Certificate problem
Certificate problem
Hello,
I'm coming here to finish a question from this forum : https://www.apachelounge.com/viewtopic. ... 8503#38503
As i said on this forum, i have an apache web server with letsencrypt certificate (thanks to mod_md !).
I have set up my two domains to have the same mx pointing to mail.bagu.biz (witch is on the certificate)
But when i replace my cacert certificate by the letsencrypt certificate, everything fail on the client side.
And, there is no error message on hmailserver.
So : Is there something i miss ? Or, is there a difference between cacert certificate and letsencrypt certificate ?
I'm coming here to finish a question from this forum : https://www.apachelounge.com/viewtopic. ... 8503#38503
As i said on this forum, i have an apache web server with letsencrypt certificate (thanks to mod_md !).
I have set up my two domains to have the same mx pointing to mail.bagu.biz (witch is on the certificate)
But when i replace my cacert certificate by the letsencrypt certificate, everything fail on the client side.
And, there is no error message on hmailserver.
So : Is there something i miss ? Or, is there a difference between cacert certificate and letsencrypt certificate ?
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
I enable debug and i get this :
"DEBUG" 8232 "2019-09-19 17:47:19.697" "TCP connection started for session 6"
"DEBUG" 8232 "2019-09-19 17:47:19.698" "Performing SSL/TLS handshake for session 6. Verify certificate: False"
"DEBUG" 1900 "2019-09-19 17:47:19.718" "The read operation failed. Bytes transferred: 0 Remote IP: 172.16.0.1, Session: 6, Code: 335856658, Message: sslv3 alert bad certificate"
"DEBUG" 1900 "2019-09-19 17:47:19.718" "Ending session 6"
The certificate work well for the web server...
"DEBUG" 8232 "2019-09-19 17:47:19.697" "TCP connection started for session 6"
"DEBUG" 8232 "2019-09-19 17:47:19.698" "Performing SSL/TLS handshake for session 6. Verify certificate: False"
"DEBUG" 1900 "2019-09-19 17:47:19.718" "The read operation failed. Bytes transferred: 0 Remote IP: 172.16.0.1, Session: 6, Code: 335856658, Message: sslv3 alert bad certificate"
"DEBUG" 1900 "2019-09-19 17:47:19.718" "Ending session 6"
The certificate work well for the web server...
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
In your Debug log its unclear if its a SMTP or IMAP or POP3
Session. Your Client also is trying to negiotate a SSLv3
Session which is unsecure and thats why in newer hMailServer versions SSLv3 support was removed.
As said before.You need two certificates and its corresponding key files. The other Problem is, mod_md
is trying to replace a SSL-Certificate file which was loaded
as the hMailServer Service was started by Windows. Keep in mind that mod_md was developed to renew Apache2
Virtualhost SSL-Certificates on the fly and was not tested
by its Developers to work with hMailServer as well.
Try to restart hMailServer Windows Service manually after
mod_md has renewed your LE SSL-Certificates.
Session. Your Client also is trying to negiotate a SSLv3
Session which is unsecure and thats why in newer hMailServer versions SSLv3 support was removed.
As said before.You need two certificates and its corresponding key files. The other Problem is, mod_md
is trying to replace a SSL-Certificate file which was loaded
as the hMailServer Service was started by Windows. Keep in mind that mod_md was developed to renew Apache2
Virtualhost SSL-Certificates on the fly and was not tested
by its Developers to work with hMailServer as well.
Try to restart hMailServer Windows Service manually after
mod_md has renewed your LE SSL-Certificates.
Re: Certificate problem
Hello and thanks for your answer.
The problem happen in SMTP and IMAP session.
I use Thunderbird and i don't know why it's trying to negotiate a SSLv3 session.
For mod_md, the certificate is in place since a while.
Maybe i may use a copy of certificate/key instead of the certificate in mod_md folder.
Also, i always restart hmailserver service after changing certificate, so i think it's not the problem.
The problem happen in SMTP and IMAP session.
I use Thunderbird and i don't know why it's trying to negotiate a SSLv3 session.
For mod_md, the certificate is in place since a while.
Maybe i may use a copy of certificate/key instead of the certificate in mod_md folder.
Also, i always restart hmailserver service after changing certificate, so i think it's not the problem.
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
In your log, it clearly says "bad certificate".
Thats a Error message rooted in OpenSSL's
Security Library which is used by hMailServer to handle SSL-Stuff. It means it cannot load mod_md's LE renewed
SSL-Certificate because it seens to be corrupt or is formatted in a way OpenSSL doesn't understand.
Thats a Error message rooted in OpenSSL's
Security Library which is used by hMailServer to handle SSL-Stuff. It means it cannot load mod_md's LE renewed
SSL-Certificate because it seens to be corrupt or is formatted in a way OpenSSL doesn't understand.
Re: Certificate problem
It's really strange because i use the same certificate for my website and everything appear ok Oo
And https://www.checktls.com/TestReceiver say that everything is ok when i set the LE certificate.
Argh ! :S
And https://www.checktls.com/TestReceiver say that everything is ok when i set the LE certificate.
Argh ! :S
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
Run this and post the results
viewtopic.php?f=20&t=30914
SSLv3.0 is broken and should be depreciated
I don't think that a modern apache server has SSLv3.0 enabled in default settings, I think you need to specifically add it.
If your hMailserver allows SSLv3.0 (which it looks like it does) then the certificate that you have may not like that, and may be too complex to allow SSLv3.0 connections.
I suspect turning SSLv3.0 OFF in hMailserver will solve this for you
viewtopic.php?f=20&t=30914
SSLv3.0 is broken and should be depreciated
I don't think that a modern apache server has SSLv3.0 enabled in default settings, I think you need to specifically add it.
If your hMailserver allows SSLv3.0 (which it looks like it does) then the certificate that you have may not like that, and may be too complex to allow SSLv3.0 connections.
