Pour les administrateurs systèmes page à jour : AdminSys
LinuxAzurAdminSys
30 aout 2019
Reste à faire :
problème avec le certifcat de mail sur h24.linux-azur.org:993 périmé le 28 aout 2019.
sudo netstat -ntlp | grep 993 tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1/init tcp6 0 0 :::993 :::* LISTEN 1/init lhardy@h24:~/letsencrypt$ sudo netstat -ntp | grep 993 tcp 0 0 185.45.253.51:993 91.166.171.228:52336 ESTABLISHED 2306/imap-login tcp 0 0 185.45.253.51:993 91.166.171.228:52340 ESTABLISHED 2310/imap-login tcp 0 0 185.45.253.51:993 91.166.171.228:52346 ESTABLISHED 3154/imap-login tcp 0 0 185.45.253.51:993 91.166.171.228:52348 ESTABLISHED 3156/imap-login tcp 0 0 185.45.253.51:993 91.166.171.228:52338 ESTABLISHED 2307/imap-login plhardy@h24:~$ sudo ls -la /proc/2306/exe lrwxrwxrwx 1 root root 0 août 30 09:28 /proc/2306/exe -> /usr/lib/dovecot/imap-login
configuration de dovecot
10-ssl.conf:ssl_cert = </etc/ssl/certs/dovecot.pem
plhardy@h24:/etc/dovecot$ ls -la /etc/ssl/certs/dovecot.pem
-rw-r--r-- 1 root root 1472 août 28 2017 /etc/ssl/certs/dovecot.pem
certificat autosigné Subject: C=FR, ST=PACA, L=ANTIBES, O=Linux Azur, OU=MAIL Server, CN=
- .linux-azur.org/emailAddress=postmaster@linux-azur.org
- Validity
- Not Before: Aug 28 20:07:39 2017 GMT
- Not After : Aug 28 20:07:39 2019 GMT
- Subject: C=FR, ST=PACA, L=ANTIBES, O=Linux Azur, OU=MAIL Server, CN=
- arrêt de apache2 pour pouvoir faire la certification en local.
- Validity
- A FAIRE : nettoyage des configurations letsencrypt inutilisées.//
Juillet 2019
etherpad ne semble pas avoir été configuré en https , en tout cas je n\'ai pas trouvé le certificat qui validerait pad.linux-azur.org.
voir [[etherpad]]
Certificat qui périme
les sites à vérifier
https://linux-azur.org
https://www.linux-azur.org
https://blog.linux-azur.org
https://webmail.linux-azur.org
https://secure.linux-azur.org/webmail/
ATTENTION nous sommes plusieurs ( philippe & fx ) à mettre cela à jour cela a entrainé des incohérences.
Renouvelé jusqu\"au 28 septembre 2019
- 18 septembre 2019 Ceci veut dire qu\'il faudra le renouveller fin aout.*
Les certificats letsencrypt ont une durée de validité de 3 mois, il est conseillé de les renouveller un mois à l\'avance, donc tous les deux mois il faut s\'assurer de bien faire le travail.
En pratique PhilippeLhardy s\'en occupe en ssh en utilisant letsencrypt certbot-auto
nom principal blog.linux-azur.org
nom secondaires ( X509v3 Subject Alternative Name )
blog.linux-azur.org compta.linux-azur.org git.linux-azur.org jm2l.linux-azur.org linux-azur.org lists.linux-azur.org secure.linux-azur.org stats.linux-azur.org webmail.linux-azur.org wiki.linux-azur.org www.linux-azur.org
blank to select all options shown (Enter \'c\' to cancel): 4,5,6,7,8,13,14,15,16,17
Si on oubli un mail de letsencrypt nous le rappelle :
Hello, Your certificate (or certificates) for the names listed below will expire in 20 days (on 10 Jul 19 10:36 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors. We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let\'s Encrypt\'s current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details. blog.linux-azur.org compta.linux-azur.org git.linux-azur.org jm2l.linux-azur.org linux-azur.org lists.linux-azur.org secure.linux-azur.org stats.linux-azur.org webmail.linux-azur.org wiki.linux-azur.org www.linux-azur.org For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can\'t provide support by email. For details about when we send these emails, please visit https://letsencrypt.org/docs/expiration-emails/. In particular, note that this reminder email is still sent if you\'ve obtained a slightly different certificate by adding or removing names. If you\'ve replaced this certificate with a newer one that covers more or fewer names than the list above, you may be able to ignore this message. If you are receiving this email in error, unsubscribe at http://mandrillapp.com/track/unsub.php?u=30850198&id=f117ae2d86b6498dae984035e1518f02.xv1f%2FR%2FvJfm%2FQBJppCrM7eUOmY8%3D&r=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dadmin%2540linux-azur.org You may need to update your client to the latest version in case it is still using the deprecated TLS-SNI-01 validation method. https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209 Step-by-step instructions for updating Certbot are here: https://community.letsencrypt.org/t/how-to-stop-using-tls-sni-01-with-certbot/83210 Regards, The Let\'s Encrypt Team