Problem with gettin...
 
Notifications
Clear all

Problem with getting letsencrypt renewal

22 Posts
6 Users
1 Reactions
1,407 Views
 jppo
(@jppo)
Joined: 1 year ago
Posts: 57
Topic starter  

Hello,

I am using a Letsencrypt cert for my mail server and I get remainder from letsencrypt about the renewal of my certificate.

I install the carbonio "certbot" software ant the timer is active and I get twice a day a log file saying :

---------------------------------------------------------

2024-03-14 22:41:05,723:DEBUG:certbot._internal.main:certbot version: 2.7.2
2024-03-14 22:41:05,723:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/zextras/common/certbot/bin/carbonio-certbot
2024-03-14 22:41:05,723:DEBUG:certbot._internal.main:Arguments: ['-q']
2024-03-14 22:41:05,723:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-03-14 22:41:05,729:DEBUG:certbot._internal.log:Root logging level set at 40
2024-03-14 22:41:05,730:DEBUG:certbot._internal.display.obj:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-03-14 22:41:05,730:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2024-03-14 22:41:05,730:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-03-14 22:41:05,730:DEBUG:certbot._internal.renewal:no renewal failures

-------------------------------------------------------------------------------------------

No renewal is attempted and there are only 7 days left ... what can I do ?

Regards

JP P

 


   
Quote
 jppo
(@jppo)
Joined: 1 year ago
Posts: 57
Topic starter  

Hello,

I am using a Letsencrypt cert for my mail server and I get remainder from letsencrypt about the renewal of my certificate.

I install the carbonio "certbot" software ant the timer is active and I get twice a day a log file saying :

---------------------------------------------------------

2024-03-14 22:41:05,723:DEBUG:certbot._internal.main:certbot version: 2.7.2
2024-03-14 22:41:05,723:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/zextras/common/certbot/bin/carbonio-certbot
2024-03-14 22:41:05,723:DEBUG:certbot._internal.main:Arguments: ['-q']
2024-03-14 22:41:05,723:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-03-14 22:41:05,729:DEBUG:certbot._internal.log:Root logging level set at 40
2024-03-14 22:41:05,730:DEBUG:certbot._internal.display.obj:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-03-14 22:41:05,730:DEBUG:certbot._internal.display.obj:Notifying user: No renewals were attempted.
2024-03-14 22:41:05,730:DEBUG:certbot._internal.display.obj:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2024-03-14 22:41:05,730:DEBUG:certbot._internal.renewal:no renewal failures

-------------------------------------------------------------------------------------------

No renewal is attempted and there are only 7 days left ... what can I do ?

Regards

JP P


   
ReplyQuote
 jppo
(@jppo)
Joined: 1 year ago
Posts: 57
Topic starter  

Sorry to post twice, but I had some Internet access problems .....


   
ReplyQuote
(@anahuac)
Joined: 2 years ago
Posts: 328
 

All I can suggest is to use to read my article about it to do certificates out from Carbonio UI.

https://www.anahuac.eu/lets-encrypt-on-carbonio-system-root-with-acme-sh/

You can also reach us in Telegram: https://t.me/CarbonioMail

Regards


   
ReplyQuote
(@mrmastii)
Joined: 9 months ago
Posts: 5
 

@jppo I am am having same problem.

Carbonio CE - Ver 24.1.0. Rockey Linux 8

 

When I run certbot from command line I am getting this error:

[zextras@server ~]$ certbot
An unexpected error occurred:
KeyError: 'manual'
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-6yuviekg/log or re-run Certbot with -v for more details.

 

 

This post was modified 9 months ago by mrmastii

   
ReplyQuote
(@mrmastii)
Joined: 9 months ago
Posts: 5
 

Additional info :

[zextras@server~]$ cat /tmp/certbot-log-ymn42ken/log
2024-03-17 17:57:13,781:DEBUG:certbot._internal.main:certbot version: 2.7.2
2024-03-17 17:57:13,781:DEBUG:certbot._internal.main:Location of certbot entry point: /opt/zextras/common/certbot/bin/carbonio-certbot
2024-03-17 17:57:13,781:DEBUG:certbot._internal.main:Arguments: ['-v']
2024-03-17 17:57:13,781:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry()
2024-03-17 17:57:13,786:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/zextras/common/certbot/bin/carbonio-certbot", line 8, in <module>
sys.exit(main())
File "/opt/zextras/common/certbot/lib/python3.8/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/opt/zextras/common/certbot/lib/python3.8/site-packages/certbot/_internal/main.py", line 1852, in main
config = cli.prepare_and_parse_args(plugins, cli_args)
File "/opt/zextras/common/certbot/lib/python3.8/site-packages/certbot/_internal/cli/__init__.py", line 369, in prepare_and_parse_args
helpful.add(
File "/opt/zextras/common/certbot/lib/python3.8/site-packages/certbot/_internal/cli/helpful.py", line 439, in add
self.actions.append(self._add(topics, *args, **kwargs))
File "/opt/zextras/common/certbot/lib/python3.8/site-packages/certbot/_internal/cli/helpful.py", line 462, in _add
if not isinstance(topic, bool) and self.visible_topics[topic]:
KeyError: 'manual'
2024-03-17 17:57:13,786:ERROR:certbot._internal.log:An unexpected error occurred:
2024-03-17 17:57:13,786:ERROR:certbot._internal.log:KeyError: 'manual'


