NethServer Community

Expired Certificate

conan58 (Greg Stuart) August 29, 2022, 5:51pm 21

Hello Dan,
This is Greg I used up all of my reply’s "which apparently I can only reply 18 times. Ok, so I was able to use that command and I did not get an error.

danb35 (Dan) August 29, 2022, 6:03pm 22

…and are you now seeing that your cert is current?

conan58 (Greg Stuart) August 29, 2022, 6:12pm 23

No it is saying the same thing:

When I download the PEM chain it does match the chain.pem in the 0002 directory.

danb35 (Dan) August 29, 2022, 6:18pm 24

Can you post the contents of fullchain.pem? And what site are you browsing to when you see that error? Because when I browse to nethserver.cuicable.com, I’m seeing a Cloudflare cert.

conan58 (Greg Stuart) August 29, 2022, 6:24pm 25

Browsing to mx1.cuicable.com

-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgISBKFf49GXbeenW3wTct2yossGMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjA4MjkxNjMxMDVaFw0yMjExMjcxNjMxMDRaMCIxIDAeBgNVBAMT
F25ldGhzZXJ2ZXIuY3VpY2FibGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAvZmrRA1NyZ+j35XzjjuT1DlW4RSF8jR/LjhidxP11/ahszZCoNi0
Wp7pTFBuAnDtZwR8hPMZj49CKys2ZW97Y/cQdeiP5KpX1KrqhzBU3KkDCNBQu6tU
6OCgrO8sCOWouifWTWqCiTlQVmlPmLS3OL+ojWs8K2LCysJ1ETkvI4hUn5zuH6Hs
XqQ+FoYF3lfQuv6g7V4H2B63QbsZQZ9AeAQZAyxEUmAWMTM4+jFeQr5TMWrgRHrc
8OysHZDzwbwHy7KeCpMzOSmERN0GdLZ13C5AOtolFK0ZfT8iEINGk3sVyoHFB22h
KQbiZcLD8TVNK7pss9twetWyeV6tjpXH0QIDAQABo4ICjzCCAoswDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E
AjAAMB0GA1UdDgQWBBRRxExcw5bb3LGC8Y30QlE6oguc4jAfBgNVHSMEGDAWgBQU
LrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGG
FWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmku
bGVuY3Iub3JnLzBeBgNVHREEVzBVgg5teDEuYXZ4aW5jLmNvbYIQbXgxLmN1aWNh
YmxlLmNvbYIYbXgxLm1pbGxlcmZvdW5kYXRpb24ubmV0ghduZXRoc2VydmVyLmN1
aWNhYmxlLmNvbTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAo
MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisG
AQQB1nkCBAIEgfYEgfMA8QB3AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBi
lgb2AAABguqoK2kAAAQDAEgwRgIhALJiv7W5d0avWR65Vl/kxOgFXqRSSO3SO7K4
y/2spP2FAiEA09cqKYWJWr1KSWhDbYGxUPoiyaW0mBIgEH0kSjI+QIkAdgBGpVXr
dfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAYLqqCtzAAAEAwBHMEUCIDmi
8N3ZQX98NGAb4/0J81ToBmuv0ksMzUSZMJD8PzJXAiEA9oltNbff/K9bqoLzotkt
drS4AABvhojWsF5H3k0SsN0wDQYJKoZIhvcNAQELBQADggEBAB6kcasOIjhSnimG
s75Tpjw4sj9u5LggE/HzSkbya114bWJ48q/YyL0yZtAQtiTwRd9cDwReBXdeQfsj
eVX6oVUjvFnKGLQo6+iEmmd52eVHFzsylP0QACWm1YTxKWM/ciDgvp9fpPonYwcA
Ymp+opozudhTsWMAd7WOOZeTAKo2jsfRXoQFCJl7LM2JXg/frjxVvf2ZrkUuMFbQ
Yjx8GY6M6tPsh7SRhTW0cLtgzHnZ8kstoGGVq33E3c8nShckULeXh2Re+pk73aAj
02I29dv8QPEscByusEDQGvb91X1m4EZgQoVcTIedA0eBa7caQu8G5enMEMbf8WhU
qHGHPjM=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----

danb35 (Dan) August 29, 2022, 6:47pm 26

That certificate is valid 29 Aug - 27 Nov, but I’m also seeing that mx1.cuicable.com is serving an expired cert. Restarting the server would likely resolve this, but the certificate-update event should have also. Is mx1.cuicable.com actually hosted on the Nethserver machine?

conan58 (Greg Stuart) August 29, 2022, 7:15pm 27

Yes mx1.cuicable.com is hosted on the Nethserver.

michelandre (Michel-André) August 29, 2022, 7:54pm 28

If you have both 0001 and 0002 suffixes, you can have a look at:

Make sure you didn’t reach the 5/7 limit for Let’s Encrypt requests.

Keep in mind that this solution is dangerous…

Michel-André

Lets Encrypt creating multiple folders

gstuart (Greg) September 7, 2022, 1:58pm 29

Ok, I just did a data backup and then did a restart. No Sogo is no longer working. The service refuses to start. The error is below.

[root@nethserver log]# systemctl status sogod
● sogod.service - SOGo is a groupware server
   Loaded: loaded (/usr/lib/systemd/system/sogod.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2022-09-07 08:35:14 CDT; 22min ago
 Main PID: 1616 (code=exited, status=1/FAILURE)

Sep 07 08:35:11 nethserver.cuicable.com systemd[1]: Starting SOGo is a groupware server...
Sep 07 08:35:14 nethserver.cuicable.com sogod[1616]: 2022-09-07 08:35:14.213 sogod[1616:1616] unable to get status of desc...iptor
Sep 07 08:35:14 nethserver.cuicable.com systemd[1]: Started SOGo is a groupware server.
Sep 07 08:35:14 nethserver.cuicable.com systemd[1]: sogod.service: main process exited, code=exited, status=1/FAILURE
Sep 07 08:35:14 nethserver.cuicable.com systemd[1]: Unit sogod.service entered failed state.
Sep 07 08:35:14 nethserver.cuicable.com systemd[1]: sogod.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@nethserver log]#

Now what?

gstuart (Greg) September 7, 2022, 2:10pm 30

This is the error I see in syslog:
nethserver sogod: 2022-09-07 08:19:50.410 sogod[17631:17631] unable to get status of descriptor 2 - Bad file descriptor