Posts by vege.net

hostname -F /etc/hostname

?

hmm,

echo sudominio > /etc/hostname && reboot

hmm,

# cat /etc/hostname

Yo sueleo host:

apt install bind9-host

host yourIP

host host.domain.tld

check that your IP has a FQDN (PTR-Record) and that this hostname points to the same IP.

there is no final solution yet.

some customer php-scripts also make use of "openssl verify". they're also fail.

and its not the openssl version. openssl3.0 says also

The problem is that the certbot used by the plugin still generates a chain with old X3 in it. Got no idea how to get rid of it, yet

Quote from fulltilt

openssl verify still shows an error but the certificate seems to be valid

Code

1. #openssl verify -CAfile fullchain1.pem cert1.pem
2. C = US, O = Internet Security Research Group, CN = ISRG Root X1
3. error 2 at 2 depth lookup: unable to get issuer certificate
4. error cert1.pem: verification failed

this is what the patch does... it deletes the "-CAfile fullchain.pem"

you dont need it anymore cause openssl got the CA now in /etc/ssl/certs

just comment out line 134

# ( ( $self->{'ca_bundle_container_path'} ne '' ) ? ( '-CAfile', $self->{'ca_bundle_container_path'} ) : () ),

no, just added the cert.. dont know if the others are necessary.. (?)

your welcome

Quote from fulltilt

now it's broken ... (debian & ubuntu)

new certificates can no longer be created and the check shows for a certificate that was generated an hour before:

Code

1. O = Digital Signature Trust Co., CN = DST Root CA X3
2. error 10 at 3 depth lookup: certificate has expired
3. error cert1.pem: verification failed

any idea how to proceed?

we had the same problems, here is a hot fix which worked for us:

what it does:

- adding new letsencrypt CA cert to /etc/ssl/certs

- removing "-CAfile fullchain1.pem" from openssl command (its not necessary anymore because openssl knows it now)

Regards, Joern

ps: Debian 9 / i-MSCP 1.5.3 Build: 2018120800

Build: 2018120800