Notifications
Clear all

[Solved] Carbonio Mail : self-signed certificate ?


jnoel
(@jnoel)
Joined: 6 months ago
Posts: 9
Topic starter  

Hi !

I'd try Carbonio Mail, but at login, I received this message :

java.security.cert.CertPathValidatorExecption: Trust anchor for certification path not found.

Is it because of the self-signed certificate generated on Carbonio server ?

If yes, there is a way to test this app with a self-signed certificate ?

Thanks !


Quote
jnoel
(@jnoel)
Joined: 6 months ago
Posts: 9
Topic starter  

I specify that I speak about the android application Carbonio Mail


ReplyQuote
Matt
 Matt
(@matt)
Joined: 3 years ago
Posts: 31
 

Hello @jnoel,

 

due to security reasons, using valid SSL certs is mandatory in order to use the apps.

I would suggest generating and installing the Let's Encrypt certs in your Carbonio installation, this will resolve.

 

Hope this helps.


jnoel liked
ReplyQuote
jnoel
(@jnoel)
Joined: 6 months ago
Posts: 9
Topic starter  

Ok thanks i'll generate a let's encrypt certificate.


Matt liked
ReplyQuote
jet
 jet
(@jet)
Joined: 5 months ago
Posts: 2
 

@matt is there by any chance we have some sort of documentation on how to use letsencrypt with carbonio-ce?


ReplyQuote
nitram
(@nitram)
Joined: 7 months ago
Posts: 23
 
Posted by: @jet

@matt is there by any chance we have some sort of documentation on how to use letsencrypt with carbonio-ce?

Yes, it would be fantastic to have a documentation on how to install LE on carbonio CE.

 

ither than that, the software could also be build with a function to fetch LE directly, most softares nowadays do that automatically.


ReplyQuote
Matt
 Matt
(@matt)
Joined: 3 years ago
Posts: 31
 

Hello @jet and @nitram,

these instructions should do the trick, please let me know 😉

Prerequisites: having generated the `privkey.pem`, `cert.pem` and `chain.pem` files with `certbot`.

Attention: `--preferred-chain "ISRG Root X1"` must be used. E.g. `certbot certonly --standalone --preferred-chain "ISRG Root X1"`.

Please refer to LetsEncrypt documentation for further information on this command.

On the Carbonio server:

## AS ROOT
## REMEMBER TO SUBSTITUTE `DOMAIN` with your domain name
cp /etc/letsencrypt/live/DOMAIN/privkey.pem /opt/zextras/ssl/carbonio/commercial/commercial.key

wget -O /tmp/ISRG-X1.pem  https://letsencrypt.org/certs/isrgrootx1.pem.txt 
cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/DOMAIN/chain.pem

cp /etc/letsencrypt/live/DOMAIN/cert.pem /tmp
cp /etc/letsencrypt/live/DOMAIN/chain.pem /tmp
chown zextras:zextras /opt/zextras/ssl/carbonio/commercial/commercial.key

su - zextras -c 'zmcertmgr verifycrt comm /opt/zextras/ssl/carbonio/commercial/commercial.key /tmp/cert.pem /tmp/chain.pem'
su - zextras -c 'zmcertmgr deploycrt comm /tmp/cert.pem /tmp/chain.pem'
su - zextras -c 'zmcontrol restart'

ReplyQuote
seroficom
(@seroficom)
Joined: 3 months ago
Posts: 3
 

I have two errors in installing to validate my certificate; I detail the installation steps and I will put in bold two errors that they give me, I hope you can guide me.
I am using Zextras Carbonio CE on Ubuntu

Installation:
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot certonly --standalone
sudo certbot renew --dry-run

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/mail.softnet.ec/fullchain.pem
Key is saved at: /etc/letsencrypt/live/mail.softnet.ec/privkey.pem
This certificate expires on 2022-06-26.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting  https://act.eff.org .


If you like Certbot, please consider supporting our work by:

Then I type this:

cp /etc/letsencrypt/live/mail.softnet.ec/privkey.pem /opt/zextras/ssl/carbonio/commercial/commercial.key

wget -O /tmp/ISRG-X1.pem  https://letsencrypt.org/certs/isrgrootx1.pem.txt
"/tmp/ISRG-X1.pem: Permission denied"

cat /tmp/ISRG-X1.pem>> /etc/letsencrypt/live/mail.softnet.ec/fullchain.pem

cp /etc/letsencrypt/live/mail.softnet.ec/cert.pem /tmp
cp /etc/letsencrypt/live/mail.softnet.ec/fullchain.pem /tmp

chown zextras:zextras /opt/zextras/ssl/carbonio/commercial/commercial.key

su - zextras -cn 'zmcertmgr verifycrt comm /opt/zextras/ssl/carbonio/commercial/commercial.key /tmp/cert.pem /tmp/fullchain.pem'
" Verifying '/tmp/cert.pem' against '/opt/zextras/ssl/carbonio/commercial/commercial.key'**
Certificate '/tmp/cert.pem' and private key '/opt/zextras/ssl/carbonio/commercial/commercial.key' match.
** Verifying '/tmp/cert.pem' against '/tmp/fullchain.pem'
ERROR: Unable to validate certificate chain: C = US, O = Internet Security Research Group, CN = ISRG Root X1
error 2 at 2 depth lookup: unable to get issuer certificate
error /tmp/cert.pem: verification failed"


ReplyQuote
linganna.palepu
(@linganna-palepu)
Joined: 11 months ago
Posts: 16
 

>wget -O /tmp/ISRG-X1.pem   https://letsencrypt.org/certs/isrgrootx1.pem.txt
"/tmp/ISRG-X1.pem: Permission denied"

 

suggest you check the permissions of the /tmp/ISRG-X1.pem file before downloading it.

 

 


ReplyQuote