Rocky, Alma, Springdale 9 QT Install: Difference between revisions

From QmailToaster
Jump to navigation Jump to search
No edit summary
 
(20 intermediate revisions by the same user not shown)
Line 5: Line 5:
  <nowiki>#</nowiki> chmod 755 /usr/local/bin/qt_install
  <nowiki>#</nowiki> chmod 755 /usr/local/bin/qt_install
  <nowiki>#</nowiki> qt_install
  <nowiki>#</nowiki> qt_install
    <span style="color:red"> ...installing... </span>
  <nowiki>#</nowiki> toaststat<br>
  <nowiki>#</nowiki> toaststat<br>
  Status of toaster services
  Status of toaster services
Line 41: Line 42:


== Install certificate ==
== Install certificate ==
   [[Certificate]]
   [[Certificate]] *Note: The certificate must be 2048 bits or more
== Test certificate ==
== Test certificate ==
   # curl --verbose smtps://mail.domain.tld or openssl s_client mail.whitehorsetc.com:465
   # curl --verbose smtps://mail.domain.tld
   # curl --verbose imaps://mail.domain.tld
   # curl --verbose imaps://mail.domain.tld
or
or
Line 58: Line 59:
</pre>
</pre>


<pre>
If the following error is encountered when testing the new certificate the certificate is most likely less than 2048 bits
If you get an error like this when checking your certificate
 
806B7387577F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354
806B7387577F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354
It can mean that your certificate is not the correct number of bits which need to be 2048
 
</pre>
Usually Let's Encrypt certificates are at least 2048 bits, but encountering 256 bits keys is possible. Correct by specifying the number of bits:
 
certbot renew --cert-name -d domain.tld -d mail.domain.tld --apache <span style="color:red">--rsa-key-size 2048 --key-type rsa</span>

Latest revision as of 08:34, 18 October 2024

Back

Enterprise Linux 9 Minimal Install

QMT Install ('Many-Domain')

# curl -o /usr/local/bin/qt_install https://raw.githubusercontent.com/qmtoaster/scripts/master/qt_install_cos9.sh
# chmod 755 /usr/local/bin/qt_install
# qt_install
    ...installing... 
# toaststat
Status of toaster services send: up (pid 1323) 1517 seconds smtp: up (pid 1324) 1517 seconds submission: up (pid 1325) 1517 seconds send/log: up (pid 1316) 1517 seconds smtp/log: up (pid 1311) 1517 seconds submission/log: up (pid 1314) 1517 seconds
systemd service: clamd@scan: [ OK ] systemd service: clamav-freshclam: [ OK ] systemd service: spamassassin: [ OK ] systemd service: dovecot: [ OK ] systemd service: mariadb: [ OK ] systemd service: httpd: [ OK ] systemd service: named: [ OK ] systemd service: ntpd: [ OK ] systemd service: sshd: [ OK ] systemd service: network: [ OK ] systemd service: crond: [ OK ] systemd service: acpid: [ OK ] systemd service: atd: [ OK ] systemd service: autofs: [ OK ] systemd service: smartd: [ OK ] systemd service: irqbalance: [ OK ] (Multiple processors only)
# conntest Enter a valid remote email account to which QMT will send mail: <email address> IMAPS: postmaster@domain.tld --> success Submission: postmaster@domain.tld --> success SMTPS: postmaster@domain.tld --> success
Scanners
Many Domain Install (Alias Domain)
Qmail-1.03-3.3.11 (OpenSSL3)
Patches applied

Install certificate

 Certificate *Note: The certificate must be 2048 bits or more

Test certificate

 # curl --verbose smtps://mail.domain.tld
 # curl --verbose imaps://mail.domain.tld

or

 # openssl s_client mail.domain.tld:465
 # openssl s_client mail.domain.tld:993 
* Server certificate:
*  subject: CN=mail.domain.tld
*  start date: Jul 30 09:16:16 2024 GMT
*  expire date: Oct 28 09:16:15 2024 GMT
*  subjectAltName: host "mail.domain.tld" matched cert's "mail.domain.tld"
*  issuer: C=US; O=Let's Encrypt; CN=R11
*  SSL certificate verify ok.

If the following error is encountered when testing the new certificate the certificate is most likely less than 2048 bits

806B7387577F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354

Usually Let's Encrypt certificates are at least 2048 bits, but encountering 256 bits keys is possible. Correct by specifying the number of bits:

certbot renew --cert-name -d domain.tld -d mail.domain.tld --apache --rsa-key-size 2048 --key-type rsa