[BlueOnyx:23881] Re: ca-bundle.crt is not updated
Michael Stauber
mstauber at blueonyx.it
Fri May 22 11:59:55 -05 2020
Hi Tomohiro Hosaka,
> I'm sorry to bother you with frequent bug reports.
It's totally fine. I appreciate it. Please keep them comming!
> /usr/share/ssl/certs/ca-bundle.crt is not updated when getting the
> certificate from /ssl/letsencryptCert control panel.
>
> # ls -al /usr/share/ssl/certs/sendmail.pem /usr/share/ssl/certs/ca-bundle.crt
> -r--r--r-- 1 root root 222148 May 23 00:44
> /usr/share/ssl/certs/ca-bundle.crt <- old
> -rw------- 1 root root 5496 May 23 01:04
> /usr/share/ssl/certs/sendmail.pem <- This one has been updated.
>
> Does not succeed is starttls in this state.
>
> It will be updated by running
> /usr/sausalito/constructor/base/email/syncEmailService.pl.
> Then restart sendmail and it should work.
Hmmm. That's weird. But yeah, the ca-bundle.crt *should* get updated
when a new cert is requested or a renewal takes place.
> It will be updated by running
> /usr/sausalito/constructor/base/email/syncEmailService.pl.
> Then restart sendmail and it should work.
Yes, that is correct. I'm in the middle of making dinner, so I'll check
this more thoroughly within the next hour or two. But from what it seems
we might need a CCE handler that updates the ca-bundle.crt (and
sendmail.pm) on AdmServ cert creation/renewal. That way we can make do
without having to restart CCEd.
I'll see to it today. Many thanks for digging these issues up and for
reporting them. Great work!
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list