[BlueOnyx:23879] ca-bundle.crt is not updated

Tomohiro Hosaka bokutin at gmail.com
Fri May 22 11:20:48 -05 2020


Hi,

I'm sorry to bother you with frequent bug reports.

/usr/share/ssl/certs/ca-bundle.crt is not updated when getting the
certificate from /ssl/letsencryptCert control panel.

# ls -al /usr/share/ssl/certs/sendmail.pem /usr/share/ssl/certs/ca-bundle.crt
-r--r--r-- 1 root root 222148 May 23 00:44
/usr/share/ssl/certs/ca-bundle.crt <- old
-rw------- 1 root root   5496 May 23 01:04
/usr/share/ssl/certs/sendmail.pem  <- This one has been updated.

Does not succeed is starttls in this state.

# echo | openssl s_client -starttls smtp -connect localhost:25 | grep
'^/C=US/O=Let'
(nothing)

(The normal case)
# echo | openssl s_client -starttls smtp -connect localhost:25 | grep
'^/C=US/O=Let'
/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

It will be updated by running
/usr/sausalito/constructor/base/email/syncEmailService.pl.
Then restart sendmail and it should work.

To my understanding, calling syncEmailService.pl is either:
* systemctl restart cced.construct.service
* reboot

If this is correct, some people may have trouble with the initial ssl setup.

This is the last bug report we know of.

Thanks,


More information about the Blueonyx mailing list