Using certificateScheme = 3 fails

[gbuisson]

SNM Version: 2.1.3

Nixos Version: unstable

Relevant part of the config to reproduce:

certificateScheme = 3;

What I expected to happen:

The imap server should work, no error renewing the certificate

What happened:

the certificate renew service fails with:

Not enough PEM encoded messages were found in fullchain.pem; at least 2 were expected, found 1.

Relevant journald log:

2018-04-03 20:09:44,198:DEBUG:simp_le:1546: ('-v', '-d', ';.., '--default_root', '/var/lib/acme/acme-challenge', '--valid_min', '2592000', '-f', 'fullchain.pem', '-f', 'full.pem', '-f', 'key.pem', '-f', 'account_key.json') parsed as Namespace(account_key_public_exponent=65537, account_key_size=4096, cert_key_size=4096, default_root='/var/lib/acme/acme-challenge', email=None, help=False, integration_test=False, ioplugins=['fullchain.pem', 'full.pem', 'key.pem', 'account_key.json'], reuse_key=False, revoke=False, server='https://acme-v01.api.letsencrypt.org/directory', test=False, user_agent='simp_le/0.8.0', valid_min=2592000, verbose=True, version=False, vhosts=[Vhost(name='...', root=None)])...

[dotlambda]

That's a known issue with nixos-unstable: NixOS/nixpkgs#38372

[gbuisson]

OK, downgrading to 18.03 I get another issue that I also got using certiicateScheme = 2:

imap-login: Error: Failed to initialize SSL server context: Couldn't parse DH parameters: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: DH PARAMETERS: user=<>, rip=<...>, lip=<...>, session=<iIJsQfhoXNElrX8U>

any idea?

[gbuisson]

w00t, got imap auth working after the system received the first mail

[gbuisson]

So after toying with it and following the instructions step by step, retrying the whole evening I can:

• login and fetch mail

I can't:

• receive email from other boxes
• send email, getting :

Apr 03 23:25:59 mail.y42.sh postfix/smtpd[13143]: NOQUEUE: milter-reject: CONNECT from unknown[...]: 451 4.7.1 Service unavailable - try again later; proto=SMTP```

[r-raymond]

Hi @gbuisson, thanks for trying out SNM. Right now the stable version uses Nixos 17.09. Nixos 18.03 has a new rspamd version (thanks to the contributors of this project) which does not need rmilter anymore. We will need to update the system for that. There has been work (see #61) but it is not finished yet. Any help is welcome!

[gbuisson]

okay, thanks for your explanations, I finally got it all working, my dkim dns record was wrong and somehow I needed to update again my system to use all packages from 18.03 , It seems to be working with this release.