Nethsec 8 & NS 8 migration - Lets encrypt / internal-external email server

Support
, , , ,
1

NethServer Version: NS8
Module: Certificate / Lets Encrypt. Mail, Webtop5, Roundcube

Give you some background, on my travels in this migration I put in place NethSecurity 8 and ran that for a about two weeks or more to see how it ran with NS7. To get a feel how it would work with my current setup at that time.

(Note: I did do testing before for both NethServer 8 and NethSecurity - just not at the same time)

I finally decided to do the migration plan for NethServer 8 I had put together and began the migration on this last Friday evening. After I finished the migration, everything seem to be migrated.

Still working out the kinks on my migration. I have a couple of challenges to get through. I will stick with the two most important ones.

So first is Let’s Encrypt -

So now that I have both NethSecure and NethServer 8 I am unsure of which one I should try to first request a certificate from Let Encrypt, or if it even matters.

But when I submit a request for a certificate from Lets eiither to Encrypt I keep getting pending on NethSecurity and Not obtained on NethServer.

I heard somewhere (can not remember who) that NethSecurity and NethServer 8 are suppose to work with each other or something like that. Is there something I need to do there to get them working together?

I use Register.com for my domain Registrar, I have check my setting with DNS on registar and they seem to be correct. As far as I know my settings for NethSecurity and NethServer 8 are correct as well.

2024-07-29_12-28
2024-07-29_12-281621Ă—661 35.1 KB

2024-07-29_12-29
2024-07-29_12-291627Ă—359 19.9 KB

2024-07-29_12-29_1
2024-07-29_12-29_11660Ă—705 49.9 KB

I can’t seem to find the proxy side of NS8. I know @Andy_Wismer said if you have Samba running and AD not to load other DNS.

I am at a loss to find the proxy side of NethServer 8. I do see NethVoice Proxy, but I don’t think that is what I am look for.

Outside of Let Encrypt my Email doesn’t seem to be working. (I normally could login to Webtop locally, but it doesn’t seem I can now)

I did a quick loggin via webtop via FQDN and it looks like everything migrated over. I don’t want to do this to many times without Let’s Encrypt working.
So challenge is with my setup is that neither NethSecurity 8 or Nethsever 8 can pull a certificate from Let’s Encrypt.

If we need a differnet post for the Email not working, that’s fine.

-SF-

2

NS8 uses Traefik (exposed on the UI through http routes section).
NethSecurity uses nginx as reverse proxy.
If you mean the old webproxy, it is gone.

Certificates might make more sense on the firewall, but don’t take my word for it (other members will know better). The firewall migration module for ns7 is supposed to be able to migrate certificate configuration from ns7 to nethsec.

On NS8 you can install a nethsec controller app to manage nethsec from within ns8.

2 Likes
3

Yes, you answer this in two posts. I will list the other below.

Ok, now that I made a proxy to Webtop. I can see that it looks like everything migrated like I noticed before. I can see that the email server is receiving emails. It looks like my email server is working like it should. Not worried about emails server at this point now.

So on to the Certificates…

I would agree, I think I would want it setup on the firewall.

So I was just short of migrating it and my certificate expired before I did the migration. Otherwise I am sure it would have migrated the Lets encrypt cert.

Still unable to get either the Nethsecurity or Nethserver 8 to pull a Let Encrypt cert. I am uncertain as to why.

I tried on recently for NethSecurity seen below -

2024-07-29_16-37
2024-07-29_16-372554Ă—898 122 KB

I only did mycomputervisions.com. normally I have a couple that I add to this one. But I just wanted to see if this one would work alone at this time. But it does not.

Thoughts?

4

The certificate generation process can take a few minutes. During this time, the certificate status is Pending.

5

Yes. I agree. It can take a few minutes. Unfortunately. All the times I installed one on Nethsecurity - left it for days and it never finalized. The current one I did today is still in pending and it’s been well over 20mins or more.

I would guess waiting is not the issue. It must be something else.

6

for nethsec you can get some debug messages