STARTTLS Let's Encrypt bug (and manual fix).

Report bugs and workarounds
Post Reply
User avatar
BOOZy
Posts: 23
Joined: 04 Oct 2017 13:17

STARTTLS Let's Encrypt bug (and manual fix).

Post by BOOZy » 04 Oct 2017 13:33

STARTTLS fails with "4.7.0 TLS not available due to local problem" after running the Let's Encrypt installation.

The Let's Encrypt generator script works fine for the webinterface but makes a small error in the Postfix config if the system name contains any capital letters.
The generated directory doesn't have capital letters but the main.cf entries do.

I named my system EFA1.domain.tld, the created directory structure is /etc/letsencrypt/live/efa1.domain.tld/ but the entries in main.cf point to /etc/letsencrypt/live/EFA1.domain.tld/ which is a different path.

Editing /etc/postfix/main.cf to point to the correct path does fix it.

I do wonder however if the refresh script will mess things up again... We'll find out in 30 days.

TheGr8Wonder
Posts: 97
Joined: 01 Jul 2017 02:32

Re: STARTTLS Let's Encrypt bug (and manual fix).

Post by TheGr8Wonder » 04 Oct 2017 13:53

Thanks for the report!

The renew script does not update postfix paths (or apache) every 30 days, so the static mappings form your correction should work, since the "live" folder is a symbolic link. But the renew script (and the enabling of the feature) will also break the paths used to generate the Webmin cert if there are uppercase characters in the name (or domain name for the matter).

We'll add this to the issue list for 3.0.2.6. But in the meantime, as a quick work around, please change your hostname and domain name to lowercase, and then re-run the Let's Encrypt to disable, and then enable again to fix the certs in all 3 apps.

Thanks!

TheGr8Wonder
Posts: 97
Joined: 01 Jul 2017 02:32

Re: STARTTLS Let's Encrypt bug (and manual fix).

Post by TheGr8Wonder » 04 Oct 2017 18:18

Fix published for 3.0.2.6 release

https://github.com/E-F-A/v3/issues/396

Once 3.0.2.6 is released, any instances affected by this will need to disable Let's Encrypt and re-enable the feature for the proper paths and renewal script to be replaced.

User avatar
BOOZy
Posts: 23
Joined: 04 Oct 2017 13:17

Re: STARTTLS Let's Encrypt bug (and manual fix).

Post by BOOZy » 05 Oct 2017 07:06

That was quick. Thanks!

Post Reply