I suspect turning SSLv3.0 OFF in hMailserver will solve this for you
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Certificate problem
Code: Select all
2019-09-20 Hmailserver: 5.7.0-B2429
DOMAINS
"Domain1.com" - baxx.bix Enabled: True
|- "Alias1.com" - maxx.baxx.bix
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 7000 Enabled: True
Max message size: 30000 Header: Relaxed Plus addressing: True
Max size of accounts: 2000 Body: Relaxed Character: +
Algorithm: SHA256 Greylisting: True
Private key: e:\www\wwwbagubiz\certificats\privatedkimkey.txt
Selector: mail
"Domain2.com" - baxx.fr Enabled: True
|- "Alias2.com" - maxx.baxx.fr
SIGNATURE LIMITS DKIM ADVANCED
Enabled: False Max size: 4000 Enabled: True
Max message size: 30000 Header: Relaxed Plus addressing: True
Max size of accounts: 4000 Body: Relaxed Character: +
Algorithm: SHA256 Greylisting: True
Private key: e:\www\wwwbagufr\certificats\privatedkimkey.txt
Selector: mail
-----------------------------------------------------------------------------------------------
IP RANGES
IP: 127.0.0.1 - 127.0.0.1 Priority: 500 Name: My computer
Allow connections Other
SMTP: True Antispam : True
POP3: True !! Protocol DISABLED !! Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - True
IP: 172.16.0.1 - 172.16.1.255 Priority: 400 Name: Local Network
Allow connections Other
SMTP: True Antispam : True
POP3: True !! Protocol DISABLED !! Antivirus: True
IMAP: True SSL/TLS: False
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - True External To External - True
IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet
Allow connections Other
SMTP: True Antispam : True
POP3: True !! Protocol DISABLED !! Antivirus: True
IMAP: True SSL/TLS: True
Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - True External To External - True
!! Warning: DEFAULT DOMAIN is SET !! - "Domain1.com"
------------------------------------------------------
AUTOBANNED Local Addresses:
172.16.0.1 Expires : 25/09/2019 13:40:21
-----------------------------------------------------------------------------------------------
AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 2
Minutes Before Reset: 1500 (25,00 hours, 1,04 days)
Minutes to Autoban: 8760 (146,00 hours, 6,08 days)
There is a total of 192 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------
INCOMING RELAYS
127.0.0.1 - 127.0.0.1
-----------------------------------------------------------------------------------------------
MIRRORING Disabled
-----------------------------------------------------------------------------------------------
PROTOCOLS
SMTP
GENERAL DELIVERY RFC COMPLIANCE ADVANCED
No. Connections: 0 No Retries: 5 Mins: 30 Plain Text: True Bind:
Host: Alias1.com Empty sender: True Batch recipients: 50
Max Msg Size: 30000 Relay:- Incorrect endings: True Use STARTTLS: True
(none entered) Disc. on invalid: True Delivered-To hdr: True
Max number commands: 2 Loop limit: 3
Recipient hosts: 25
Routes:
9bxxxxxxx.fr - S: Remote R: Remote - Addr: All (ok)
acxxxxxxx.fr - S: Remote R: Remote - Addr: All (ok)
grxxxxxxxxxxxxxxxxxxxxx.f- S: Remote R: Remote - Addr: All (ok)
loxxxxxxxxxxxxxx.fr - S: Remote R: Remote - Addr: All (ok)
mdxx.loxxxxxxxxxxxxxx.fr - S: Remote R: Remote - Addr: All (ok)
nexx.fr - S: Remote R: Remote - Addr: All (ok)
prxxxxxxx.com - S: Remote R: Remote - Addr: All (ok)
prxxxxxxx.fr - S: Remote R: Remote - Addr: All (ok)
prxxxxxxx.orx - S: Remote R: Local - Addr: All (ok)
sfx.fr - S: Remote R: Remote - Addr: All (ok)
tixxxxx.net - S: Remote R: Remote - Addr: Selective (ok)
yaxxx.fr - S: Remote R: Remote - Addr: All (ok)
POP3
!! Service Not Enabled !!
IMAP
GENERAL PUBLIC FOLDERS ADVANCED
No. Connections: 0 Public folder name: #Public IMAP sort: True
IMAP Quota: True
IMAP Idle: True
IMAP ACL: True
Delim: "."
-----------------------------------------------------------------------------------------------
ANTISPAM
GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 2 Use Spamassassin: True
Add X-HmailServer-Spam: True Check HELO host: True - 2 Hostname: 127.0.0.1
Add X-HmailServer-Reason: True Check MX records: True - 3 Port: 783
Add X-HmailServer-Subject: True Verify DKIM: True - 2 Use SA score: True
Subject Text: "*****SPAM*****"
Spam delete threshold: 20 Maximum message size: 4096
DNSBL ENTRIES:
zen.spamhaus.org Score: 2 Result: 127.0.0.*
psbl.surriel.com Score: 1 Result: 127.0.0.*
virbl.dnsbl.bit.nl Score: 1 Result: 127.0.0.*
b.barracudacentral.org Score: 2 Result: 127.0.0.*
bl.spamcop.net Score: 3 Result: 127.0.0.*
dnsbl.sorbs.net Score: 2 Result: 127.0.0.*
hostkarma.junkemailfilter.com Score: 2 Result: 127.0.0.2|127.0.0.4
cbl.abuseat.org Score: 2 Result: 127.0.0.2
all.spamrats.com Score: 2 Result: 127.0.0.38|127.0.0.43
SURBL ENTRIES:
multi.surbl.org Score: 2
GREYLISTING:
Greylisting: True Defer mins: 1 Days Unused: 3 Days Used: 365
Bypass SPF: True Bypass A/MX: False
Greylist WHITELIST ENTRIES:
IP Address: 127.0.0.1
IP Address: 88.184.248.22
Greylist DOMAINS enabled:
Domain1.com
|-- Alias1.com
Domain2.com
|-- Alias2.com
WHITELISTING
-----------------------------------------------------------------------------------------------
ANTIVIRUS
GENERAL:
When found - Delete Attachments.
