TLS Automatic Cert Provisioning

sturner · November 15, 2020, 1:53pm

I am on v.48 , and I am getting this error

The TLS (SSL) certificate has a problem: The certificate has expired or is not yet valid. It is valid from 2020-08-17 06:35:52 to 2020-11-15 06:35:52.

Not auto provisions of the cert?

alento · November 15, 2020, 6:22pm

There should be… what happens when you run

sudo ~/mailinabox/management/ssl_certificates.py ?

sturner · November 15, 2020, 7:19pm

Travelling, will try it from DO web terminal.

sturner · November 15, 2020, 10:04pm

Is there another method to troubleshoot. I have limited internet and only access to mobile phone

alento · November 16, 2020, 12:04am

Probably not. If you are away and need it fixed, I am available for a very reasonable fee. Assuming, that is, you have the means to convey me the login details.

Alternatively, there are SSH clients for mobile.

Let me know if I can help.

sturner · November 16, 2020, 10:02pm

I ran the command abov

sudo ~/mailinabox/management/ssl_certificates.py ?

Should the question mark (?) be included

alento · November 16, 2020, 10:03pm

No, It should not be included.

sturner · November 16, 2020, 10:07pm

How do I page the results? Of the command

sturner · November 16, 2020, 10:10pm

I am using external DNS, Namecheap , I have the A record pointing to IP, using the subdomajn, and I upgraded to .51

alento · November 16, 2020, 10:12pm

As the certs are issued for all subdomains, please confirm that you have all of them listed in DNS.

So when you go to the SSL/TLS page now, what is being indicated?

sturner · November 16, 2020, 10:15pm

skipped: box.firstsightmedia.com:
The domain name does not resolve to this machine: [ Not Set] (AAAA)

alento · November 16, 2020, 10:32pm

I am not seeing any entries at NameCheap in their DNS for the subdomains

autoconfig
autodiscover
mta-sts

sturner · November 16, 2020, 10:37pm

Are they necessary??? I thought they were for active syncs

alento · November 16, 2020, 10:40pm

I noticed yesterday while helping someone out that the certificate is issued with these subdomains … I think that is a question that needs to be addressed separately of the devs @JoshData.

So since LE is instructed by MiaB to issue certs for the subdomains, yeah they are required.

But honestly, I am still not getting a clear picture of the situation with your installation as the error you mentioned usually shows up in status checks, not on the tls/ssl page … so I am a bit confused.

sturner · November 16, 2020, 10:41pm

So create all records foe them or just the A records

alento · November 16, 2020, 10:42pm

Just the A records are needed.

sturner · November 16, 2020, 10:48pm

Done. Do I need to run the management command…again.

alento · November 16, 2020, 10:49pm

Take a look at the TLS/SSL page and see if there is a Blue Provision button.

sturner · November 16, 2020, 10:50pm

Install certificate. No provision

alento · November 16, 2020, 10:54pm

Is DNS resolution working on your MiaB?

nslookup google.com

dig mailinabox.email

What output do you get from each of these commands?