STARTTLS fails with "4.7.0 TLS not available due to local problem" after running the Let's Encrypt installation.
The Let's Encrypt generator script works fine for the webinterface but makes a small error in the Postfix config if the system name contains any capital letters.
The generated directory doesn't have capital letters but the main.cf entries do.
I named my system EFA1.domain.tld, the created directory structure is /etc/letsencrypt/live/efa1.domain.tld/ but the entries in main.cf point to /etc/letsencrypt/live/EFA1.domain.tld/ which is a different path.
Editing /etc/postfix/main.cf to point to the correct path does fix it.
I do wonder however if the refresh script will mess things up again... We'll find out in 30 days.
STARTTLS Let's Encrypt bug (and manual fix).
-
- Posts: 97
- Joined: 01 Jul 2017 02:32
Re: STARTTLS Let's Encrypt bug (and manual fix).
Thanks for the report!
The renew script does not update postfix paths (or apache) every 30 days, so the static mappings form your correction should work, since the "live" folder is a symbolic link. But the renew script (and the enabling of the feature) will also break the paths used to generate the Webmin cert if there are uppercase characters in the name (or domain name for the matter).
We'll add this to the issue list for 3.0.2.6. But in the meantime, as a quick work around, please change your hostname and domain name to lowercase, and then re-run the Let's Encrypt to disable, and then enable again to fix the certs in all 3 apps.
Thanks!
The renew script does not update postfix paths (or apache) every 30 days, so the static mappings form your correction should work, since the "live" folder is a symbolic link. But the renew script (and the enabling of the feature) will also break the paths used to generate the Webmin cert if there are uppercase characters in the name (or domain name for the matter).
We'll add this to the issue list for 3.0.2.6. But in the meantime, as a quick work around, please change your hostname and domain name to lowercase, and then re-run the Let's Encrypt to disable, and then enable again to fix the certs in all 3 apps.
Thanks!
-
- Posts: 97
- Joined: 01 Jul 2017 02:32
Re: STARTTLS Let's Encrypt bug (and manual fix).
Fix published for 3.0.2.6 release
https://github.com/E-F-A/v3/issues/396
Once 3.0.2.6 is released, any instances affected by this will need to disable Let's Encrypt and re-enable the feature for the proper paths and renewal script to be replaced.
https://github.com/E-F-A/v3/issues/396
Once 3.0.2.6 is released, any instances affected by this will need to disable Let's Encrypt and re-enable the feature for the proper paths and renewal script to be replaced.
Re: STARTTLS Let's Encrypt bug (and manual fix).
That was quick. Thanks!