SSL security error

Hello, can you help me with an SSL certificate problem, please.

It is delivering this error:
SSL security error. [ Help ]
The server returned the error “SSL error: Leaf certificate is expired”

can you test your domain at https://ssl-tools.net/mailservers and let me know the results?

We can not guarantee a secure connection to the mailservers of servpc.cl!

Please contact the operator of servpc.cl and ask him or her to solve this problem. This result stays accessible under the following address:

/mailservers/servpc.cl

Servers

Incoming Mails

These servers are responsible for incoming mails to @servpc.cl addresses.

2600:3c02::f03c:92ff:fe77:85d1

Results incomplete|10||not checked|DANE

missing

PFS

not checked

Heartbleed

not checked

Weak ciphers

not checked||3 minutes ago

1 s|
|mail.servpc.cl

45.79.196.36|10|supported|mail.servpc.cl|DANE

missing

PFS

supported

Heartbleed

not vulnerable

Weak ciphers

not found|* TLSv1.2

• TLSv1.1
• TLSv1.0
• SSLv3|3 minutes ago

7 s|

Outgoing Mails

We have not received any emails from a @servpc.cl address so far. Test mail delivery

Certificates

First seen at: 8 minutes ago

CN=mail.servpc.cl

Certificate chain

• mail.servpc.cl

  • -2 days remaining

  • 4096 bit

  • sha256WithRSAEncryption

  • Expired

    • Let’s Encrypt Authority X3

      • 35 days remaining

      • 2048 bit

      • sha256WithRSAEncryption

        • DST Root CA X3 (Certificate is self-signed.)
          • 232 days remaining
          • 2048 bit
          • sha1WithRSAEncryption

Subject

Common Name (CN)

• mail.servpc.cl

Alternative Names

• mail.servpc.cl
• webmail.servpc.cl

your certificate expired 2 days ago. Can you run v-update-letsencrypt-ssl and try again?

Also check if you have a cron setup for it.

image1166×724 60.8 KB

When executing v-update-letsencrypt-ssl it gives the following error
Error: Let’s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending.

If it is created in cron
sudo /usr/local/hestia/bin/v-update-letsencrypt-ssl

Disable force ssl

How do I do that.
v-update-letsencrypt-ssl Disable force ssl?

Keep coming out:
Error: Let’s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending

This should usually not be an issue as letsencrypt ignores expired ssl certs.

But you can give it a try:

image759×646 46.6 KB

Another issue could be, that nginx has an issue reloading the config.
ssh into your box and run “service nginx restart” without the quotes and see if it comes back up without issues.

-Dennis

I did the image on all accounts and there were no changes.
Also restart nginx and everything remains the same.
v-update-letsencrypt-ssl
Error: Let’s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending
Error: Let’s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending

Take a look at the logs. At what step does it complain?

I just saw something here, have you added your ipv6 to this domain in hestia? Let’s Encrypt might look at the ipv6 and nothing is listening on that ipv6.

image1165×166 9.67 KB

image1061×558 33.8 KB

image1170×534 30.9 KB

@Dennis is right remove ipv6 from the DNS records and it should work fine…

We should really work on ipv6 support…

This came to me today:

Cron admin@servpcspa sudo /usr/local/hestia/bin/v-update-letsencrypt-ssl

/etc/profile: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/func/main.sh: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
/usr/local/hestia/bin/v-add-letsencrypt-domain: fork: retry: Resource temporarily unavailable
Error: DNS record for cisiem.com doesn’t exist

And it is repeated for each of the hosted domains (16)

In hestia I have not added ipv6

dns-hestia918×815 43.9 KB

you have this setup at your domain registrar. You will have to change it with them.

image670×563 22.7 KB

The image shows the IPs on the Linode server.
Which ones should I delete?

ipv6-linode1603×619 52.1 KB

Hi there,

i would go ahead with disabling all ipv6 records for this domain.

-Dennis

Thanks for all the help you have given me.

I deleted all IPV6, and ran again v-update-letsencrypt-ssl
and the error continues:
Error: Let’s Encrypt validation status 400. Details: Unable to update challenge :: authorization must be pending

usually a record has a validity of 3600 seconds. So give it an hour and then try again. It is still showing that ipv6 for me.

-Dennis

Today I got this email:

Cron admin@servpcspa sudo /usr/local/hestia/bin/v-update-sys-queue disk

With this message:
/etc/profile: fork: retry: Resource temporarily unavailable