Rocky, Alma, Springdale 9 QT Install: Difference between revisions

From QmailToaster
Jump to navigation Jump to search
No edit summary
Line 60: Line 60:
If the following error is encountered when testing the new certificate it means the certificate is most likely less than 2048 bits
If the following error is encountered when testing the new certificate it means the certificate is most likely less than 2048 bits
<pre>
<pre>
806B7387577F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354
806B7387577F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354
</pre>
</pre>


Usually Let's Encrypt certificates are at least 2048 bits but I've encountered times when they're 256 bits. This can be corrected by specifying the number of bits
Usually Let's Encrypt certificates are at least 2048 bits but I've encountered times when they're 256 bits. This can be corrected by specifying the number of bits


certbot -v renew <span style="color:red">--rsa-key-size 2048 --key-type rsa</span> --cert-name mail.domain.tld
certbot -v renew <span style="color:red">--rsa-key-size 2048 --key-type rsa</span> --cert-name mail.domain.tld

Revision as of 21:06, 17 October 2024

Back

Enterprise Linux 9 Minimal Install

QMT Install ('Many-Domain')

# curl -o /usr/local/bin/qt_install https://raw.githubusercontent.com/qmtoaster/scripts/master/qt_install_cos9.sh
# chmod 755 /usr/local/bin/qt_install
# qt_install
# toaststat
Status of toaster services send: up (pid 1323) 1517 seconds smtp: up (pid 1324) 1517 seconds submission: up (pid 1325) 1517 seconds send/log: up (pid 1316) 1517 seconds smtp/log: up (pid 1311) 1517 seconds submission/log: up (pid 1314) 1517 seconds
systemd service: clamd@scan: [ OK ] systemd service: clamav-freshclam: [ OK ] systemd service: spamassassin: [ OK ] systemd service: dovecot: [ OK ] systemd service: mariadb: [ OK ] systemd service: httpd: [ OK ] systemd service: named: [ OK ] systemd service: ntpd: [ OK ] systemd service: sshd: [ OK ] systemd service: network: [ OK ] systemd service: crond: [ OK ] systemd service: acpid: [ OK ] systemd service: atd: [ OK ] systemd service: autofs: [ OK ] systemd service: smartd: [ OK ] systemd service: irqbalance: [ OK ] (Multiple processors only)
# conntest Enter a valid remote email account to which QMT will send mail: <email address> IMAPS: postmaster@domain.tld --> success Submission: postmaster@domain.tld --> success SMTPS: postmaster@domain.tld --> success
Scanners
Many Domain Install (Alias Domain)
Qmail-1.03-3.3.11 (OpenSSL3)
Patches applied

Install certificate

 Certificate *Note: The certificate must be 2048 bits or more

Test certificate

 # curl --verbose smtps://mail.domain.tld
 # curl --verbose imaps://mail.domain.tld

or

 # openssl s_client mail.domain.tld:465
 # openssl s_client mail.domain.tld:993 
* Server certificate:
*  subject: CN=mail.domain.tld
*  start date: Jul 30 09:16:16 2024 GMT
*  expire date: Oct 28 09:16:15 2024 GMT
*  subjectAltName: host "mail.domain.tld" matched cert's "mail.domain.tld"
*  issuer: C=US; O=Let's Encrypt; CN=R11
*  SSL certificate verify ok.

If the following error is encountered when testing the new certificate it means the certificate is most likely less than 2048 bits

 806B7387577F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:354

Usually Let's Encrypt certificates are at least 2048 bits but I've encountered times when they're 256 bits. This can be corrected by specifying the number of bits

certbot -v renew --rsa-key-size 2048 --key-type rsa --cert-name mail.domain.tld