hmm,
echo sudominio > /etc/hostname && reboot
Posts by vege.net
-
-
hmm,
# cat /etc/hostname
-
Yo sueleo host:
apt install bind9-host
host yourIP
host host.domain.tld
-
check that your IP has a FQDN (PTR-Record) and that this hostname points to the same IP.
-
there is no final solution yet.
some customer php-scripts also make use of "openssl verify". they're also fail.
and its not the openssl version. openssl3.0 says also
The problem is that the certbot used by the plugin still generates a chain with old X3 in it. Got no idea how to get rid of it, yet
-
this is what the patch does... it deletes the "-CAfile fullchain.pem"
you dont need it anymore cause openssl got the CA now in /etc/ssl/certs
-
just comment out line 134
# ( ( $self->{'ca_bundle_container_path'} ne '' ) ? ( '-CAfile', $self->{'ca_bundle_container_path'} ) : () ),
-
no, just added the cert.. dont know if the others are necessary.. (?)
your welcome
-
now it's broken ... (debian & ubuntu)
new certificates can no longer be created and the check shows for a certificate that was generated an hour before:
any idea how to proceed?
we had the same problems, here is a hot fix which worked for us:
Display MoreCode- cd /usr/share/ca-certificates/mozilla/
- wget https://letsencrypt.org/certs/lets-encrypt-r3.pem
- mv lets-encrypt-r3.pem lets-encrypt-r3.crt
- dpkg-reconfigure ca-certificates # -->> add new letsencrypt Cert
- vi /var/www/imscp/engine/PerlLib/iMSCP/OpenSSL.pm +134 #comment out line 134
- my $cmd = [
- 'openssl', 'verify',
- # ( ( $self->{'ca_bundle_container_path'} ne '' ) ? ( '-CAfile', $self->{'ca_bundle_container_path'} ) : () ),
- '-purpose', 'sslserver', $self->{'certificate_container_path'}
- ];
what it does:
- adding new letsencrypt CA cert to /etc/ssl/certs
- removing "-CAfile fullchain1.pem" from openssl command (its not necessary anymore because openssl knows it now)
Regards, Joern
ps: Debian 9 / i-MSCP 1.5.3 Build: 2018120800
Build: 2018120800
-
i think we'll get trouble. Debian test with time in the future:
# service ntp stop
# date --set="2 OCT 2021 18:00:00"
# openssl verify -CAfile fullchain14.pem -purpose sslserver cert14.pem
O = Digital Signature Trust Co., CN = DST Root CA X3
error 10 at 3 depth lookup: certificate has expired
error cert14.pem: verification failed
# service ntp start
# openssl verify -CAfile fullchain14.pem -purpose sslserver cert14.pem
cert14.pem: OK
maybe
sub validateCertificate in
/var/www/imscp/engine/PerlLib/iMSCP/OpenSSL.pm
should be disabled ?