View previous topic :: View next topic |
Author |
Message |
Akaihiryuu l33t
Joined: 08 May 2003 Posts: 794 Location: Columbus, OH
|
Posted: Fri Aug 06, 2021 12:32 am Post subject: Courier-imap no longer working after 10 years |
|
|
I'm using self signed certificates...this is a private server and I really don't care about getting signed certificates. But the problem is, that suddenly stopped working. I've been using the exact same script for years to regenerate my certificates when they expire. Only now, for some reason, it stopped working. My logs are getting spammed with this.
Code: | Aug 5 20:27:42 triforce imapd-ssl[22245]: ip=[::ffff:192.168.0.2], Certificate is bad |
This is the script I've been using for years, that works with everything else.
Code: | #!/bin/bash
SSL="/usr/bin/openssl"
${SSL} genrsa -out /etc/ssl/private/server.key 1024
${SSL} req -new -x509 -days 365 -key /etc/ssl/private/server.key -out /etc/ssl/private/server.crt
cat /etc/ssl/private/server.crt /etc/ssl/private/server.key > /etc/ssl/private/server.pem
chmod 640 /etc/ssl/private/* |
To use that with courier, I just ln -s /etc/ssl/private/server.pem /etc/courier-imap/imapd.pem
I don't understand why this is suddenly no longer working. I've had this exact same setup for at least 5 years now. |
|
Back to top |
|
|
NathanZachary Moderator
Joined: 30 Jan 2007 Posts: 2598
|
Posted: Fri Aug 06, 2021 2:38 am Post subject: |
|
|
This could be a permissions problem. I believe that 600 is required. Based on the error that you're getting, I don't think that it is a problem with it being self-signed (that error is typically "Peer's certificate is not signed by a trusted authority"). _________________ “Truth, like infinity, is to be forever approached but never reached.” --Jean Ayres (1972)
---avatar cropped from =AimanStudio--- |
|
Back to top |
|
|
Akaihiryuu l33t
Joined: 08 May 2003 Posts: 794 Location: Columbus, OH
|
Posted: Fri Aug 06, 2021 2:43 am Post subject: |
|
|
Just checked that, permissions seem to be correct. I'm at a complete loss. Still getting the same error spammed in my logs right after the server starts. The certificates are working for everything else (including Apache). I do have to accept self signed certificates, but I'm used to doing that.
Code: | drwx------ 2 root root 4096 Aug 5 20:16 private
-rw------- 1 root root 1074 Aug 5 22:31 server.crt
-rw------- 1 root root 887 Aug 5 22:31 server.key
-rw------- 1 root root 1961 Aug 5 22:31 server.pem
lrwxrwxrwx 1 root root 25 Aug 5 20:30 imapd.pem -> ../ssl/private/server.pem |
|
|
Back to top |
|
|
mike155 Advocate
Joined: 17 Sep 2010 Posts: 4438 Location: Frankfurt, Germany
|
|
Back to top |
|
|
Akaihiryuu l33t
Joined: 08 May 2003 Posts: 794 Location: Columbus, OH
|
Posted: Fri Aug 06, 2021 2:49 am Post subject: |
|
|
Ok, this is odd. I changed the permissions of the private folder to this, and it started working. After that, I changed everything back, restarted courier again, and it's still working. Now I'm completely confused, but at least it's working. But yeah, I checked that exact site several times for possible solutions without finding anything useful, before coming here.
Code: | drwxr-xr-x 2 root root 4096 Aug 5 20:16 private |
I can understand permissions problems. But courier runs as root anyway...what really confuses me is it's still working, after I changed the permissions back to what they were originally, when I was getting "certificate is bad". I first discovered this issue because I was missing 2 weeks worth of cron emails. I suddenly just got all my missing emails. |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2894 Location: Edge of marsh USA
|
Posted: Fri Aug 06, 2021 3:26 am Post subject: |
|
|
See my post in the following thread:
https://forums.gentoo.org/viewtopic-t-1104108-highlight-gendh.html
I cannot tell a lie. On line 35 of my local mkimapdcert, I gave myself 3650 days. I'm now a few months into my second 10 years stretch. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/17.1/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
|