Posts by cproinfo

    What gives a manual

    Code
    1. openssl verify -CAfile /etc/imscp/imscp_services.pem -purpose sslserver /etc/imscp/imscp_services.pem

    ??

    Hi.
    here's the output. :


    Code
    1. /etc/imscp/imscp_services.pem: OK


    So, I decide to do a new :


    Code
    1. cd /usr/local/src/imscp-1.5.3-2018120800/
    2. perl imscp-autoinstall -dasr named



    And the setup detects the cert for panel invalid : cf log

    Code
    1. [Tue Jun 7 02:43:15 2022] [debug] iMSCP::Execute::execute: openssl pkey -in /etc/imscp/imscp_services.pem -noout
    2. [Tue Jun 7 02:43:15 2022] [debug] iMSCP::Execute::execute: openssl verify -CAfile /etc/imscp/imscp_services.pem -purpose sslserver /etc/imscp/imscp_services.p em
    3. [Tue Jun 7 02:43:15 2022] [debug] iMSCP::OpenSSL::validateCertificate: /etc/imscp/imscp_services.pem: OK
    4. [Tue Jun 7 02:43:15 2022] [debug] iMSCP::Execute::execute: openssl pkey -in /etc/imscp/panel.cproinfo.fr.pem -noout
    5. [Tue Jun 7 02:43:15 2022] [debug] iMSCP::Execute::execute: openssl verify -CAfile /etc/imscp/panel.cproinfo.fr.pem -purpose sslserver /etc/imscp/panel.cproinfo.fr.pem
    6. [Tue Jun 7 02:43:15 2022] [debug] iMSCP::OpenSSL::validateCertificate: error /etc/imscp/panel.cproinfo.fr.pem: verification failed
    7. [Tue Jun 7 02:43:15 2022] [debug] iMSCP::Execute::execute: /usr/bin/dialog --no-label No --no-shadow --ok-label Ok --help-label Help --colors --cancel-label B ack --exit-label Abort --backtitle 'i-MSCP - internet Multi Server Control Panel (1.5.3)' --yes-label Yes --title 'i-MSCP Installer Dialog' --msgbox '
    8. Your SSL certificate for the control panel is missing or invalid.



    So I did after a :

    Code
    1. openssl verify -CAfile /etc/imscp/panel.cproinfo.fr.pem -purpose sslserver /etc/imscp/panel.cproinfo.fr.pem
    2. /etc/imscp/panel.cproinfo.fr.pem: OK


    So, when I connect I have the alert message tha CA is unknown... Click OK, the renew the certificate via LetsEncrypt option.

    When I connect, all is fine, but when i ran :


    Code
    1. # openssl verify -CAfile /etc/imscp/panel.cproinfo.fr.pem -purpose sslserver /etc/imscp/panel.cproinfo.fr.pem
    2. O = Digital Signature Trust Co., CN = DST Root CA X3
    3. error 10 at 3 depth lookup: certificate has expired
    4. error /etc/imscp/panel.cproinfo.fr.pem: verification failed


    But, if I run :

    Code
    1. openssl verify -purpose sslserver /etc/imscp/panel.cproinfo.fr.pem
    2. /etc/imscp/panel.cproinfo.fr.pem: OK


    Is there a way to "remove" the "-CAfile /etc/...." part of the command ?

    Hi everybody


    I followed this tutorial (which I need to adapt for me cause it doesn't work.. but it's anoter problem) : Listener::Named::Slave::Provisioning - Zonetransfer to Secondary Nameserver + Howto

    In this tuto there's a new listener to register.

    The command to achieve this is :

    Code
    1. cd /usr/local/src/imscp-1.5.3-2018120800/
    2. perl imscp-autoinstall -dasr named


    each time I ran this command, the setup detects my certificates for the panel and the services as invalid.

    They are generated via the LetsEncrypt plugin.


