Notifications

Clear all

[Solved] Carbonio Mail : self-signed certificate ?

Install & Setup

Last Post by linganna.palepu 2 years ago

9 Posts

6 Users

4 Likes

1,791 Views

RSS

jnoel

(@jnoel)

Joined: 2 years ago

Posts: 9

Topic starter 01/12/2022 20:07

Hi !

I'd try Carbonio Mail, but at login, I received this message :

java.security.cert.CertPathValidatorExecption: Trust anchor for certification path not found.

Is it because of the self-signed certificate generated on Carbonio server ?

If yes, there is a way to test this app with a self-signed certificate ?

Thanks !

Quote

jnoel

(@jnoel)

Joined: 2 years ago

Posts: 9

Topic starter 01/12/2022 20:29

I specify that I speak about the android application Carbonio Mail

ReplyQuote

Matt

(@matt)

Joined: 5 years ago

Posts: 41

01/14/2022 13:10

Hello @jnoel,

due to security reasons, using valid SSL certs is mandatory in order to use the apps.

I would suggest generating and installing the Let's Encrypt certs in your Carbonio installation, this will resolve.

Hope this helps.

jnoel and jnoel reacted

ReplyQuote

jnoel

(@jnoel)

Joined: 2 years ago

Posts: 9

Topic starter 01/14/2022 13:12

Ok thanks i'll generate a let's encrypt certificate.

Matt and Matt reacted

ReplyQuote

jet

(@jet)

Joined: 2 years ago

Posts: 2

02/04/2022 04:22

@matt is there by any chance we have some sort of documentation on how to use letsencrypt with carbonio-ce?

ReplyQuote

nitram

(@nitram)

Joined: 2 years ago

Posts: 32

02/17/2022 07:53

Posted by: @jet

@matt is there by any chance we have some sort of documentation on how to use letsencrypt with carbonio-ce?

Yes, it would be fantastic to have a documentation on how to install LE on carbonio CE.

ither than that, the software could also be build with a function to fetch LE directly, most softares nowadays do that automatically.

ReplyQuote

Matt

(@matt)

Joined: 5 years ago

Posts: 41

02/17/2022 13:34

Hello @jet and @nitram,

these instructions should do the trick, please let me know 😉

Prerequisites: having generated the `privkey.pem`, `cert.pem` and `chain.pem` files with `certbot`.

Attention: `--preferred-chain "ISRG Root X1"` must be used. E.g. `certbot certonly --standalone --preferred-chain "ISRG Root X1"`.

Please refer to LetsEncrypt documentation for further information on this command.

On the Carbonio server:

## AS ROOT
## REMEMBER TO SUBSTITUTE `DOMAIN` with your domain name
cp /etc/letsencrypt/live/DOMAIN/privkey.pem /opt/zextras/ssl/carbonio/commercial/commercial.key

wget -O /tmp/ISRG-X1.pem  https://letsencrypt.org/certs/isrgrootx1.pem.txt 
cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/DOMAIN/chain.pem

cp /etc/letsencrypt/live/DOMAIN/cert.pem /tmp
cp /etc/letsencrypt/live/DOMAIN/chain.pem /tmp
chown zextras:zextras /opt/zextras/ssl/carbonio/commercial/commercial.key

su - zextras -c 'zmcertmgr verifycrt comm /opt/zextras/ssl/carbonio/commercial/commercial.key /tmp/cert.pem /tmp/chain.pem'
su - zextras -c 'zmcertmgr deploycrt comm /tmp/cert.pem /tmp/chain.pem'
su - zextras -c 'zmcontrol restart'

ReplyQuote

seroficom

(@seroficom)

Joined: 2 years ago

Posts: 3

03/28/2022 19:07

I have two errors in installing to validate my certificate; I detail the installation steps and I will put in bold two errors that they give me, I hope you can guide me.
I am using Zextras Carbonio CE on Ubuntu

Installation:
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot certonly --standalone
sudo certbot renew --dry-run

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/mail.softnet.ec/fullchain.pem
Key is saved at: /etc/letsencrypt/live/mail.softnet.ec/privkey.pem
This certificate expires on 2022-06-26.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org .

If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

Then I type this:

cp /etc/letsencrypt/live/mail.softnet.ec/privkey.pem /opt/zextras/ssl/carbonio/commercial/commercial.key

wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt
"/tmp/ISRG-X1.pem: Permission denied"

cat /tmp/ISRG-X1.pem>> /etc/letsencrypt/live/mail.softnet.ec/fullchain.pem

cp /etc/letsencrypt/live/mail.softnet.ec/cert.pem /tmp
cp /etc/letsencrypt/live/mail.softnet.ec/fullchain.pem /tmp

chown zextras:zextras /opt/zextras/ssl/carbonio/commercial/commercial.key

su - zextras -cn 'zmcertmgr verifycrt comm /opt/zextras/ssl/carbonio/commercial/commercial.key /tmp/cert.pem /tmp/fullchain.pem'
" Verifying '/tmp/cert.pem' against '/opt/zextras/ssl/carbonio/commercial/commercial.key'**
Certificate '/tmp/cert.pem' and private key '/opt/zextras/ssl/carbonio/commercial/commercial.key' match.
** Verifying '/tmp/cert.pem' against '/tmp/fullchain.pem'
ERROR: Unable to validate certificate chain: C = US, O = Internet Security Research Group, CN = ISRG Root X1
error 2 at 2 depth lookup: unable to get issuer certificate
error /tmp/cert.pem: verification failed"

ReplyQuote

linganna.palepu

(@linganna-palepu)

Joined: 3 years ago

Posts: 16

03/30/2022 09:43

>wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt
"/tmp/ISRG-X1.pem: Permission denied"

suggest you check the permissions of the /tmp/ISRG-X1.pem file before downloading it.

ReplyQuote

29 Forums
2,392 Topics
5,929 Posts
8 Online
22.8 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed