This bug refers:
https://bugs.koozali.org/show_bug.cgi?id=11773Essentially an upgrade to dehydrated 0.7.0, which is the program that generates letsencrypt SSL certificates, means that certificates generated by 0.7.0 are using a new key algorithm.
That is fine for httpd and ftp, but due to some older libraries it trips up the mail system.
The simple fix right now is to do the following:
yum --enablerepo=smetest install smeserver-letsencrypt(This will move to the smecontribs repo soon)
This should install :
smeserver-letsencrypt.noarch 0:0.5-18
You can then check the config file
cat /etc/dehydrated/configWe need to see "KEY_ALGO=rsa" :
# SME Server does not support yet elliptic curve (qpsmtpd and perl-IO-SOcket-SSL < 1.95)
KEY_ALGO=rsaThen run this to force new certificates:
dehydrated -c -x
signal-event ssl-updateYou should now see RSA certificates if you test here:
https://www.ssllabs.com/ssltest/Certificate #1: RSA 4096 bits (SHA256withRSA)
Apologies for any inconvenience. I had looked at the release and did not notice the change. I installed it on my test box and httpd checked out but did not check mail
Of course it didn't change immediately until a new certificate was generated.....
[edited to set the correct package]
2 Replies
696 Views