Rocky, Alma, Springdale 9 QT Install: Difference between revisions

From QmailToaster
Jump to navigation Jump to search
 
(9 intermediate revisions by the same user not shown)
Line 5: Line 5:
  <nowiki>#</nowiki> chmod 755 /usr/local/bin/qt_install
  <nowiki>#</nowiki> chmod 755 /usr/local/bin/qt_install
  <nowiki>#</nowiki> qt_install
  <nowiki>#</nowiki> qt_install
    <span style="color:red"> ...installing... </span>
  <nowiki>#</nowiki> toaststat<br>
  <nowiki>#</nowiki> toaststat<br>
  Status of toaster services
  Status of toaster services
Line 58: Line 59:
</pre>
</pre>


If the following error is encountered when testing the new certificate it means the certificate is most likely less than 2048 bits
If the following error is encountered when testing the new certificate the certificate is most likely less than 2048 bits
<pre>
 
  806B7387577F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354
  806B7387577F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354
</pre>


Usually Let's Encrypt certificates are at least 2048 bits but I've encountered times when they're 256 bits. This can be corrected by specifying the number of bits
Usually Let's Encrypt certificates are at least 2048 bits, but encountering 256 bits keys is possible. Correct by specifying the number of bits:


  certbot -v renew <span style="color:red">--rsa-key-size 2048 --key-type rsa</span> --cert-name mail.domain.tld
  certbot renew --cert-name -d domain.tld -d mail.domain.tld --apache <span style="color:red">--rsa-key-size 2048 --key-type rsa</span>

Latest revision as of 07:34, 18 October 2024

Back

Enterprise Linux 9 Minimal Install

QMT Install ('Many-Domain')

# curl -o /usr/local/bin/qt_install https://raw.githubusercontent.com/qmtoaster/scripts/master/qt_install_cos9.sh
# chmod 755 /usr/local/bin/qt_install
# qt_install
    ...installing... 
# toaststat
Status of toaster services send: up (pid 1323) 1517 seconds smtp: up (pid 1324) 1517 seconds submission: up (pid 1325) 1517 seconds send/log: up (pid 1316) 1517 seconds smtp/log: up (pid 1311) 1517 seconds submission/log: up (pid 1314) 1517 seconds
systemd service: clamd@scan: [ OK ] systemd service: clamav-freshclam: [ OK ] systemd service: spamassassin: [ OK ] systemd service: dovecot: [ OK ] systemd service: mariadb: [ OK ] systemd service: httpd: [ OK ] systemd service: named: [ OK ] systemd service: ntpd: [ OK ] systemd service: sshd: [ OK ] systemd service: network: [ OK ] systemd service: crond: [ OK ] systemd service: acpid: [ OK ] systemd service: atd: [ OK ] systemd service: autofs: [ OK ] systemd service: smartd: [ OK ] systemd service: irqbalance: [ OK ] (Multiple processors only)
# conntest Enter a valid remote email account to which QMT will send mail: <email address> IMAPS: postmaster@domain.tld --> success Submission: postmaster@domain.tld --> success SMTPS: postmaster@domain.tld --> success
Scanners
Many Domain Install (Alias Domain)
Qmail-1.03-3.3.11 (OpenSSL3)
Patches applied

Install certificate

 Certificate *Note: The certificate must be 2048 bits or more

Test certificate

 # curl --verbose smtps://mail.domain.tld
 # curl --verbose imaps://mail.domain.tld

or

 # openssl s_client mail.domain.tld:465
 # openssl s_client mail.domain.tld:993 
* Server certificate:
*  subject: CN=mail.domain.tld
*  start date: Jul 30 09:16:16 2024 GMT
*  expire date: Oct 28 09:16:15 2024 GMT
*  subjectAltName: host "mail.domain.tld" matched cert's "mail.domain.tld"
*  issuer: C=US; O=Let's Encrypt; CN=R11
*  SSL certificate verify ok.

If the following error is encountered when testing the new certificate the certificate is most likely less than 2048 bits

806B7387577F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354

Usually Let's Encrypt certificates are at least 2048 bits, but encountering 256 bits keys is possible. Correct by specifying the number of bits:

certbot renew --cert-name -d domain.tld -d mail.domain.tld --apache --rsa-key-size 2048 --key-type rsa