Max Message Size: 10000
CLAM AV: True Hostname: 127.0.0.1 Port: 3310
CLAMWIN: False
CUSTOMAV: False
Block Attachments: True
*.bat Batch processing file
*.cmd Command file for Windows NT
*.com Command
*.cpl Windows Control Panel extension
*.csh CSH script
*.exe Executable file
*.exe.txt False text files
*.inf Setup file
*.js Fichiers javascript
*.lnk Windows link file
*.msi Windows Installer file
*.msp Windows Installer patch
*.reg Registration key
*.scf Windows Explorer command
*.scr Windows Screen saver
-----------------------------------------------------------------------------------------------
SSL CERTIFICATES
Bagu.biz
Certificate: D:\wamp\apache\md\domains\Domain1.com\pubcert.pem
Private key: D:\wamp\apache\md\domains\Domain1.com\privkey.pem
Certificat
Certificate: D:\Certificats\mail.Domain1.com.crt
Private key: D:\Certificats\mail.Domain1.com.key
-----------------------------------------------------------------------------------------------
SSL/TLS
SSL 3.0 : False
TLS 1.0 : False
TLS 1.1 : False
TLS 1.2 : True Verify Remote SSL/TLS Certs: False
SslCipherList :
-----------------------------------------------------------------------------------------------
TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - StartTLS Optional Cert: Certificat
0.0.0.0 / 143 / IMAP - StartTLS Optional Cert: Certificat
0.0.0.0 / 465 / SMTP - SSL/TLS Cert: Certificat
0.0.0.0 / 587 / SMTP - StartTLS Optional Cert: Certificat
0.0.0.0 / 993 / IMAP - SSL/TLS Cert: Certificat
-----------------------------------------------------------------------------------------------
LOGGING Logging Enabled: True
Paths:-
Current: D:\wamp\logs\hmailserver\\hmailserver_2019-09-20.log - !! NOT PRESENT !!
Error: D:\wamp\logs\hmailserver\\ERROR_hmailserver_2019-09-20.log
Event: D:\wamp\logs\hmailserver\\hmailserver_events.log - Last Event: 2019/09/20
Awstats: D:\wamp\logs\hmailserver\\hmailserver_awstats.log
APPLICATION - .
SMTP - True
POP3 - .
IMAP - .
TCPIP - .
DEBUG - .
AWSTATS - .
-----------------------------------------------------------------------------------------------
SYSTEM TESTS
Database type: MySQL
IPv6 support is available in operating system.
Backup directory F:\Sauvegardes\ServeurMail is writable.
Relative message paths are stored in the database for all messages.
There are no error logs in the log directory.
-----------------------------------------------------------------------------------------------
HMAILSERVER.INI
[Directories]
Program folder: D:\hMailServer\
Database folder:
Data folder: D:\hMailServer\Data
Log folder: D:\wamp\logs\hmailserver\
Temp folder: X:\Temp
Event folder: D:\hMailServer\Events\
[Database]
Type= MYSQL
Username= hmailserver
PasswordEncryption=1
Port= 3306
Server= 127.0.0.1
Internal= 0
[Settings]
DNSBLChecksAfterMailFrom=1
RewriteEnvelopeFromWhenForwarding=1
DisableAuthList=25
SepSvcLogs=1
-----------------------------------------------------------------------------------------------
Here it is, but i never enable sslv3, so i am a little bit disappointed
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
You have no ciphers? I'm not the expert on ssl/tls, but i do believe *something* has to be listed there.
Re: Certificate problem
Oh, i remove them to rewrite them...
Here are my ciphers :
I think i will replace it by :
Here are my ciphers :
Code: Select all
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM::ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
Code: Select all
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
As you are only running TLSv1.2 you could try this
HIGH:!TLSv1:!SSLv3;
It is what I run
HIGH:!TLSv1:!SSLv3;
It is what I run
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
Re: Certificate problem
bagu is using Hmailserver: 5.7.0-B2429.
This is not an official latest stable hMailServer version or Build. I believe the last information I saw was that MattG considers hMailServer 5.7.0-B2485 should still be considered an Alpha Build.
Current official stable latest hMailServer is 5.6.7-B2425.
Is it possible bagu is running into an unstable part or bug of hMailServer 5.7.0-B2429? An instability or bug that doesn't deal well with SSLv3.0. I also thought Martin said he had to remove SSLv3.0 in order to add TLSv1.3 but I don't know what Build he said he had to do that with.
This is not an official latest stable hMailServer version or Build. I believe the last information I saw was that MattG considers hMailServer 5.7.0-B2485 should still be considered an Alpha Build.
Current official stable latest hMailServer is 5.6.7-B2425.
Is it possible bagu is running into an unstable part or bug of hMailServer 5.7.0-B2429? An instability or bug that doesn't deal well with SSLv3.0. I also thought Martin said he had to remove SSLv3.0 in order to add TLSv1.3 but I don't know what Build he said he had to do that with.
Re: Certificate problem
jim.bus is quite right.
I'm using the Dravion version.
mattg : i will try your cipher
Thanks
I'm using the Dravion version.
mattg : i will try your cipher

hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
After some other tests, same prolem happen on v5.6.8 - Build 2451 (BETA) and vhMailServer 5.6.7 - Build 2425 with and without the mattg cipher
P.S. : new post because after a small amount of time, i can't edit my previous post
P.S. : new post because after a small amount of time, i can't edit my previous post
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
Have you tried with the default ciphers on any version?
Re: Certificate problem
I can't remember the default cipher and it seem there is no way to make it default again (maybe a futur feature ?
)
EDIT : ok, the default cipher is :
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
For archive purpose
RE-EDIT : same result

EDIT : ok, the default cipher is :
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
For archive purpose

RE-EDIT : same result
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
Have you tried creating a certificate using win-acme? It will export pem format certificates which can be used by both Apache and hmailserver. I created a couple of tutorials for win-acme in the tutorial forum.
