Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Kopano 8.6.81.475-0+86.1 fails to load symlinked ssl certs on Ubuntu 18.04

    Kopano Groupware Core
    3
    6
    319
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • reichi
      reichi last edited by

      Hey,

      I’ve upgraded my server to 18.04 (coming from 16.04) yesterday an therefore had to upgrade kopano, too.
      After the upgrade and adjustment of my kopano configs to follow the new listen syntax my server refused to load my certificates which are symlinked to the letsencrypt folders (letsencrypt itself symlinks certs, so that’s just how it is).
      It started working once I pointed kopano directly to the real file.
      If i had to guess, I’d guess it’s related to switching to OpenSSH 1.1.

      I’ve worked around that issue by copying the actual certs to /etc/kopano/ssl but I’d prefer not having to do something like.

      Regards,

      Stephan

      fbartels 1 Reply Last reply Reply Quote 0
      • fbartels
        fbartels Kopano @reichi last edited by

        @reichi said in Kopano 8.6.81.475-0+86.1 fails to load symlinked ssl certs on Ubuntu 18.04:

        refused to load my certificates which are symlinked

        That claim has been made before in https://forum.kopano.io/topic/1763/error-connecting-to-imaps-via-gateway-core-8-6-81-416 but was not reproducible. My guess still would be that the kopano user is not allowed to read all directories that lead to the symlinks target.

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        1 Reply Last reply Reply Quote 0
        • reichi
          reichi last edited by reichi

          While I really wonder how that happened on a dist-upgrade (it worked fine, before) you’re actually right:

          root@alf:~# sudo -u kopano -H cat /etc/ssl/certs/reichholf.net.combined.pem
          cat: /etc/ssl/certs/reichholf.net.combined.pem: Permission denied

          thx for the (obvious) hint…

          Another Question: Did Kopano change the way it starts? I wonder if certs have been read as root before switching to the user-context before and that changed now? That’s what pretty much all other services like apache or postfix do (and why they can read the certs).

          fbartels 1 Reply Last reply Reply Quote 0
          • fbartels
            fbartels Kopano @reichi last edited by

            @reichi said in Kopano 8.6.81.475-0+86.1 fails to load symlinked ssl certs on Ubuntu 18.04:

            Did Kopano change the way it starts?

            Not recently

            Regards Felix

            Resources:
            https://kopano.com/blog/how-to-get-kopano/
            https://documentation.kopano.io/
            https://kb.kopano.io/

            Support overview:
            https://kopano.com/support/

            1 Reply Last reply Reply Quote 0
            • jengelh
              jengelh Banned last edited by jengelh

              Yeah it did change, switching to the unprivileged user slightly earlier than what it used to be. [KC-1043]

              1 Reply Last reply Reply Quote 0
              • reichi
                reichi last edited by reichi

                That explains my issues. Thx. I’ve resolved this with a cronjob. I would prefer not having to copy and chown ssl certs “all over the place” though. But at least it’s working fine now.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post