SSL Problem - LetsEncrypt


#1

Hi

when running Provision certificates from WebUi i got “Something went wrong…”.
Running this on command line i got:

root@box:/home/config/mailinabox# management/ssl_certificates.py
Provisioning TLS certificates for box.niewoehner.co, niewoehner.co, www.niewoehner.co, niewoehner.email, www.niewoehner.email, webmail.sabris-pizza.de, webmail.wantia-architektur.de, webmail.zurampel.de, winkelhaus-vreden.de, www.winkelhaus-vreden.de, www.pattymitzaufen.de, www.sabris-pizza.de, www.wantia-architektur.de.
Traceback (most recent call last):
  File "management/ssl_certificates.py", line 660, in <module>
    provision_certificates_cmdline()
  File "management/ssl_certificates.py", line 372, in provision_certificates_cmdline
    status = provision_certificates(env, limit_domains=domains)
  File "management/ssl_certificates.py", line 348, in provision_certificates
    ret.extend(post_install_func(env))
  File "management/ssl_certificates.py", line 458, in post_install_func
    if cert and os.readlink(system_ssl_certificate) != cert['certificate']:
OSError: [Errno 22] Invalid argument: '/home/user-data/ssl/ssl_certificate.pem'

Does this can have anything to do with migrating my MIAB installation? I remember that there was a problem copying the file /home/user-data/ssl/ssl_certificate.pem. But this is only a shortcut, isn’t it? How can I solve the problem?


Mail in a box loses custom dns entries
#2

I’m getting all those errors too today. First time in >4 years I have an error. They certs expired last night and didn’t renew and then I go to manually upgrade (tho it is the current version) and it spits out all above.


#3

Can anyone help please?

Edit:
I deleted /home/user-data/ssl/ssl_certificate.pem and tried to run “sudo mailinabox”.
Now i get this when running “sudo management/ssl_certificates.py”

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Missing command line flag or config entry for this setting:
Please choose an account
Choices: ['box.mydomain.co@2018-08-09T13:29:11Z (5666)', 'box.mydomain.co@2018-09-24T18:00:16Z (7710)']

#4

okay i deleted the old account from “/home/user-data/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/directory” and rerun “sudo management/ssl_certificates.py”

Now everything is working but i still have on error on status page:

The DANE TLSA record for incoming mail (_25._tcp.box.mydomain.co) is not correct. It is ‘3 1 1 16f0d26a24658dfb3c767e3a17749e83’ but it should be ‘3 1 1 61f76074598ba151f’. It may take several hours for public DNS to update after a change.

I think this will be solved automatically through DNS update?

Edit: Everything working now


#5

I have the same problem since yesterday.

Also my “/home/user-data/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/directory” is empty so nothing to delete in there.

Edit: I rerun sudo mailinabox as mentioned in other thread, hope it fixes the problem.


#6

Same problem.

my /home/user-data/ssl/lets_encrypt/accounts/acme-v02.api.letsencrypt.org/directory is empty and my log has the following from my latest attempt to run ./ssl_certificates.py.
Pastebin Link to relevent log

It mentions webroot alot but this is the first time I have ever had an issue like thsi crop up in the last 2 yearswith mailinabox


#7

Did it solve the problem? An update please! :slight_smile:
Which version of MiaB are you using?


#8

Is there anything in /home/user-data/ssl/
If so remove the contents of the directory (BUT NOT THE DIRECTORY ITSELF)
then do sudo mailinabox

Please reply if that works, or if not, copy the error log.
Which version of MiaB are you using?


#9

Looks like it didn’t because I got same error this night. I have v.28. will update to v.29 tomorrow.


#10

All the contents to include the lets_encrypt and lets_encrypt-old folders?

—EDIT—
Yes that worked All is well now!


#11

Worked for me too, thanks!