Re: Certificate problem
I already try it, but it seem it failed to launch :
So i'm not sure it really work
Code: Select all
[EROR] Error loading any types from assembly D:\Certificats\GenLeCertificate\Utils\libbind9.dll: BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libbind9.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libbind9.dll", FusionLog="", Data=[], InnerException=BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libbind9.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libbind9.dll", FusionLog="", Data=[], InnerException=null, TargetSite=null, StackTrace=null, HelpLink=null, Source=null, HResult=-2146234344}, TargetSite=System.Reflection.AssemblyName nGetFileInformation(System.String), StackTrace=" à System.Reflection.AssemblyName.nGetFileInformation(String s)\r\n à System.Reflection.AssemblyName.GetAssemblyName(String assemblyFile)\r\n à PKISharp.WACS.Services.PluginService.GetTypes()", HelpLink=null, Source="mscorlib", HResult=-2146234344}
[EROR] Error loading any types from assembly D:\Certificats\GenLeCertificate\Utils\libdns.dll: BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libdns.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libdns.dll", FusionLog="", Data=[], InnerException=BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libdns.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libdns.dll", FusionLog="", Data=[], InnerException=null, TargetSite=null, StackTrace=null, HelpLink=null, Source=null, HResult=-2146234344}, TargetSite=System.Reflection.AssemblyName nGetFileInformation(System.String), StackTrace=" à System.Reflection.AssemblyName.nGetFileInformation(String s)\r\n à System.Reflection.AssemblyName.GetAssemblyName(String assemblyFile)\r\n à PKISharp.WACS.Services.PluginService.GetTypes()", HelpLink=null, Source="mscorlib", HResult=-2146234344}
[EROR] Error loading any types from assembly D:\Certificats\GenLeCertificate\Utils\libeay32.dll: BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libeay32.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libeay32.dll", FusionLog="", Data=[], InnerException=BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libeay32.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libeay32.dll", FusionLog="", Data=[], InnerException=null, TargetSite=null, StackTrace=null, HelpLink=null, Source=null, HResult=-2146234344}, TargetSite=System.Reflection.AssemblyName nGetFileInformation(System.String), StackTrace=" à System.Reflection.AssemblyName.nGetFileInformation(String s)\r\n à System.Reflection.AssemblyName.GetAssemblyName(String assemblyFile)\r\n à PKISharp.WACS.Services.PluginService.GetTypes()", HelpLink=null, Source="mscorlib", HResult=-2146234344}
[EROR] Error loading any types from assembly D:\Certificats\GenLeCertificate\Utils\libirs.dll: BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libirs.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libirs.dll", FusionLog="", Data=[], InnerException=BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libirs.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libirs.dll", FusionLog="", Data=[], InnerException=null, TargetSite=null, StackTrace=null, HelpLink=null, Source=null, HResult=-2146234344}, TargetSite=System.Reflection.AssemblyName nGetFileInformation(System.String), StackTrace=" à System.Reflection.AssemblyName.nGetFileInformation(String s)\r\n à System.Reflection.AssemblyName.GetAssemblyName(String assemblyFile)\r\n à PKISharp.WACS.Services.PluginService.GetTypes()", HelpLink=null, Source="mscorlib", HResult=-2146234344}
[EROR] Error loading any types from assembly D:\Certificats\GenLeCertificate\Utils\libisc.dll: BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libisc.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libisc.dll", FusionLog="", Data=[], InnerException=BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libisc.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libisc.dll", FusionLog="", Data=[], InnerException=null, TargetSite=null, StackTrace=null, HelpLink=null, Source=null, HResult=-2146234344}, TargetSite=System.Reflection.AssemblyName nGetFileInformation(System.String), StackTrace=" à System.Reflection.AssemblyName.nGetFileInformation(String s)\r\n à System.Reflection.AssemblyName.GetAssemblyName(String assemblyFile)\r\n à PKISharp.WACS.Services.PluginService.GetTypes()", HelpLink=null, Source="mscorlib", HResult=-2146234344}
[EROR] Error loading any types from assembly D:\Certificats\GenLeCertificate\Utils\libisccc.dll: BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libisccc.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libisccc.dll", FusionLog="", Data=[], InnerException=BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libisccc.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libisccc.dll", FusionLog="", Data=[], InnerException=null, TargetSite=null, StackTrace=null, HelpLink=null, Source=null, HResult=-2146234344}, TargetSite=System.Reflection.AssemblyName nGetFileInformation(System.String), StackTrace=" à System.Reflection.AssemblyName.nGetFileInformation(String s)\r\n à System.Reflection.AssemblyName.GetAssemblyName(String assemblyFile)\r\n à PKISharp.WACS.Services.PluginService.GetTypes()", HelpLink=null, Source="mscorlib", HResult=-2146234344}
[EROR] Error loading any types from assembly D:\Certificats\GenLeCertificate\Utils\libisccfg.dll: BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libisccfg.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libisccfg.dll", FusionLog="", Data=[], InnerException=BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libisccfg.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libisccfg.dll", FusionLog="", Data=[], InnerException=null, TargetSite=null, StackTrace=null, HelpLink=null, Source=null, HResult=-2146234344}, TargetSite=System.Reflection.AssemblyName nGetFileInformation(System.String), StackTrace=" à System.Reflection.AssemblyName.nGetFileInformation(String s)\r\n à System.Reflection.AssemblyName.GetAssemblyName(String assemblyFile)\r\n à PKISharp.WACS.Services.PluginService.GetTypes()", HelpLink=null, Source="mscorlib", HResult=-2146234344}
[EROR] Error loading any types from assembly D:\Certificats\GenLeCertificate\Utils\libns.dll: BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libns.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libns.dll", FusionLog="", Data=[], InnerException=BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libns.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libns.dll", FusionLog="", Data=[], InnerException=null, TargetSite=null, StackTrace=null, HelpLink=null, Source=null, HResult=-2146234344}, TargetSite=System.Reflection.AssemblyName nGetFileInformation(System.String), StackTrace=" à System.Reflection.AssemblyName.nGetFileInformation(String s)\r\n à System.Reflection.AssemblyName.GetAssemblyName(String assemblyFile)\r\n à PKISharp.WACS.Services.PluginService.GetTypes()", HelpLink=null, Source="mscorlib", HResult=-2146234344}
[EROR] Error loading any types from assembly D:\Certificats\GenLeCertificate\Utils\libxml2.dll: BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libxml2.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libxml2.dll", FusionLog="", Data=[], InnerException=BadImageFormatException {Message="Impossible de charger le fichier ou l'assembly 'libxml2.dll' ou une de ses dépendances. Le module était censé contenir un manifeste de l'assembly.", FileName="libxml2.dll", FusionLog="", Data=[], InnerException=null, TargetSite=null, StackTrace=null, HelpLink=null, Source=null, HResult=-2146234344}, TargetSite=System.Reflection.AssemblyName nGetFileInformation(System.String), StackTrace=" à System.Reflection.AssemblyName.nGetFileInformation(String s)\r\n à System.Reflection.AssemblyName.GetAssemblyName(String assemblyFile)\r\n à PKISharp.WACS.Services.PluginService.GetTypes()", HelpLink=null, Source="mscorlib", HResult=-2146234344}
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
I have exactly what you need.wonder if it's possible to have a wildcard certificate for two domains with mod_md.
