TLS certificate error

I’m lost the 2 other certs renewed but this one doesn’t seem to want to.
I’m guessing my email will also stop working once it expires. any help would be much appreciated. I have already run mailinabox and rebooted and still no change.

SSH into your VPS, go to your /mailinabox/management/ directory and run the command

sudo ./ssl_certificates.py

If the certificate does not update paste the output here or someplace like paste.ubuntu.com.

screen2

Ugh! I am not sure if that is a LE issue or a MiaB issue.

To me it is odd though that the other 2 domains certs renewed,

Someone else will have to look at this closer. Hang tight. :slight_smile:

It tells you right there, invalid argument. So either that file needs to be replaced or certbot re-ran to fix the file.

I agree that the error is SOMETHING concerning the certificate file, but is the issue with the python script itself, or with the certificate file itself?

And what does

mean?

Oh and interestingly, even though the admin area shows the new certificate file is installed for noblemail.org and www.noblemail.org, the sites are still serving up the old certificate file. At least as far as I can tell before the page is redirected - making it a bit difficult to troubleshoot. But interesting idea OP. :slight_smile:

The old cert covers all 3 subdomains via SAN … just FYI. So that adds to the mystery. No idea what the new cert covers as it is not displaying.

Let’s Encrypt reports that there are multiple copies of the certificate issued, so the problem is the deployment in MiaB.

https://crt.sh/?q=www.noblemail.org
https://crt.sh/?id=1581885096

A typo sorry :sweat_smile: I was talking with some one irl

So what do I need to do to fix it? Bear in mind I am a newbie to Linux. I did manually run certbot and it seemed to work but didn’t install the cert to mail in a box. Just into the etc folder. I then deleted all that because I had read having multiple accounts can mess up your certs.

@Kw0mE

How many times did you manually run Certbot?

Can I see a ls -l on the directory /home/user-data/ssl please?

Last login: Mon Jun 17 10:44:59 2019 from 124.185.132.187
root@mail:~# cd /home/user-data/ssl
root@mail:/home/user-data/ssl# ls -l
total 16
drwxr-xr-x 5 root root 4096 Jun 17 10:46 lets_encrypt
-rw-r–r-- 1 root root 3615 Jun 17 10:16 mail.noblemail.org-20190914-18728f71.pem
-rw-r–r-- 1 root root 3611 Mar 21 03:00 ssl_certificate.pem
-rw-r–r-- 1 root root 1675 Jan 4 20:17 ssl_private_key.pem
root@mail:/home/user-data/ssl#

I think i only got certbot to run once successfully when I did it manualy. I cleaned up the ssl directory and it seems the other domain certificates updated again looking at the expire date. but the mail.noblemail.org doesnt seem to want to refresh. Ive also deleted the webpage so the redirect doesnt happen anymore on mail.noblemail.org if that helps.

after a reboot that didnt work so i restored the ssl directory from a backup I made before I started to try fix this problem. this is the working contents.

root@mail:/home/user-data/ssl# ls -l
total 32
-rw-r–r-- 1 root root 424 Jan 4 20:17 dh2048.pem
drwxr-xr-x 5 root root 4096 Jun 17 10:57 lets_encrypt
-rw-r–r-- 1 root root 3611 Jan 4 20:35 mail.noblemail.org-20190404-492c5821.pem
-rw-r–r-- 1 root root 3611 Mar 21 03:00 mail.noblemail.org-20190618-6fd89428.pem
-rw-r–r-- 1 root root 3611 Jun 4 03:00 mail.noblemail.org-20190901-1ef8522e.pem
-rw-r–r-- 1 root root 1001 Jan 4 20:17 mail.noblemail.org-selfsigned-20190104.pem
-rw-r–r-- 1 root root 3611 Mar 21 03:00 ssl_certificate.pem
-rw-r–r-- 1 root root 1675 Jan 4 20:17 ssl_private_key.pem

Do you know how to make a symbolic link? link this to ssl_certificates.pem

then restart nginx with

systemctl restart nginx

Hmm, but wait … you removed that certificate, no? Then we need to approach this in another way. Care to join me on slack, it may be simpler??? @Kw0mE

OP allowed me sudo access to the server … the thing is that the certificate should be a link from the current certificate file to ssl_certificate.pem, but it is not … it is just the file.

We attempted to link and that caused nginx to not restart … so after restoring the /ssl directory I renamed the current cert file to ssl_certificate.pem, reloaded nginx and bingo!

It is a mystery though why that file is not linked like I have seen on every other MiaB install that I have touched.

Note - ./ssl_certificates.py WILL NOT run. It throws an error every time. I have logs if someone would like to look and see why this may be …

1 Like

Can always send me logs via PM or slack my man.