Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    kopano-ical does not work with letsencrypt

    Kopano Groupware Core
    4
    4
    353
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • nanathlor
      nanathlor last edited by

      kopano-ical version kopano-ical-10.0.6.203.2fa5b88b1-lp151.167.1.x86_64

      /etc/kopano/ical.cfg has:
      ssl_private_key_file = /etc/letsencrypt/live/DELETED/privkey.pem
      ssl_certificate_file = /etc/letsencrypt/live/DELETED/fullchain.pem

      /var/log/kopano/ical.cfg has errors:
      2020-09-14T12:46:43.283589: [kopano-ical|T4189] [error ] ECChannel::HrSetCtx(): cannot open key file /etc/letsencrypt/live/DELETED/privkey.pem: Permission denied
      2020-09-14T12:46:43.283600: [kopano-ical|T4189] [error ] Error loading SSL context, ICALS will be disabled: call failed (80004005)

      Adding kopano:kopano ownership to the SSL files or the complete path to them makes no difference

      Interestingly if I just use 8080 and comment out all SSL it still does not work, I get a “connection refused”, port 8080 is listening and assigned to kopano-ical, firewall port is open and I’ve tried curl, telnet, ssl with correct login, there is also no information in /var/log/kopano/ical.log even on debug level…weird.

      1 Reply Last reply Reply Quote 0
      • tiredofit
        tiredofit last edited by

        Remember the permissions of the certificates and keys and try a chmod 777 (privkey.pem cert.pem) and see if that makes a difference. That’s not the ultimate fix to be honest, but just to see if it is a Kopano or a Letsencrypt issue.

        1 Reply Last reply Reply Quote 0
        • Martin
          Martin last edited by

          Hallo @nanathlor ,

          this is a known error (https://help.univention.com/t/kopano-ical-ssl-not-working/11606)

          Give the kopano user corresponding read rights and restart service kopano-ical.

          setfacl -m u:kopano:r  /etc/letsencrypt/live/DELETED/domain.key
          

          After that kopano-ical should work with Letsencrypt.

          Best regards
          Martin

          1 Reply Last reply Reply Quote 0
          • thctlo
            thctlo last edited by

            Most probley the rights are set to : drwx–x— 2 root ssl-cert

            adduser kopano ssl-cert
            And you should be done.

            Postfix, same, adduser postfix ssl-cert
            And others same, just check the default rights in /etc/letsencrypt
            And use the groups thats set.

            I like Manfred its example with setfacl, but thats only one problem.
            Its applied on file, what is the files are rotated again?? ;-)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post