For a couple of weeks now, I get a strange behavior:
Whenever there’s an automated let’s encrypt ssl renewal OR when I request it manually, the related ssl coniguration in config files of postfix and dovecot gets screwed.
Mainly:
/etc/dovecot/dovecot.conf
/etc/postfix/master.cf
/etc/postfix/sender_dependent_default_transport_maps
/etc/postfix/sni_map
I also try to use the “Copy SSL Certificate to Services” but nothing happens.
If I correct the configurations in the above files manually, adding the missing lines, then this button turns to “Remove SSL Certificate from Services” on his own.
I don’t get any relevant logs, so I’m wondering what’s happening behind the scenes. 'cause this breaks all the “mail chain” afterwards (and maybe other things I don’t realize).
When I mean it gets screwed it’s the fact that the certs gets apprently renewed correctly, no errors reported, but then, in the files listed it “removes” the lines for the corresponding domain (why ? IDK).
So in the end, the configuration file are not updated properly, no matter if it’s a new certificate or a renewal. I tried to check the webmin action logs but there’s no error reported.
What else can I check/monitor to report better the bug I’m facing ?
I noticed I’m able to reproduce the bug whenever I click on the “Copy SSL Certificate to Services”. I get no errors. After the action, the button stays the same.
If I go to webmin actions log, I see the “peripcerts domain MY-DOMAIN.TLD” action.
But no errors in there.
Ok that looks fine, as it indicates that Virtualmin is finding the certificate config for Dovecot and Postfix as expected. And hence when renewing, it should just update those files.
What command or UI action did you use to request a new cert?
As simple as Manage Virtual Server > Setup SSL Certificate > SSL providers.
And from there “Request Certificate”.
Fact is that it also breaks on automated renewals, where there no manual action…and that’s annoying.
So I presume there’s something wrong with letsencrypt scripts that renews certificate and/or maybe subsequent calls to other scripts…but I have no clue on how to debug this.
Is there anything you recall changing aside from the defaults, particularly in the “Virtualmin Configuration / SSL Settings” or “System Settings ⇾ Server Templates / SSL website for domain” pages?
Additionally, is the “Send outgoing email for domain from IP” option in the “Mail Options ⇾ Email Settings” page set to default or a specific IP?
I’m asking because I cannot reproduce it with Webmin 2.303 and Virtualmin 7.30.8.
Where is this option located, I don’t find it ? thanks !
I remember that at some point, saving postfix configuration (under Servers > Postfix Mail Server > General options) failed and I had to edit/save it manually.
Do you have an example maybe of correct configuration in “/etc/postfix/main.cf” for multiple servers with multiple IPs hosted?
I also remember that when that happened, I also add to change the “/etc/postfix/master.cf” to add these lines at the end (that were missing):
BTW, whenever I try to connect to postfix using telnet, it uses the “main server” histname, not the one related to the domain (like indicated above “mail.MY-DOMAIN.TLD”) with the EHLO command.