Found several bugs in the latest version 1.8.11

Community Support General Questions
1

Hi all,

  1. When transferring to another server and restoring the backup, 2FA is not restored (I have already written about this separately).

  2. On Debian 12, the swap file is not always (or rather every other time) installed when installing Hestia; the solution is installed manually

  3. Not created (Debian 12, Ubuntu 22.04) /var/log/mysql. Or the folder is there, but the file is always empty. Solution ```
    sudo mkdir /var/log/mysql
    sudo chown mysql:mysql /var/log/mysql
    sudo chmod 750 /var/log/mysql

  4. If only Exim is installed without dovecot, then if all DNS records are present, such as mail.example.com, mx.example.com, webmail.example.com (CF proxy disabled), certificate issuance error (screenshot). Once you install dovecot, the certificate is issued perfectly.
    All points have been checked several times, on different domains, servers and hostings. Perhaps this will help draw attention to them.

2

If only Exim is installed without dovecot, then if all DNS records are present, such as mail.example.com, mx.example.com, webmail.example.com (CF proxy disabled), certificate issuance error (screenshot). Once you install dovecot, the certificate is issued perfectly.
All points have been checked several times, on different domains, servers and hostings. Perhaps this will help draw attention to them.

You are trying to connect with ipv6 what is currently not supported.

3

Mmm, sorry, but the screenshot is old, tests on new errors were without ipv6, I will run a new one and will definitely attach both the log and the error. There is no IPv6 100%)

4

Hello, it looks like this, but if you install dovecot, the certificate will be issued without any difficulties. As you see, I will delete the screenshots so that they do not take up space. By the way, I managed to configure the mail by adding dovecot, and removing the proxy in CF from the mail.example.com records, and linking the mail.example.com PTR to the IP)
And yesterday I found another bug) <pirlgv0o> PHP Error: Failed to load config from /var/lib/roundcube/plugins/zipdownload/config.inc.php in /var/lib/roundcube/program/lib/Roundcube/rcube_plugin.php on line 166 (POST /?_task=mail&_action=refresh) - #6 by sahsanu



=============================
Date Time: 2024-03-25 09:57:14
WEB_SYSTEM: nginx
PROXY_SYSTEM: 
user: KmGEGvcFKF3PGzy
domain: mail.peretiazhkamebeli.ru


- aliases:  
- proto: http-01
- wildcard: 


==[Step 1]==
- status: 200
- nonce: 4POMExAUEL66pIvX8pt8tgIGA7DIPxkOE28hdbiYwIjKhozFm1s
- answer: HTTP/2 200 
server: nginx
date: Mon, 25 Mar 2024 09:57:18 GMT
content-type: application/json
content-length: 752
cache-control: public, max-age=0, no-cache
replay-nonce: 4POMExAUEL66pIvX8pt8tgIGA7DIPxkOE28hdbiYwIjKhozFm1s
x-frame-options: DENY
strict-transport-security: max-age=604800



==[API call]==
exit status: 0


==[Step 2]==
- status: 201
- nonce: 4POMExAU_9qzCVbLviptjdYAcfzyg_RAiGRT8JaXUEg5M834X2o
- authz: https://acme-v02.api.letsencrypt.org/acme/authz-v3/330472955987
- finalize: https://acme-v02.api.letsencrypt.org/acme/finalize/1636273177/255253147137
- payload: {"identifiers":[{"type":"dns","value":"mail.peretiazhkamebeli.ru"}]}
- answer: HTTP/2 201 
server: nginx
date: Mon, 25 Mar 2024 09:57:19 GMT
content-type: application/json
content-length: 351
boulder-requester: 1636273177
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/1636273177/255253147137
replay-nonce: 4POMExAU_9qzCVbLviptjdYAcfzyg_RAiGRT8JaXUEg5M834X2o
x-frame-options: DENY
strict-transport-security: max-age=604800

{
  "status": "pending",
  "expires": "2024-04-01T09:57:19Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "mail.peretiazhkamebeli.ru"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/330472955987"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1636273177/255253147137"
}
 order: https://acme-v02.api.letsencrypt.org/acme/order/1636273177/255253147137