I ask this because i have an hmailserver installation with only one certificate for *.bagu.fr and *.bagu.biz witch allow me to have smtp.bagu.fr and other things like that without having the need to have these subdomains responding with apache. (dns only)
https://hmailserver.com/forum/viewtopic ... 21&t=34386
Who is your domain host?
Re: Certificate problem
Yes, this one : https://pkisharp.github.io/win-acme/
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
My mail server answer througt mail.bagu.bizpalinka wrote: ↑2019-09-21 14:56I have exactly what you need.wonder if it's possible to have a wildcard certificate for two domains with mod_md.
I ask this because i have an hmailserver installation with only one certificate for *.bagu.fr and *.bagu.biz witch allow me to have smtp.bagu.fr and other things like that without having the need to have these subdomains responding with apache. (dns only)
https://hmailserver.com/forum/viewtopic ... 21&t=34386
Who is your domain host?
I just begin to read your post, but i need more time to understand what to download

hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
Do you have the min .NET?System requirements
Windows Server 2008 R2 or higher (though Windows 2008 has been reported to work)
.NET Framework version 4.7.2 or higher, which can be downloaded here
Re: Certificate problem
Yes, but i have a higher version...
I will try to install the 4.7.2 to see if it change something
Oh, i can't : ".NET Framework 4.7.2 ou une mise à jour ultérieure est déjà installé sur cet ordinateur."
I will try to install the 4.7.2 to see if it change something
Oh, i can't : ".NET Framework 4.7.2 ou une mise à jour ultérieure est déjà installé sur cet ordinateur."
Last edited by bagu on 2019-09-21 15:05, edited 1 time in total.
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
Oh, ok...
My registrar is Gandi but my dns provider is cloudflare.
I host my domains myself on the same server than hmailserver with apache. (that's why i use mod_md)
My registrar is Gandi but my dns provider is cloudflare.
I host my domains myself on the same server than hmailserver with apache. (that's why i use mod_md)
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
https://github.com/rmbolger/Posh-ACME/b ... dflare.ps1
If you insist on mod_md, it appears to be possible to do dns validation. Modify the script above to accept whatever parameters are sent by mod_md. Look at my tutorial as an example. That's exactly how i got it to work with win-acme.
Re: Certificate problem
mod_md:
Cloudflare.ps1
Test it by running in powershell:
If it fails, comment out all instances of @script:UseBasic and try again. Also, I haven't really looked at the script - all I did was add the same things I added to my provider's script. CFAuthToken & CFAuthTokenInsecure may actually be generated by the script. So if it doesn't work, try commenting out those variables at the top.
Wildcard Certificates
Wildcard certificates are possible with version 2.x of `mod_md``. But they are not straight-forward. Let's Encrypt requires the `dns-01` challenge verification for those. No other is considered good enough.
The difficulty here is that Apache cannot do that on its own. (which is also a security benefit, since corrupting a web server or the communication path to it is the scenario `dns-01` protects against). As the name implies, `dns-01` requires you to show some specific DNS records for your domain that contain some challenge data. So you need to _write_ your domain's DNS records.
