Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    K-2170 Let's Encrypt-SSL-Errors and no POP/IMAP-gateway after update to 8.7.0

    Kopano Groupware Core
    3
    7
    1180
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • reto-ineichen
      reto-ineichen last edited by

      After update to 8.7.0 kopano-server didn’t start anymore. Messages in server.log were:
      Sun Feb 3 11:01:15 2019: [=======] Starting kopano-server version 8.7.0 (pid 7393 uid 0)
      Sun Feb 3 11:01:15 2019: [=======] Starting kopano-server version 8.7.0 (pid 7393 uid 999)
      Sun Feb 3 11:01:15 2019: [crit ] K-2170: Unable to setup SSL context: soap_ssl_server_context: Can’t read CA PEM file: SSL_ERROR_SYSCALL
      error:0200100D:system library:fopen:Keine Berechtigung
      error:2006D002:BIO routines:BIO_new_file:system lib
      error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
      Sun Feb 3 11:01:15 2019: [=======] Server shutdown complete.

      Reason for this was (after some search) that new version of kopano-server 8.7.0 started not as root-user but user kopano (uid=999). So the SSL-certificates (generated with letsencrypt aka certbot) weren’t readable anymore.

      As a solution I did as root (sudo -i):
      mkdir /etc/kopano/ssl
      (if not already existing)
      copy any files from /etc/letsencrypt/live/yourdomain/ to /etc/kopano/ssl
      please consider to use “cp -fL” to override existing files and to copy original files not only the links
      then give them the correct rights by:
      chown kopano:kopano -R /etc/kopano/ssl/
      chmod 700 -R /etc/kopano/ssl/

      After that, you have to adjust the correct paths in the config files of kopano, in my installation as follows:
      /etc/kppano/server.cfg
      /etc/kppano/gateway.cfg
      /etc/kppano/ical.cfg

      With that done, the server was starting again with any complaint.

      What still was missing was the functionality of the POP/IMAP-Gateeway which was not starting with the following errors:
      Feb 03 11:08:38 hetzner-sb71 kopano-gateway[9670]: [crit ] Config error: Unknown option “pop3s_enable” found!
      Feb 03 11:08:38 hetzner-sb71 kopano-gateway[9670]: [crit ] Config error: Unknown option “pop3s_port” found!
      Feb 03 11:08:38 hetzner-sb71 kopano-gateway[9670]: [crit ] Config error: Unknown option “imap_enable” found!
      Feb 03 11:08:38 hetzner-sb71 kopano-gateway[9670]: [crit ] Config error: Unknown option “imap_port” found!
      Feb 03 11:08:38 hetzner-sb71 kopano-gateway[9670]: [crit ] Config error: Unknown option “imaps_enable” found!

      After some search I found https://manpages.debian.org/testing/kopano-gateway/kopano-gateway.cfg.5.en.html with the new config-parameters of /etc/kopano/gateway.cfg, so I did the following to solve this issue:

      1. comment out all parameters mentioned above (e.g. #imaps enable etc.)
      2. insert new parameters like “imaps_listen = *:993”

      With that done, even the gateway was working again!!!

      It would be very useful when the people at Kopano would document new versions befor rolling them out through the repositories!

      fbartels 1 Reply Last reply Reply Quote 0
      • fbartels
        fbartels Kopano @reto-ineichen last edited by

        Hi @reto-ineichen ,

        the config changes are explained in detail in the release announcement.

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        reto-ineichen 1 Reply Last reply Reply Quote 0
        • zash1958
          zash1958 last edited by

          Yeah,

          but on our Univention-systems it does not work because the Univention management console writes the old values!

          It would be great to inform them about this and they must change the variables written by the UMC

          fbartels 1 Reply Last reply Reply Quote 0
          • fbartels
            fbartels Kopano @zash1958 last edited by

            @zash1958 said in K-2170 Let's Encrypt-SSL-Errors and no POP/IMAP-gateway after update to 8.7.0:

            but on our Univention-systems it does not work because the Univention management console writes the old values!

            again, release announcement:

            When upgrading from our repositories on UCS you will notice that because of the above mentioned configuration file changes kopano-gateway and kopano-ical will refuse to start. The integration package already provided an upgrade script for this case within the 8.6.8 upgrade, which can be found at /usr/share/kopano4ucs/kopano4ucs-update-settings870.sh.

            A similar message was also part of the update message of the last two app updates.

            Regards Felix

            Resources:
            https://kopano.com/blog/how-to-get-kopano/
            https://documentation.kopano.io/
            https://kb.kopano.io/

            Support overview:
            https://kopano.com/support/

            1 Reply Last reply Reply Quote 0
            • zash1958
              zash1958 last edited by

              @fbartels said in K-2170 Let's Encrypt-SSL-Errors and no POP/IMAP-gateway after update to 8.7.0:

              /usr/share/kopano4ucs/kopano4ucs-update-settings870.sh.

              Yes, but the UCS itself is writing the wrong entries ih You want to change it there. So the UMC has to be modified also

              fbartels 1 Reply Last reply Reply Quote 0
              • fbartels
                fbartels Kopano @zash1958 last edited by fbartels

                @zash1958 yes, and it will once there is an app that bundles 8.7.0 for ucs. the script I have you updates the ucr so this is the same mechanism that the app itself uses to store and modify the configuration.

                edit: the reason that this is not done automatically is that these settings are not compatible between 8.6 and 8.7. so already setting them against 8.6 will lead to startup errors for everyone that has not yet upgraded to 8.7.

                Regards Felix

                Resources:
                https://kopano.com/blog/how-to-get-kopano/
                https://documentation.kopano.io/
                https://kb.kopano.io/

                Support overview:
                https://kopano.com/support/

                1 Reply Last reply Reply Quote 0
                • reto-ineichen
                  reto-ineichen @fbartels last edited by

                  Hi @fbartels
                  Thank you for the information. You’re absolutely right! One should read the documentation first…but because of the automatic updating process with the repositories in ubuntu it would be nice when there would be a hint in the executing messages.
                  You do a great job at Kopano! Thank you very much.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post