Kopano ICAL doesnt work

nils50122

Hello,

i try to turn ICAL download over HTTPS on my Kopano Server.

I try to rename “ical_listen:*8080” to “icals_listen:*8443” but after restart the kopano-ical service it fails.

The log from the ical-service tells me that the address is already in use.

Where is the fault?

2020-06-03T15:43:33.241309: [=======] Starting kopano-ical version 8.7.85 (pid 15024 uid 0)
2020-06-03T15:43:33.241696: [error  ] K-1559: bind 0.0.0.0:8443: Address already in use
2020-06-03T15:43:33.241732: [error  ] K-1559: bind [::]:8443: Address already in use
2020-06-03T15:47:29.316061: [=======] Starting kopano-ical version 8.7.85 (pid 15658 uid 0)
2020-06-03T15:47:29.332057: [=======] Starting kopano-ical version 8.7.85 (pid 15658 uid 992)

Martin

Hello @nils50122 ,

please check with the following command which service on your system already uses port 8443.

netstat -tulpen | grep :8443

Best regards
Martin

nils50122

> netstat -tulpen | grep :8443
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      0          762791635   21052/config    
tcp6       0      0 :::8443                 :::*                    LISTEN      0          762791637   21052/config   

Martin

Hi @nils50122 ,

on your system a different service is bind to port 8443. Maybe Tomecat, Spamassassin, Dovecot,…

You should check what service this is.

ps -ef | grep 21052 | grep -v grep

…gives you more details about your config-process (PID #21052) which uses port 8443.

Best regards
Martin

nils50122

There runs a Plesk Webserver.

Can i change the port from 8443 for example to 8444 in ical config?

Is it required to give the user “ical rights” or some other? The Adminiration Guide is not so helpful on ICAL config.

Martin

Hi @nils50122 ,

changing the suggested port from 8443 to 8444 is possible and you do not need to set special “ical rights” to your Kopano-User.

Best regards
Martin

nils50122

root@mail:/etc/kopano# tail -f /var/log/kopano/ical.log
2020-06-09T07:18:24.127017: [debug  ] Reexecing /usr/sbin/kopano-ical
2020-06-09T07:18:24.140733: [=======] Starting kopano-ical version 8.7.85 (pid 24023 uid 992)
2020-06-09T07:18:24.140837: [info   ] Coredump status left at system default.
2020-06-09T07:18:24.141033: [info   ] Re-using fd 5 for 0.0.0.0%lo:8080
2020-06-09T07:18:24.141059: [info   ] Re-using fd 6 for [::]%lo:8080
2020-06-09T07:18:24.141152: [info   ] Re-using fd 7 for 0.0.0.0:8444
2020-06-09T07:18:24.141194: [info   ] Re-using fd 8 for [::]:8444
2020-06-09T07:18:24.141212: [error  ] ECChannel::HrSetCtx(): cannot open key file
2020-06-09T07:18:24.141225: [error  ] Error loading SSL context, ICALS will be disabled: call failed (80004005)
2020-06-09T07:18:24.142697: [info   ] Logger process started on pid 24026

I get an SSL error.

I try everything, copy the both certificates from letsencrypt to /etc/kopano/gateway/cert.pem and privkey.pem and give the user kopano rights to access it. but it doesnt work.

Anyone has an idea?

nils50122

I change the owner of both cert files and now there are no ssl erros.

Next Problem:

When i try to open the urls:

https://domain:8444/caldav/user there comes an timeout (no log entry in ical.log)
https://domain:8444/caldav there comes an timeout (no log entry in ical.log)
https://domain:8444/ical there comes an timeout (no log entry in ical.log)
Same with http and port 8080, timeout and no log entry.

What goes wrong there?

Martin

Hello @nils50122 ,

have you made an internal test?

https://hostname-or-ip-address:8444/caldav/user
https://hostname-or-ip-address:8444/caldav
https://hostname-or-ip-address:8444/ical

You can also check from another another (internal) computer with:

nc -v -z hostname-or-ip-address 8444

Should result: “Connection to localhost 8444 port [tcp/*] succeeded!”

Maybe temporarily increasing the log-level in /etc/kopano/ical.cfg will also give you more hints.

Regards
Martin