If you know how to do that, you can integrated this with `mod_md`. Let's say you have a script for that in `/usr/bin/acme-setup-dns` you configure Apache with:and Apache will call this script when it needs to setup/teardown a DNS challenge record for a domain.Code: Select all
MDChallengeDns01 /usr/bin/acme-setup-dns
Assuming you want a certificate for `*.mydomain.com`, mod_md will call:and afterwards it will callCode: Select all
/usr/bin/acme-setup-dns setup mydomain.com challenge-data # this needs to remove all existing DNS TXT records for # _acme-challenge.mydomain.com and create a new one with # content "challenge-data"
Code: Select all
/usr/bin/acme-setup-dns teardown mydomain.com # this needs to remove all existing DNS TXT records for # _acme-challenge.mydomain.com
Cloudflare.ps1
Code: Select all
param(
[string]$Task,
[string]$RecordName,
[string]$TxtValue
)
# FILL IN THESE VARIABLES FROM YOUR CLOUDFLARE ACCOUNT
$CFAuthEmail = ''
$CFAuthKey = ''
$CFAuthToken = ''
$CFAuthTokenInsecure = ''
function Add-DnsTxtCloudflare {
[CmdletBinding(DefaultParameterSetName='Email')]
param(
[Parameter(Mandatory,Position=0)]
[string]$RecordName,
[Parameter(Mandatory,Position=1)]
[string]$TxtValue,
[Parameter(ParameterSetName='Email',Mandatory,Position=2)]
[string]$CFAuthEmail,
[Parameter(ParameterSetName='Email',Mandatory,Position=3)]
[string]$CFAuthKey,
[Parameter(ParameterSetName='Bearer',Mandatory,Position=2)]
[securestring]$CFToken,
[Parameter(ParameterSetName='BearerInsecure',Mandatory,Position=2)]
[string]$CFTokenInsecure,
[Parameter(ValueFromRemainingArguments)]
$ExtraParams
)
$apiRoot = 'https://api.cloudflare.com/client/v4/zones'
$authHeader = Get-CFAuthHeader @PSBoundParameters
Write-Verbose "Attempting to find hosted zone for $RecordName"
if (!($zoneID = Find-CFZone $RecordName $authHeader)) {
throw "Unable to find Cloudflare hosted zone for $RecordName"
}
# check for an existing record
$response = Invoke-RestMethod "$apiRoot/$zoneID/dns_records?type=TXT&name=$RecordName&content=$TxtValue" `
-Headers $authHeader -ContentType 'application/json' @script:UseBasic
# add the new TXT record if necessary
if ($response.result.Count -eq 0) {
$bodyJson = @{ type="TXT"; name=$RecordName; content=$TxtValue } | ConvertTo-Json
Write-Verbose "Adding $RecordName with value $TxtValue"
Invoke-RestMethod "$apiRoot/$zoneID/dns_records" -Method Post -Body $bodyJson `
-ContentType 'application/json' -Headers $authHeader @script:UseBasic | Out-Null
} else {
Write-Debug "Record $RecordName with value $TxtValue already exists. Nothing to do."
}
<#
.SYNOPSIS
Add a DNS TXT record to Cloudflare.
.DESCRIPTION
Use Cloudflare V4 api to add a TXT record to a Cloudflare DNS zone.
.PARAMETER RecordName
The fully qualified name of the TXT record.
.PARAMETER TxtValue
The value of the TXT record.
.PARAMETER CFAuthEmail
The email address of the account used to connect to Cloudflare API
.PARAMETER CFAuthKey
The Global API Key associated with the email address entered in the CFAuthEmail parameter.
.PARAMETER CFAuthToken
The scoped API Token that has been given read/write permissions to the necessary zones. This SecureString version can only be used from Windows or any OS with PowerShell Core 6.2+.
.PARAMETER CFAuthTokenInsecure
The scoped API Token that has been given read/write permissions to the necessary zones. This standard String version may be used with any OS.
.PARAMETER ExtraParams
This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports.
.EXAMPLE
Add-DnsTxtExample '_acme-challenge.site1.example.com' 'asdfqwer12345678' 'admin@example.com' 'xxxxxxxxxxxx'
Adds a TXT record for the specified site with the specified value.
#>
}
function Remove-DnsTxtCloudflare {
[CmdletBinding()]
param(
[Parameter(Mandatory,Position=0)]
[string]$RecordName,
[Parameter(Mandatory,Position=1)]
[string]$TxtValue,
[Parameter(ParameterSetName='Email',Mandatory,Position=2)]
[string]$CFAuthEmail,
[Parameter(ParameterSetName='Email',Mandatory,Position=3)]
[string]$CFAuthKey,
[Parameter(ParameterSetName='Bearer',Mandatory,Position=2)]
[securestring]$CFToken,
[Parameter(ParameterSetName='BearerInsecure',Mandatory,Position=2)]
[string]$CFTokenInsecure,
[Parameter(ValueFromRemainingArguments)]
$ExtraParams
)
$apiRoot = 'https://api.cloudflare.com/client/v4/zones'
$authHeader = Get-CFAuthHeader @PSBoundParameters
Write-Verbose "Attempting to find hosted zone for $RecordName"
if (!($zoneID = Find-CFZone $RecordName $authHeader)) {
throw "Unable to find Cloudflare hosted zone for $RecordName"
}
# check for an existing record
$response = Invoke-RestMethod "$apiRoot/$zoneID/dns_records?type=TXT&name=$RecordName&content=$TxtValue" `
-Headers $authHeader -ContentType 'application/json' @script:UseBasic
# remove the txt record if it exists
if ($response.result.Count -gt 0) {
$recID = $response.result[0].id
Write-Verbose "Removing $RecordName with value $TxtValue"
Invoke-RestMethod "$apiRoot/$zoneID/dns_records/$recID" -Method Delete `
-ContentType 'application/json' -Headers $authHeader @script:UseBasic | Out-Null
} else {
Write-Debug "Record $RecordName with value $TxtValue doesn't exist. Nothing to do."
}
<#
.SYNOPSIS
Remove a DNS TXT record from Cloudflare.
.DESCRIPTION
Use Cloudflare V4 api to remove a TXT record to a Cloudflare DNS zone.
.PARAMETER RecordName
The fully qualified name of the TXT record.
.PARAMETER TxtValue
The value of the TXT record.
.PARAMETER CFAuthEmail
The email address of the account used to connect to Cloudflare API.
.PARAMETER CFAuthKey
The Global API Key associated with the email address entered in the CFAuthEmail parameter.
.PARAMETER CFAuthToken
The scoped API Token that has been given read/write permissions to the necessary zones. This SecureString version can only be used from Windows or any OS with PowerShell Core 6.2+.
.PARAMETER CFAuthTokenInsecure
The scoped API Token that has been given read/write permissions to the necessary zones. This standard String version may be used with any OS.
.PARAMETER ExtraParams
This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports.
.EXAMPLE
Remove-DnsTxtExample '_acme-challenge.site1.example.com' 'asdfqwer12345678' 'admin@example.com' 'xxxxxxxxxxxx'
Removes a TXT record for the specified site with the specified value.
#>
}
function Save-DnsTxtCloudflare {
[CmdletBinding()]
param(
[Parameter(ValueFromRemainingArguments)]
$ExtraParams
)
<#
.SYNOPSIS
Not required.
.DESCRIPTION
This provider does not require calling this function to commit changes to DNS records.
