Submitted by compserv on Mon, 10/12/2009 - 11:37
Woke up this morning cannot reach IMAP server for all domains. Went to DOS tried to telnet to mail.familymatters.me and could not connect.
I can ping mail.familymatters.me.
The IMAP server is offline. Please fix.
Status:
Closed (fixed)
Comments
Submitted by compserv on Mon, 10/12/2009 - 11:38 Comment #1
Remote login has been enabled.
Submitted by andreychek on Mon, 10/12/2009 - 11:42 Comment #2
It looks like there's various errors showing up in Dovecot, such as the following:
Oct 12 08:03:36 ubuntu dovecot: Fatal: pop3-login: Can't load private key file /etc/ssl/private/ssl-cert-snakeoil.key: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Oct 12 08:03:36 ubuntu dovecot: Fatal: pop3-login: Can't load private key file /etc/ssl/private/ssl-cert-snakeoil.key: error:0B080074:x509 certificate routines:X509_check_private_key:key va
lues mismatch
Has anything changed recently regarding Dovecot, or it's SSL certs?
Submitted by andreychek on Mon, 10/12/2009 - 11:54 Comment #3
It looks like the Dovecot config file had been modified, and the "listen" parameter had been set to a blank value, causing Dovecot not to listen for connections.
I commented out that entry, and Dovecot is correctly starting now.
Submitted by compserv on Mon, 10/12/2009 - 11:56 Comment #4
Yes.
I was attempting to install a CA because all of my certificates were self signed and Outlook 2007 was freaking out. This is the error:
"The Server you are connected to is using a security certificate that cannot be verified. The Target principal name is incorrect."
To fix this I think I need to have my self-signed certificates be validated by a certificate authority? Am I correct?
Thanks. Remote access is still available.
"self-signed" means they were signed by you. They will never be trusted automatically by mail clients, as they were signed by someone that Microsoft, Mozilla, Apple, etc. do not know.
You have to purchase a certificate from a recognized certificate authority. Virtualmin has a form that you can use for creating the CSR (certificate signing request) that is required by certificate providers; the CSR contains data like your company name and location.
The process of getting certificate is:
Generate a CSR (which also generates corresponding keys for signing your certificates). Do not use a passphrase when generating your CSR and key, as it causes all services to have to wait for user input when restarting and such (which has to happen for normal Virtualmin use, among other things).
Purchase a certificate from a recognized provider. There are dozens of them, these days. GoDaddy has a cheap chained certificate that works fine, as long as you install the certificate bundle that they provide. You'll upload your CSR during this process.
Install the certificate for the services with which you want to use them. Virtualmin makes the Apache part easy, and Webmin and Usermin also have forms for including a certificate.
Oh, and there's also documentation about SSL and Virtualmin, covering most of this stuff (though probably not Dovecot, specifically).
http://www.virtualmin.com/documentation/web/ssl
Submitted by compserv on Thu, 11/19/2009 - 20:16 Comment #7