Letsencrypt installation issues

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
JDunphy
Outstanding Member
Outstanding Member
Posts: 521
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: 8.7.11_P14 RHEL6 Network Edition
Contact:

Re: Letsencrypt installation issues

Postby JDunphy » Thu Apr 04, 2019 11:32 pm

This is how we do it with acme.sh which is the script I use but if we wanted to use your http-01 method, the arguments would be as below. Notice: it is a little clearer that the script is also the webserver given that --standalone.

Code: Select all

acme.sh --issue --standalone -d mail.example.org -d mail.example.com -d mail.example.net

Which brings up an important point.. any port below 1024 requires root or the socket call with fail... So make sure you are running that certbot as root so it can bind to port 80.

Ref: https://unix.stackexchange.com/questions/16564/


User avatar
Rony
Posts: 22
Joined: Fri Jan 27, 2017 3:50 pm
Location: Canada
ZCS/ZD Version: 8.8.15 Network
Contact:

Re: Letsencrypt installation issues

Postby Rony » Fri Apr 05, 2019 7:02 pm

Hi Jim,
I feel frustrated and stupid, I have spent hours on the phone earlier with my ISP to realize they have in fact blocked port 80 few months ago despite a professional contract with a fixed IP address.
It had to be escalated to discover that information! So the issue was not on my side as I thought and after my time being wasted, I had no choice but to call again and cancel my contract.
I want to thank you again for your time and I am sorry.
I will try all over in a week when I will be with a new ISP.
User avatar
JDunphy
Outstanding Member
Outstanding Member
Posts: 521
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: 8.7.11_P14 RHEL6 Network Edition
Contact:

Re: Letsencrypt installation issues

Postby JDunphy » Fri Apr 05, 2019 7:51 pm

Rony wrote:Hi Jim,
I feel frustrated and stupid, I have spent hours on the phone earlier with my ISP to realize they have in fact blocked port 80 few months ago despite a professional contract with a fixed IP address.
It had to be escalated to discover that information! So the issue was not on my side as I thought and after my time being wasted, I had no choice but to call again and cancel my contract.
I want to thank you again for your time and I am sorry.
I will try all over in a week when I will be with a new ISP.

No worries... A good practice is learning to telnet into port 80 from an external location to verify this yourself. That catches these problems pretty quickly. This type of blocking happens from time to time... port 25 is often initially blocked on some low cost cloud providers until you request they remove the fw rule after host provisioning. I seem to remember a particularly bad ISP in Illinois that thought it was fun to keep their users guessing with randomly blocking SMTP/IMAP/POP3 ports which generated phone calls to our support lines that our services were down. Pretty common to experience this from time to time and it won't be your last.

ref: https://wiki.zimbra.com/wiki/Simple_Tro ... nd_Openssl

Return to “Administrators”

Who is online

Users browsing this forum: Majestic-12 [Bot] and 15 guests