning sudo mailinabox will fix this.

You did not provide any error info, so I am grabbing at straws here… if that does not solve your problem, please provide more info.

pimpedoutgeek · September 16, 2018, 5:10pm

sudo su -
curl -s https://mailinabox.email/setup.sh | sudo bash
cd mailinabox/management/
./ssl_certificates.py
exit
sudo ./ssl_certificates.py
cd
sudo reboot
sudo su -
sudo apt-get update && sudo apt-get upgrade -y
cd mailinabox/management/
sudo ./ssl_certificates.py

Provisioning TLS certificates for box.datamaskinaggie.xyz, datamaskinaggie.xyz, www.datamaskinaggie.xyz, davidwbrown.name, www.davidwbrown.name, mcduffie-brown.name, www.mcduffie-brown.name.

error: box.datamaskinaggie.xyz, datamaskinaggie.xyz, www.datamaskinaggie.xyz, davidwbrown.name, www.davidwbrown.name, mcduffie-brown.name, www.mcduffie-brown.name:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags.

alento · September 16, 2018, 6:07pm

You need to run

sudo mailinabox

and accept the LE ToS

pimpedoutgeek · September 23, 2018, 6:00pm

I have not let MIAB go not upgraded or running the curl install for all the years using MIAB. The LE script just blows by, fails and I’m left with the only access is my IP.

alento · September 23, 2018, 8:31pm

So when you do

sudo mailinabox

what is the output?