.PARAMETER ExtraParams
This parameter can be ignored and is only used to prevent errors when splatting with more parameters than this function supports.
#>
}
############################
# Helper Functions
############################
function Get-CFAuthHeader {
[CmdletBinding(DefaultParameterSetName='Email')]
param(
[Parameter(ParameterSetName='Email',Mandatory,Position=0)]
[string]$CFAuthEmail,
[Parameter(ParameterSetName='Email',Mandatory,Position=1)]
[string]$CFAuthKey,
[Parameter(ParameterSetName='Bearer',Mandatory,Position=0)]
[securestring]$CFToken,
[Parameter(ParameterSetName='BearerInsecure',Mandatory,Position=0)]
[string]$CFTokenInsecure,
[Parameter(ValueFromRemainingArguments)]
$ExtraConnectParams
)
if ('Email' -eq $PSCmdlet.ParameterSetName) {
$authHeader = @{
'X-Auth-Email' = $CFAuthEmail
'X-Auth-Key' = $CFAuthKey
}
} elseif ('Bearer' -eq $PSCmdlet.ParameterSetName) {
$CFTokenInsecure = (New-Object PSCredential "user",$CFToken).GetNetworkCredential().Password
$authHeader = @{
Authorization = "Bearer $CFTokenInsecure"
}
} elseif ('BearerInsecure' -eq $PSCmdlet.ParameterSetName) {
$authHeader = @{
Authorization = "Bearer $CFTokenInsecure"
}
} else {
throw "Unable to determine valid auth headers."
}
return $authHeader
}
function Find-CFZone {
[CmdletBinding()]
param(
[Parameter(Mandatory,Position=0)]
[string]$RecordName,
[Parameter(Mandatory,Position=1)]
[hashtable]$AuthHeader
)
# setup a module variable to cache the record to zone mapping
# so it's quicker to find later
if (!$script:CFRecordZones) { $script:CFRecordZones = @{} }
# check for the record in the cache
if ($script:CFRecordZones.ContainsKey($RecordName)) {
return $script:CFRecordZones.$RecordName
}
$apiRoot = 'https://api.cloudflare.com/client/v4/zones'
# We need to find the zone ID for the closest/deepest sub-zone that would
# contain the record.
$pieces = $RecordName.Split('.')
for ($i=1; $i -lt ($pieces.Count-1); $i++) {
$zoneTest = "$( $pieces[$i..($pieces.Count-1)] -join '.' )"
Write-Debug "Checking $zoneTest"
$response = Invoke-RestMethod "$apiRoot/?name=$zoneTest" -Headers $AuthHeader @script:UseBasic
# The response object always contains a "result" array even if empty
if ($response.result.Count -gt 0) {
Write-Debug ($response | ConvertTo-Json -Depth 5)
$zoneID = $response.result[0].id
$script:CFRecordZones.$RecordName = $zoneID
return $zoneID
}
}
return $null
}
if ($Task -eq 'setup'){
Add-DnsTxtCloudflare $RecordName $TxtValue $CFAuthEmail $CFAuthKey $CFAuthToken $CFAuthTokenInsecure
}
if ($Task -eq 'teardown'){
Remove-DnsTxtCloudflare $RecordName $TxtValue $CFAuthEmail $CFAuthKey $CFAuthToken $CFAuthTokenInsecure
}
Code: Select all
PS C:\> C:\path\to\Cloudflare.ps1 setup mydomain.com challenge-data
Re: Certificate problem
Ok, i give many tries, but nothing work...
So, i read many docs, and here is how i get a working solution :
To avoid the need of stage 4
It look like easier for me, and it work like a charm for the moment (i don't already try to use cloudflare dnsplugin)
If the cloudflare plugin work (i will see that in 55 days), i will say it here and make an task to automate the process.
Thank you everyone
Thank you palinka to show me the Posh-ACME process
So, i read many docs, and here is how i get a working solution :
- i launch powershell as an admin
- Install Posh-ACME with this command :
Code: Select all
Install-Module -Name Posh-ACME
- Set the server as a production server (to use a staging server, replace LE_PROD by LE_STAGE) :
Code: Select all
Set-PAServer LE_STAGE
- Ask my certificate with :
Code: Select all
New-PACertificate '*.bagu.biz','*.bagu.fr' -AcceptTOS -Contact my@email.biz
- Then, i go to cloudflare to create the TXT Dns lines
- Validate the changes by pressing a key on powershell
- Then, i search my certificate with :
Code: Select all
Get-PACertificate | fl
- Get cert.key as key and fullchain.cer as public certificate
Code: Select all
$pArgs = @{ CFAuthEmail='my@email.biz'; CFAuthKey='mycloudflaresecretpassword' }
New-PACertificate '*.bagu.biz','*.bagu.fr' -AcceptTOS -Contact my@email.biz -DnsPlugin Cloudflare -PluginArgs $pArgs
It look like easier for me, and it work like a charm for the moment (i don't already try to use cloudflare dnsplugin)
If the cloudflare plugin work (i will see that in 55 days), i will say it here and make an task to automate the process.
Thank you everyone

Thank you palinka to show me the Posh-ACME process

hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
Im glad it worked. Try to use the script. It's for automation.
No more errors in hmailserver?
No more errors in hmailserver?
Re: Certificate problem
I will try it later, it's late for now 
And yes, no more error in hmailserver with this certificate.
So i search why the mod_md certificate don't work...It seem that there is something different...

And yes, no more error in hmailserver with this certificate.
So i search why the mod_md certificate don't work...It seem that there is something different...
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
jim.bus wrote: ↑2019-09-21 12:01bagu is using Hmailserver: 5.7.0-B2429.
This is not an official latest stable hMailServer version or Build. I believe the last information I saw was that MattG considers hMailServer 5.7.0-B2485 should still be considered an Alpha Build.
Current official stable latest hMailServer is 5.6.7-B2425.
