nixos-mailserver icon indicating copy to clipboard operation
nixos-mailserver copied to clipboard

Published 20 hours ago verified publisher icon r-raymond

Using certificateScheme = 3 fails

Open gbuisson opened this issue 7 years ago • 6 comments
trafficstars

SNM Version: 2.1.3

Nixos Version: unstable

Relevant part of the config to reproduce:

certificateScheme = 3;

What I expected to happen:

The imap server should work, no error renewing the certificate

What happened:

the certificate renew service fails with:

Not enough PEM encoded messages were found in fullchain.pem; at least 2 were expected, found 1.

Relevant journald log:

2018-04-03 20:09:44,198:DEBUG:simp_le:1546: ('-v', '-d', ';.., '--default_root', '/var/lib/acme/acme-challenge', '--valid_min', '2592000', '-f', 'fullchain.pem', '-f', 'full.pem', '-f', 'key.pem', '-f', 'account_key.json') parsed as Namespace(account_key_public_exponent=65537, account_key_size=4096, cert_key_size=4096, default_root='/var/lib/acme/acme-challenge', email=None, help=False, integration_test=False, ioplugins=['fullchain.pem', 'full.pem', 'key.pem', 'account_key.json'], reuse_key=False, revoke=False, server='https://acme-v01.api.letsencrypt.org/directory', test=False, user_agent='simp_le/0.8.0', valid_min=2592000, verbose=True, version=False, vhosts=[Vhost(name='...', root=None)])...

gbuisson avatar Apr 03 '18 20:04 gbuisson

That's a known issue with nixos-unstable: https://github.com/NixOS/nixpkgs/pull/38372

dotlambda avatar Apr 03 '18 20:04 dotlambda

OK, downgrading to 18.03 I get another issue that I also got using certiicateScheme = 2:

imap-login: Error: Failed to initialize SSL server context: Couldn't parse DH parameters: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: DH PARAMETERS: user=<>, rip=<...>, lip=<...>, session=<iIJsQfhoXNElrX8U>

any idea?

gbuisson avatar Apr 03 '18 21:04 gbuisson

w00t, got imap auth working after the system received the first mail

gbuisson avatar Apr 03 '18 22:04 gbuisson

So after toying with it and following the instructions step by step, retrying the whole evening I can:

  • login and fetch mail

I can't:

  • receive email from other boxes
  • send email, getting :
Apr 03 23:25:59 mail.y42.sh postfix/smtpd[13143]: NOQUEUE: milter-reject: CONNECT from unknown[...]: 451 4.7.1 Service unavailable - try again later; proto=SMTP```

gbuisson avatar Apr 03 '18 23:04 gbuisson

Hi @gbuisson, thanks for trying out SNM. Right now the stable version uses Nixos 17.09. Nixos 18.03 has a new rspamd version (thanks to the contributors of this project) which does not need rmilter anymore. We will need to update the system for that. There has been work (see #61) but it is not finished yet. Any help is welcome!

r-raymond avatar Apr 04 '18 10:04 r-raymond

okay, thanks for your explanations, I finally got it all working, my dkim dns record was wrong and somehow I needed to update again my system to use all packages from 18.03 , It seems to be working with this release.

gbuisson avatar Apr 04 '18 10:04 gbuisson