   
ReplyQuote
 jppo
(@jppo)
Joined: 1 year ago
Posts: 57
Topic starter  

Hello,

None of these methods did work, so I had to :

1) load the certbot software

2) Execute the certbot software

3) Use the end of the méthod from https://www.anahuac.eu/lets-encrypt-on-carbonio-system-root-with-acme-sh/ to verify and install the certificate.

 

Regards

JP P


   
ReplyQuote
(@sharif)
Admin
Joined: 3 years ago
Posts: 593
 

@jppo 

Hi,

I can understand the complexities and annoyance about the renewal of Let's encrypt SSL certificates. In Carbonio CE, you do not need to do any manual work to renew your Let's encrypt certificate.

There is a carbonio-certbot.timer that can take care of the renewal process autometically.

systemctl status carbonio-certbot.timer

Please do check out this link. Try and let us know how it goes?

https://docs.zextras.com/carbonio-ce/html/admincli/management/letsencrypt.html#index-0

I hope it helps.

Regards,

Sharif

 


   
ReplyQuote
 jppo
(@jppo)
Joined: 1 year ago
Posts: 57
Topic starter  

Hello,

I have an upgrade of Carbonio since my previous posts and as my certificate was renewed 5 days ago I will not see any difference before 70/75 days.
The certbot timer seems to be ok :
carbonio-certbot.timer - Run Carbonio Certbot twice daily
Loaded: loaded (/lib/systemd/system/carbonio-certbot.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Thu 2024-03-21 19:41:22 CET; 5 days ago
Trigger: Wed 2024-03-27 00:54:22 CET; 50min left
Triggers: ● carbonio-certbot.service

I am an old user of Zimbra so, I know certificates problems ...

Regards

JP P


   
ReplyQuote
(@anahuac)
Joined: 2 years ago
Posts: 328
 

I'm also an old Zimbras's user/admin so I have done a lot of material to help people feel comfortable migrating to Carbonio CE.

I wrote this article about certificates and I hope it helps you out: https://www.anahuac.eu/lets-encrypt-on-carbonio-system-root-with-acme-sh/

You can also join us in Telegram: https://t.me/CarbonioMail

 


   
ReplyQuote
(@mrmastii)
Joined: 9 months ago
Posts: 5
 

Thank you all for providing guidance, however none to the above steps helped, not even the manual steps @anahuac provided.

For some reason it is falling back to old expired cert.

Additionally, I have tried to upgrade from 24.1 to 24.3 and installation got stuck and failed on "carbonio-openjdk-cacerts-3.98-1.el8.x86_64".

Next steps that I am planing is to create brand new Linux -> Install Carbonio -> migrate from old server to new one. My question is are there any instructions / steps to move from one sever to new server (similar to what we had for zimbra)?

Note: I have been using Zimbra for over 8 years and 'am bit familiar with that arch

All your guidance is appreciated


   
ReplyQuote
(@anahuac)
Joined: 2 years ago
Posts: 328
 

I'm sorry to hear you're in such big trouble... did you try to restore self-signes certificate? and start from scratch?

On the migration topic, I think my Z2C tool might help: https://www.anahuac.eu/zimbra-to-carbonio-z2c/

It's originally designed to help migrate from Zimbra to Carbonio, but I'm very confident it works to C2C as well. Give it a try.

You can also join us in Telegram: https://t.me/CarbonioMail

 


   
ReplyQuote
(@mrmastii)
Joined: 9 months ago
Posts: 5
 

I have not tried restoring self- sign certificate, that is an excellent idea to try that and report back.


   
ReplyQuote
(@mrmastii)
Joined: 9 months ago
Posts: 5
 

I tried to restore self-signed cert but still no luck. I am really surprised with this behaviour. I use these steps

 

I guess I will try to create new machine and move it over and see if that works


   
ReplyQuote
(@talkfixy)
Joined: 9 months ago
Posts: 2
 

I'm also an old Zimbras's user/admin so I have done a lot of material to help people feel comfortable migrating to Carbonio CE.


   
ReplyQuote
Page 1 / 2