Carbonio 23.9.0 adm...
 
Notifications
Clear all

[Solved] Carbonio 23.9.0 admin panel trying to get a Let's Encrypt Certificate

45 Posts
6 Users
2 Reactions
2,308 Views
(@rwebb616)
Joined: 8 years ago
Posts: 56
Topic starter  

Hello,

I am trying to generate a Let's Encrypt certificate for my domain and it's giving me an SSH error.  I'm not sure what SSH has to do with it but here is the error message - anyone have a solution for this?  

system failure: exception executing command certbot certonly --agree-tos --email zextras@example.com -n --keep --webroot -w /opt/zextras --cert-name mail.example.com -d mail.example.com with {RemoteManager: mail.example.com->zextras@mail.example.com:22} org.apache.sshd.common.SshException: No more authentication methods available

I did set up the shell using /etc/ssh/sshd_config to disable password authentication and only allow key based auth.. I don't know if that has to do with it but I did go back and re-enable password authentication and it made no difference.

Thanks,

Rich


   
Quote
(@sharif)
Admin
Joined: 2 years ago
Posts: 433
 

@rwebb616

Hi,

Could you please share with us which port the SSH service is running?

root@mail:~# netstat -alpn | grep sshd

 

 

Regards,

Sharif


   
ReplyQuote
(@rwebb616)
Joined: 8 years ago
Posts: 56
Topic starter  

Posted by: @sharif

@rwebb616

Hi,

Could you please share with us which port the SSH service is running?

root@mail:~# netstat -alpn | grep sshd

 

 

Regards,

Sharif

 

 netstat -alpn | grep sshd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1163587/sshd: /usr/
tcp        0    176 172.16.21.10:22         192.168.5.100:55675     ESTABLISHED 1161670/sshd: root@
unix  3      [ ]         STREAM     CONNECTED     31317758 1163587/sshd: /usr/
unix  2      [ ]         STREAM     CONNECTED     31304649 1161670/sshd: root@

 

Standard port 22.


   
ReplyQuote
(@sharif)
Admin
Joined: 2 years ago
Posts: 433
 

@rwebb616

Okay then, share the output of :

root@mail:~# ufw status

and

root@mail:~# cat /etc/ssh/sshd_config | grep -i authentication

 

Regards,

Sharif


   
ReplyQuote
(@rwebb616)
Joined: 8 years ago
Posts: 56
Topic starter  

Posted by: @sharif

@rwebb616

Okay then, share the output of :

root@mail:~# ufw status

and

root@mail:~# cat /etc/ssh/sshd_config | grep -i authentication

 

Regards,

Sharif

 

UFW is not installed

Password Authentication is enabled (Yes).  

I am also using pubkey authentication but I have verified that I am able to log in both with and without passwords.  Root is also permitted to log in.

Thanks,

Rich

 


   
ReplyQuote
(@anahuac)
Joined: 1 year ago
Posts: 309
 

Try run this as zextras user:

zmupdateauthkeys

 

Hope it fixes it

 

 


   
ReplyQuote
(@rwebb616)
Joined: 8 years ago
Posts: 56
Topic starter  

Posted by: @anahuac

Try run this as zextras user:

zmupdateauthkeys

 

Hope it fixes it

 

 

Isn't this if you're using multiple servers?  I am on a single server.  Ran it anyway and I'm still getting the same error.

 


   
ReplyQuote
(@anahuac)
Joined: 1 year ago
Posts: 309
 

Yes it is... but sometimes all it's needed is update the authkey =)

My suggestion is you to return default ssh setup and try again... it's obviously an erro related with some minor ssh setup that's preventing zextras user from authenticate. 


   
ReplyQuote
(@rwebb616)
Joined: 8 years ago
Posts: 56
Topic starter  

It's pretty much at default now - the only thing that is different is that root is prohibited from logging in with password.  Is there any way we could troubleshoot this?  I am not even sure what certbot is doing with SSH anyway?  I've installed certificates manually on Zimbra servers and while it's usually a bit of a process the commands all work and everything ends up working.  With this it's a web interface with everything behind the scenes so I don't know what is actually happening.  Yes I know it's open source so I could go and look but I really don't know where to start with that. 

Rich


   
ReplyQuote
(@anahuac)
Joined: 1 year ago
Posts: 309
 

You can always do it in the very same way we used to do it in Zimbra. Before 23.9.0 that's the way I used to do it and it works well.


   
ReplyQuote
(@rwebb616)
Joined: 8 years ago
Posts: 56
Topic starter  

Yes, that's true - even in Zimbra there was an interface in the admin panel that never worked for me.  I think they program it a specific way to work with the tools at the time and then the tool changes and the UI no longer works.  Evolution of programming I guess. 

In the interest of saving time I may just go ahead and manually get/install a cert.  I would really like to see the interface work as it simplifies things but meh... 


   
ReplyQuote
(@anahuac)
Joined: 1 year ago
Posts: 309
 

Well... all I can say is that you're out of luck... I have done is flawlessly in 3 servers with 23.9.0 so far

I even wrote an article about it

Let’s Encrypt on Carbonio – Easy as never before


   
ReplyQuote
(@stefanodavid)
Joined: 3 years ago
Posts: 167
 

@rwebb616 We have updated last week the guidelines on the docs, testing them successfully in the process. Can you please check if it works for you and report back if you still have any issues? 

https://docs.zextras.com/carbonio-ce/html/adminpanel/domains.html#procedure-to-install-a-let-s-encrypt-certificate


   
ReplyQuote
(@anahuac)
Joined: 1 year ago
Posts: 309
 

@stefanodavid Nice!

have you tested it in 23.7.0?

 


   
ReplyQuote
(@anahuac)
Joined: 1 year ago
Posts: 309
 

@stefanodavid I have tested it in 23.7.0 and it actually issue the certificate running certbot as expected, but it doesn't deploy it on the domain.

May you tell me what Carbonio does after it get's the certificates done? I'll like to try run this commands by hand in 23.7.0

 


   
ReplyQuote
Page 1 / 3