kopano-ical does not work with letsencrypt
nanathlor last edited by
kopano-ical version kopano-ical-10.0.6.203.2fa5b88b1-lp151.167.1.x86_64
ssl_private_key_file = /etc/letsencrypt/live/DELETED/privkey.pem
ssl_certificate_file = /etc/letsencrypt/live/DELETED/fullchain.pem
/var/log/kopano/ical.cfg has errors:
2020-09-14T12:46:43.283589: [kopano-ical|T4189] [error ] ECChannel::HrSetCtx(): cannot open key file /etc/letsencrypt/live/DELETED/privkey.pem: Permission denied
2020-09-14T12:46:43.283600: [kopano-ical|T4189] [error ] Error loading SSL context, ICALS will be disabled: call failed (80004005)
Adding kopano:kopano ownership to the SSL files or the complete path to them makes no difference
Interestingly if I just use 8080 and comment out all SSL it still does not work, I get a “connection refused”, port 8080 is listening and assigned to kopano-ical, firewall port is open and I’ve tried curl, telnet, ssl with correct login, there is also no information in /var/log/kopano/ical.log even on debug level…weird.
tiredofit last edited by
Remember the permissions of the certificates and keys and try a
chmod 777 (privkey.pem cert.pem)and see if that makes a difference. That’s not the ultimate fix to be honest, but just to see if it is a Kopano or a Letsencrypt issue.
Martin last edited by
Hallo @nanathlor ,
this is a known error (https://help.univention.com/t/kopano-ical-ssl-not-working/11606)
Give the kopano user corresponding read rights and restart service kopano-ical.
setfacl -m u:kopano:r /etc/letsencrypt/live/DELETED/domain.key
After that kopano-ical should work with Letsencrypt.
thctlo last edited by
Most probley the rights are set to : drwx–x— 2 root ssl-cert
adduser kopano ssl-cert
And you should be done.
Postfix, same, adduser postfix ssl-cert
And others same, just check the default rights in /etc/letsencrypt
And use the groups thats set.
I like Manfred its example with setfacl, but thats only one problem.
Its applied on file, what is the files are rotated again?? ;-)