    My setup :

    Debian 9 - up to date

    iMSCP v 1.5.3 - last release

    FQDN : web1.cproinfo.fr

    Panel address : panel.cproinfo.fr



    The log output (/var/log/imscp/imscp-setup.log) :

    Code
    1. [Sun Jun 5 02:47:05 2022] [debug] iMSCP::Execute::execute: openssl pkey -in /etc/imscp/imscp_services.pem -noout
    2. [Sun Jun 5 02:47:05 2022] [debug] iMSCP::Execute::execute: openssl verify -CAfile /etc/imscp/imscp_services.pem -purpose sslserver /etc/imscp/imscp_services.pem
    3. [Sun Jun 5 02:47:05 2022] [debug] iMSCP::OpenSSL::validateCertificate: error /etc/imscp/imscp_services.pem: verification failed
    4. [Sun Jun 5 02:47:05 2022] [debug] iMSCP::Execute::execute: /usr/bin/dialog --exit-label Abort --yes-label Yes --ok-label Ok --title 'i-MSCP Installer Dialog' --backtitle 'i-MSCP - internet Multi Server Control Panel (1.5.3)' --cancel-label Back --help-label Help --colors --no-label No --no-shadow --msgbox 'Your SSL certificate for the FTP and MAIL services is missing or invalid.



    The certificate is generated today !

    I already did :

    Code
    1. dpkg-reconfigure ca-certificates

    to update the DB and change the preferred root CA...


    In order to make this working again, I have to revoke the certs in the panel then generate new certs, and all is fine till next update....


    Is it because I have 2 dns names for the services and for the panel ?

    Am I missing another thing ?


    Many thanks for your help.

    cproinfo


    The imscp_panel.swp file is a state file that has not been installed by i-MSCP. Somehow, you have surely edited the file using VIM editor. You can safetely remove that file.

    You're right.

    I edited the "/etc/logrotate.d/imscp_panel" with vim to reduce log conservation to 5 weeks (was 52).

    Thanks a lot.

    I'll wait tomorrow to check if I receive a new notification mail.

    Hi everybody


    Since few days, I got this error reported by mail.


    /etc/cron.daily/logrotate:
    error: .imscp_panel.swp:1 unknown option 'b' -- ignoring line
    error: .imscp_panel.swp:2 lines must begin with a keyword or a filename (possibly in double quotes)


    I don't know where to start my investigations.

    Any help would be greatly appreciated.


    Thansks

    Yes, normally the package is automatically installed but there is maybe a bug somewhere... I'll check on. And sorry, I answered too late each time... You were more fast than me...

    You're Welcome.


    I hope that this thread will help community.


    As we say in our contry : A plus tard.


    PS : comment faire pour marquer le thread en résolu ?

    The smarthost listener listen to some events that are trigggered by thei-MSCP installer to install required distribution package (libsasl2-modules) and inject the required Postfix configuration stanza into the Posfix main.cf configuration file. Therefore, you need to rerun the i-MSCP installer to make the changes effective. From your i-MSCP archive, run: perl imscp-autoinstall -danv

    Thanks NuxWin for the command line...

    your one include installaing dependencies? is it right ?

    Hi All..

    As I found the solution, I share with the community.

    Note, when you have to use SASL in postfix, be sure to have libsasl2-modules installed on your system.


    Code
    1. # apt-get install libsasl2-modules


    And Voila !!!

    Sorry for the noise.

    Hi everyone...

    So I found that I need to run the installer...

    so :

    Code
    1. # locate imscp-autoinstall
    2. # cd /where/the/file/is/located
    3. # perl imscp-autoinstall -dr mta


    But now I got this error :

    Code
    1. relay=ssl0.ovh.net[193.70.18.144]:587, delay=5.6, delays=0.08/0.02/5.5/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server ssl0.ovh.net[193.70.18.144]: no mechanism available

    Here is part of the "main.cf"


    Code
    1. relay_domains = hash:/etc/postfix/imscp/relay_domains
    2. relay_recipient_maps =
    3. relay_transport = relay
    4. relayhost = [ssl0.ovh.net]:587
    5. smtp_sasl_security_options = noanonymous
    6. smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd
    7. smtp_sasl_auth_enable = yes
    8. smtp_sasl_type = cyrus


    Does anyone have an idea ?

    Many Thanks