Dravion's unofficial version is slightly different, for a start it uses a different SSL library that the official hMailserver version
The Alpha build of hMailserver that I am using is 5.7.0-B2486(x64) found here https://build.hmailserver.com/
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation
https://www.hmailserver.com/documentation
- jimimaseye
- Moderator
- Posts: 8864
- Joined: 2011-09-08 17:48
Re: Certificate problem
Note proof that these hybrid clones provided by dravion and others should be called something different to distinguish them from official Hmailserver. People world then know who to best ask. (Martin made this suggestion request but it fell on deaf ears).mattg wrote: ↑2019-09-22 02:58jim.bus wrote: ↑2019-09-21 12:01bagu is using Hmailserver: 5.7.0-B2429.
This is not an official latest stable hMailServer version or Build. I believe the last information I saw was that MattG considers hMailServer 5.7.0-B2485 should still be considered an Alpha Build.
Current official stable latest hMailServer is 5.6.7-B2425.Dravion's unofficial version is slightly different, for a start it uses a different SSL library that the official hMailserver version
The Alpha build of hMailserver that I am using is 5.7.0-B2486(x64) found here https://build.hmailserver.com/
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
Re: Certificate problem
I tend to agree there is confusion. If you don't check on what Build someone is asking questions on, you don't know if it is an official version or not. I'm not certain if this is the best way to go but I sort of feel either hMailServer is going to go forward as an existing product with efforts be put into evolving hMailServer or perhaps there should be another branch of the product which isn't confused with hMailServer. Personally I would like to see hMailServer evolve as a product. It has served me well over the years though it could be updated to keep in sync with other evolving products it uses such as MySQL which seems to have dropped 32 bit and isn't producing them anymore and upgrading to TLSv1.3, etc.jimimaseye wrote: ↑2019-09-22 08:28Note proof that these hybrid clones provided by dravion and others should be called something different to distinguish them from official Hmailserver. People world then know who to best ask. (Martin made this suggestion request but it fell on deaf ears).mattg wrote: ↑2019-09-22 02:58jim.bus wrote: ↑2019-09-21 12:01bagu is using Hmailserver: 5.7.0-B2429.
This is not an official latest stable hMailServer version or Build. I believe the last information I saw was that MattG considers hMailServer 5.7.0-B2485 should still be considered an Alpha Build.
Current official stable latest hMailServer is 5.6.7-B2425.Dravion's unofficial version is slightly different, for a start it uses a different SSL library that the official hMailserver version
The Alpha build of hMailserver that I am using is 5.7.0-B2486(x64) found here https://build.hmailserver.com/
Last I heard Martin upgraded to an Alpha or Beta version (whatever you want to call it) but then it seems it has died because I do not hear about much activity (from Martin at any rate) on it though I have only looked occasionally to see if anything was going on. I have some confidence in the official versions of hMailServer regarding being well tested. Personally right now I wouldn't want to go with any of the Builds beyond B2425 as I keep hearing of problems cropping up from people (not the people who are upgrading it but people who actually are seemingly users) who are installing them and then finding problems they post in the official hMailServer Forums looking for solutions. There is an Alpha Discussions Forum but the problems with these Alphas seems to get reported in the General Discussions Forum which I think adds to the confusion.
Re: Certificate problem
In my case, the problem occurs on the stable versions, beta and dravion.
So, I do not think it comes from hmailserver, but it comes from the certificate generated by mod_md.
In fact, if I use a certificate other than the one generated by mod_md, everything works fine.
Now, I'm watching Dravion's work carefully because I think it's about creating a cross-platform version of hmailserver, it's really a good idea.
By cons, use another name, although close (if martin is ok) would know that the dravion version is based on hmailserver.
So, I do not think it comes from hmailserver, but it comes from the certificate generated by mod_md.
In fact, if I use a certificate other than the one generated by mod_md, everything works fine.
Now, I'm watching Dravion's work carefully because I think it's about creating a cross-platform version of hmailserver, it's really a good idea.
By cons, use another name, although close (if martin is ok) would know that the dravion version is based on hmailserver.
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
With regards to cross platform, yes that is a good idea but the concern I have about that is apparently from what I've heard there are more developers who want to do Unix based OS development than Windows. One of the draws for me was that I wanted a Windows based Email Server and hMailServer is one of the few if not only email server that runs on Windows. If hMailServer continued to be just as supported as a Cross Platform version of hMailServer then I would think that would be wonderful but I do not want to see hMailServer die as an obsolete Windows application.bagu wrote: ↑2019-09-22 11:21In my case, the problem occurs on the stable versions, beta and dravion.
So, I do not think it comes from hmailserver, but it comes from the certificate generated by mod_md.
In fact, if I use a certificate other than the one generated by mod_md, everything works fine.
Now, I'm watching Dravion's work carefully because I think it's about creating a cross-platform version of hmailserver, it's really a good idea.
By cons, use another name, although close (if martin is ok) would know that the dravion version is based on hmailserver.
Re: Certificate problem
I doubt that this leads to this result if we consider that the builds must remain multi-platform.
Indeed, many developers would like to have a port of hmailserver because it is really within reach of all.
But if the basic idea of porting is that it remains multi-platform, there should be no problem. It depend on the lead or team lead.
Indeed, many developers would like to have a port of hmailserver because it is really within reach of all.
But if the basic idea of porting is that it remains multi-platform, there should be no problem. It depend on the lead or team lead.
hMailServer 5.6.8 With SpamAssassin 3.4.2
Re: Certificate problem
I come back to the original problem.
I successfully tested the command with the cloudflare plugin.
On the other hand, the original command seems to set up a profile with all the right parameters.
The command to update all is
I will test the order when the period allows me.
I successfully tested the command with the cloudflare plugin.
On the other hand, the original command seems to set up a profile with all the right parameters.
The command to update all is
Code: Select all
Submit-Renewal -PluginArgs @{CFAuthEmail='my@email.fr'; CFAuthKey='cloudflaresupersecretpassword'}
hMailServer 5.6.8 With SpamAssassin 3.4.2