[BlueOnyx:23879] ca-bundle.crt is not updated
Tomohiro Hosaka
bokutin at gmail.com
Fri May 22 11:20:48 -05 2020
Hi,
I'm sorry to bother you with frequent bug reports.
/usr/share/ssl/certs/ca-bundle.crt is not updated when getting the
certificate from /ssl/letsencryptCert control panel.
# ls -al /usr/share/ssl/certs/sendmail.pem /usr/share/ssl/certs/ca-bundle.crt
-r--r--r-- 1 root root 222148 May 23 00:44
/usr/share/ssl/certs/ca-bundle.crt <- old
-rw------- 1 root root 5496 May 23 01:04
/usr/share/ssl/certs/sendmail.pem <- This one has been updated.
Does not succeed is starttls in this state.
# echo | openssl s_client -starttls smtp -connect localhost:25 | grep
'^/C=US/O=Let'
(nothing)
(The normal case)
# echo | openssl s_client -starttls smtp -connect localhost:25 | grep
'^/C=US/O=Let'
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
It will be updated by running
/usr/sausalito/constructor/base/email/syncEmailService.pl.
Then restart sendmail and it should work.
To my understanding, calling syncEmailService.pl is either:
* systemctl restart cced.construct.service
* reboot
If this is correct, some people may have trouble with the initial ssl setup.
This is the last bug report we know of.
Thanks,
More information about the Blueonyx
mailing list