==[API call]==
exit status: 0


==[Step 3]==
- status: 200
- nonce: XcnlB1etg6Tg7Q1-L_0apHtxO7r2G1sUWiRyBnJcgAU7dvQP7oA
- url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/330472955987/2TptqQ
- token: sVX3ev4UUwQX5YwRNOJUALIXAXyL89F_CuFvH99oQe8
- answer: HTTP/2 200 
server: nginx
date: Mon, 25 Mar 2024 09:57:19 GMT
content-type: application/json
content-length: 809
boulder-requester: 1636273177
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: XcnlB1etg6Tg7Q1-L_0apHtxO7r2G1sUWiRyBnJcgAU7dvQP7oA
x-frame-options: DENY
strict-transport-security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "mail.peretiazhkamebeli.ru"
  },
  "status": "pending",
  "expires": "2024-04-01T09:57:19Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/330472955987/2TptqQ",
      "token": "sVX3ev4UUwQX5YwRNOJUALIXAXyL89F_CuFvH99oQe8"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/330472955987/ECQysQ",
      "token": "sVX3ev4UUwQX5YwRNOJUALIXAXyL89F_CuFvH99oQe8"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/330472955987/Ih0wug",
      "token": "sVX3ev4UUwQX5YwRNOJUALIXAXyL89F_CuFvH99oQe8"
    }
  ]
}


==[API call]==
exit status: 0


==[Step 5]==
- status: 200
- url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/330472955987/2TptqQ
- nonce: 4POMExAUUwaeKyqQJzBvkuLCrYwfJ3NwgG4w5D6k0rtHPpaJogM
- validation: pending
- details: 
- answer: HTTP/2 200 
server: nginx
date: Mon, 25 Mar 2024 09:57:26 GMT
content-type: application/json
content-length: 187
boulder-requester: 1636273177
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/330472955987>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/330472955987/2TptqQ
replay-nonce: 4POMExAUUwaeKyqQJzBvkuLCrYwfJ3NwgG4w5D6k0rtHPpaJogM
x-frame-options: DENY
strict-transport-security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/330472955987/2TptqQ",
  "token": "sVX3ev4UUwQX5YwRNOJUALIXAXyL89F_CuFvH99oQe8"
}


==[API call]==
exit status: 0


==[Step 5]==
- status: 400
- url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/330472955987/2TptqQ
- nonce: Wej4SY7DzLsMrM0AFv0B4ojqbRZy7IOgWwrYe2ClKcKecJ8cJEU
- validation: 
- details: Unable to update challenge :: authorization must be pending
- answer: HTTP/2 400 
server: nginx
date: Mon, 25 Mar 2024 09:57:30 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 1636273177
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: Wej4SY7DzLsMrM0AFv0B4ojqbRZy7IOgWwrYe2ClKcKecJ8cJEU

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}


==[Debug information Step 5]==
{
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "45.90.34.64: Invalid response from http://mail.peretiazhkamebeli.ru/.well-known/acme-challenge/sVX3ev4UUwQX5YwRNOJUALIXAXyL89F_CuFvH99oQe8: 404",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/330472955987/2TptqQ",
  "token": "sVX3ev4UUwQX5YwRNOJUALIXAXyL89F_CuFvH99oQe8",
  "validationRecord": [
    {
      "url": "http://mail.peretiazhkamebeli.ru/.well-known/acme-challenge/sVX3ev4UUwQX5YwRNOJUALIXAXyL89F_CuFvH99oQe8",
      "hostname": "mail.peretiazhkamebeli.ru",
      "port": "80",
      "addressesResolved": [
        "45.90.34.64"
      ],
      "addressUsed": "45.90.34.64",
      "resolverAddrs": [
        "A:10.1.12.87:28704",
        "AAAA:10.1.12.86:28226"
      ]
    }
  ],
  "validated": "2024-03-25T09:57:26Z"
}


==[Abort Step 5]==
=> Wrong status
5

We don’t install roundcube when Dovecot is not installed so that might be the issue

To create a bug report

6

No, this error was with dovecot installed, perhaps this is simply not visible from the information I provided. The access error has been resolved, I think it’s still an installation bug, but I’ll try it on a test machine sometime.

7

resolves to:
45.90.xxxx.xxxx
And I am unable to reach that ip adress so it might be a firewall issue or there things but it hard to debug from my side …

8

And also the mail domain doesn’t work:

Screenshot 2024-03-25 at 14.55.14
Screenshot 2024-03-25 at 14.55.142404×1040 117 KB

9

I deleted the test server, that’s why), I used different domains, on different servers, according to the same scenario, the result was the same. I showed it to you, maybe you can do the tests yourself.