Hello,
I am trying to generate a Let's Encrypt certificate for my domain and it's giving me an SSH error. I'm not sure what SSH has to do with it but here is the error message - anyone have a solution for this?
system failure: exception executing command certbot certonly --agree-tos --email zextras@example.com -n --keep --webroot -w /opt/zextras --cert-name mail.example.com -d mail.example.com with {RemoteManager: mail.example.com->zextras@mail.example.com:22} org.apache.sshd.common.SshException: No more authentication methods available
I did set up the shell using /etc/ssh/sshd_config to disable password authentication and only allow key based auth.. I don't know if that has to do with it but I did go back and re-enable password authentication and it made no difference.
Thanks,
Rich
Hi,
Could you please share with us which port the SSH service is running?
root@mail:~# netstat -alpn | grep sshd
Regards,
Sharif
Hi,
Could you please share with us which port the SSH service is running?
root@mail:~# netstat -alpn | grep sshd
Regards,
Sharif
netstat -alpn | grep sshd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1163587/sshd: /usr/ tcp 0 176 172.16.21.10:22 192.168.5.100:55675 ESTABLISHED 1161670/sshd: root@ unix 3 [ ] STREAM CONNECTED 31317758 1163587/sshd: /usr/ unix 2 [ ] STREAM CONNECTED 31304649 1161670/sshd: root@
Standard port 22.
Okay then, share the output of :
root@mail:~# ufw status
and
root@mail:~# cat /etc/ssh/sshd_config | grep -i authentication
Regards,
Sharif
Okay then, share the output of :
root@mail:~# ufw statusand
root@mail:~# cat /etc/ssh/sshd_config | grep -i authentication
Regards,
Sharif
UFW is not installed
Password Authentication is enabled (Yes).
I am also using pubkey authentication but I have verified that I am able to log in both with and without passwords. Root is also permitted to log in.
Thanks,
Rich
Try run this as zextras user:
zmupdateauthkeys
Hope it fixes it
Try run this as zextras user:
zmupdateauthkeys
Hope it fixes it
Isn't this if you're using multiple servers? I am on a single server. Ran it anyway and I'm still getting the same error.
Yes it is... but sometimes all it's needed is update the authkey =)
My suggestion is you to return default ssh setup and try again... it's obviously an erro related with some minor ssh setup that's preventing zextras user from authenticate.
It's pretty much at default now - the only thing that is different is that root is prohibited from logging in with password. Is there any way we could troubleshoot this? I am not even sure what certbot is doing with SSH anyway? I've installed certificates manually on Zimbra servers and while it's usually a bit of a process the commands all work and everything ends up working. With this it's a web interface with everything behind the scenes so I don't know what is actually happening. Yes I know it's open source so I could go and look but I really don't know where to start with that.
Rich
You can always do it in the very same way we used to do it in Zimbra. Before 23.9.0 that's the way I used to do it and it works well.
Yes, that's true - even in Zimbra there was an interface in the admin panel that never worked for me. I think they program it a specific way to work with the tools at the time and then the tool changes and the UI no longer works. Evolution of programming I guess.
In the interest of saving time I may just go ahead and manually get/install a cert. I would really like to see the interface work as it simplifies things but meh...
Well... all I can say is that you're out of luck... I have done is flawlessly in 3 servers with 23.9.0 so far
I even wrote an article about it
@rwebb616 We have updated last week the guidelines on the docs, testing them successfully in the process. Can you please check if it works for you and report back if you still have any issues?
@stefanodavid I have tested it in 23.7.0 and it actually issue the certificate running certbot as expected, but it doesn't deploy it on the domain.
May you tell me what Carbonio does after it get's the certificates done? I'll like to try run this commands by hand in 23.7.0