hns - 日記自動生成システム - Version 2.19.9

先月 2020年01月 来月
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
Namazu for hns による簡易全文検索
詳しくは 詳細指定/ヘルプを参照して下さい
検索式:

2020年01月05日() 旧暦 [n年日記] [更新:"2020/01/07 14:35:29"]

#1 [LetsEncrypt][and][Cyrus] Certificate renewed.

certificate (pem) location:

  1. 22:45:23/200107(..mail/certs)% grep imap4 /usr/pkg/etc/imapd.conf
    tls_cert_file: /usr/pkg/etc/letsencrypt/live/imap4.example.com/fullchain.pem
    tls_ca_file:   /usr/pkg/etc/letsencrypt/live/imap4.example.com/fullchain.pem
    tls_key_file:  /usr/pkg/etc/letsencrypt/live/imap4.example.com/full+priv.pem
    
  2. 22:45:42/200107(..mail/certs)% grep pem /etc/mail/sendmail.cf
    O CACertFile=/etc/mail/certs/cert.pem
    O ServerCertFile=/etc/mail/certs/cert.pem
    O ServerKeyFile=/etc/mail/certs/privkey.pem
    O ClientCertFile=/etc/mail/certs/cert.pem
    O ClientKeyFile=/etc/mail/certs/privkey.pem
    # dnl please make keys named certs.pem and privkey.pem in /etc/mail/certs.
    # define(`confCACERT', `CERT_DIR/cert.pem')
    # define(`confSERVER_CERT', `CERT_DIR/cert.pem')
    # define(`confSERVER_KEY', `CERT_DIR/privkey.pem')
    # define(`confCLIENT_CERT', `CERT_DIR/cert.pem')
    # define(`confCLIENT_KEY', `CERT_DIR/privkey.pem')
    

imapd:

one more command is necessary after certbot update
2020-01-05 07:57  cat fullchain.pem privkey.pem > full+priv.pem
imap4@root 08:01:10/200105(..pkg/etc)% ls -lLR letsencrypt/live 
total 4
drwxr-xr-x  2 root  wheel  512 Jan  5 07:57 imap4.example.com

letsencrypt/live/imap4.example.com:
total 44
-rw-r--r--  1 root  wheel  1903 Dec 18 23:35 cert.pem
-rw-r--r--  1 root  wheel  1647 Dec 18 23:35 chain.pem
-rw-r--r--  1 root  wheel  5254 Jan  5 07:57 full+priv.pem
-rw-r--r--  1 root  wheel  5197 Dec 18 23:54 full+priv.pem-5197  (old and bad one)
-rw-r--r--  1 root  wheel  3550 Dec 18 23:35 fullchain.pem
-rw-------  1 root  wheel  1704 Dec 18 23:35 privkey.pem
CF-SX3@makoto 07:17:40/200105(~)% openssl x509 -text -noout -in <(openssl s_client -connect imap4.example.com:993 ) | grep -A3 Validity
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = imap4.example.com
verify return:1
DONE
        Validity
            Not Before: Dec 18 13:35:18 2019 GMT
            Not After : Mar 17 13:35:18 2020 GMT
        Subject: CN = imap4.example.com
CF-SX3@makoto 08:00:03/200105(~)% 

submission port:

587 port needs different command to check the valid thru date
22:42:41/200107(~)% openssl s_client -connect imap4.example.com:587 -starttls smtp | openssl x509 -noout -dates         
depth=0 CN = imap4.example.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = imap4.example.com
verify error:num=21:unable to verify the first certificate
verify return:1
250 HELP
notBefore=Dec 18 13:35:18 2019 GMT
notAfter=Mar 17 13:35:18 2020 GMT



最近の日記
2024年03月10日
停電 (瞬電)
2024年03月03日
the second try on bare-metal
useradd
2024年02月29日
opendkim and senmail
2024年01月24日
chat/iam 0.0.8
2024年01月21日
uselocale vs setlocale (textproc/R-readxl)
以上、1 日分です。
タイトル一覧
カテゴリ分類
Powered by hns-2.19.9, HyperNikkiSystem Project

Count.cgi (since 2000/02/05)