Kopano ICAL doesnt work



  • Hello,

    i try to turn ICAL download over HTTPS on my Kopano Server.

    I try to rename “ical_listen:*8080” to “icals_listen:*8443” but after restart the kopano-ical service it fails.

    The log from the ical-service tells me that the address is already in use.

    Where is the fault?

    2020-06-03T15:43:33.241309: [=======] Starting kopano-ical version 8.7.85 (pid 15024 uid 0)
    2020-06-03T15:43:33.241696: [error  ] K-1559: bind 0.0.0.0:8443: Address already in use
    2020-06-03T15:43:33.241732: [error  ] K-1559: bind [::]:8443: Address already in use
    2020-06-03T15:47:29.316061: [=======] Starting kopano-ical version 8.7.85 (pid 15658 uid 0)
    2020-06-03T15:47:29.332057: [=======] Starting kopano-ical version 8.7.85 (pid 15658 uid 992)
    


  • Hello @nils50122 ,

    please check with the following command which service on your system already uses port 8443.

    netstat -tulpen | grep :8443
    

    Best regards
    Martin



  • > netstat -tulpen | grep :8443
    tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      0          762791635   21052/config    
    tcp6       0      0 :::8443                 :::*                    LISTEN      0          762791637   21052/config   
    


  • Hi @nils50122 ,

    on your system a different service is bind to port 8443. Maybe Tomecat, Spamassassin, Dovecot,…

    You should check what service this is.

    ps -ef | grep 21052 | grep -v grep
    

    …gives you more details about your config-process (PID #21052) which uses port 8443.

    Best regards
    Martin



  • There runs a Plesk Webserver.

    Can i change the port from 8443 for example to 8444 in ical config?

    Is it required to give the user “ical rights” or some other? The Adminiration Guide is not so helpful on ICAL config.



  • Hi @nils50122 ,

    changing the suggested port from 8443 to 8444 is possible and you do not need to set special “ical rights” to your Kopano-User.

    Best regards
    Martin



  • root@mail:/etc/kopano# tail -f /var/log/kopano/ical.log
    2020-06-09T07:18:24.127017: [debug  ] Reexecing /usr/sbin/kopano-ical
    2020-06-09T07:18:24.140733: [=======] Starting kopano-ical version 8.7.85 (pid 24023 uid 992)
    2020-06-09T07:18:24.140837: [info   ] Coredump status left at system default.
    2020-06-09T07:18:24.141033: [info   ] Re-using fd 5 for 0.0.0.0%lo:8080
    2020-06-09T07:18:24.141059: [info   ] Re-using fd 6 for [::]%lo:8080
    2020-06-09T07:18:24.141152: [info   ] Re-using fd 7 for 0.0.0.0:8444
    2020-06-09T07:18:24.141194: [info   ] Re-using fd 8 for [::]:8444
    2020-06-09T07:18:24.141212: [error  ] ECChannel::HrSetCtx(): cannot open key file
    2020-06-09T07:18:24.141225: [error  ] Error loading SSL context, ICALS will be disabled: call failed (80004005)
    2020-06-09T07:18:24.142697: [info   ] Logger process started on pid 24026
    

    I get an SSL error.

    I try everything, copy the both certificates from letsencrypt to /etc/kopano/gateway/cert.pem and privkey.pem and give the user kopano rights to access it. but it doesnt work.

    Anyone has an idea?



  • I change the owner of both cert files and now there are no ssl erros.

    Next Problem:

    When i try to open the urls:

    https://domain:8444/caldav/user there comes an timeout (no log entry in ical.log)
    https://domain:8444/caldav there comes an timeout (no log entry in ical.log)
    https://domain:8444/ical there comes an timeout (no log entry in ical.log)
    Same with http and port 8080, timeout and no log entry.

    What goes wrong there?



  • Hello @nils50122 ,

    have you made an internal test?

    https://hostname-or-ip-address:8444/caldav/user
    https://hostname-or-ip-address:8444/caldav
    https://hostname-or-ip-address:8444/ical

    You can also check from another another (internal) computer with:

    nc -v -z hostname-or-ip-address 8444
    

    Should result: “Connection to localhost 8444 port [tcp/*] succeeded!”

    Maybe temporarily increasing the log-level in /etc/kopano/ical.cfg will also give you more hints.

    Regards
    Martin


Log in to reply