I am currently running the latest Axigen on Debian 12, doesn’t appear to have any issues with the server. My only issue I have had is the LE SSL certificates trying to load on the server, with no success.
I have a Nginx reverse proxy, so ports 80 and 443 are the only ports open on my OPNsense firewall that only point to the proxy. For webmail to Axigen, this works great, as I can create a proxy host for each domain here at home, and it brings up the appropriate domain webmail login.
However, trying to get an SSL certificate on the mail server itself (reverse proxy obtains its own set of SSLs via LE) is an utter nightmare.
I have changed my firewall port to point directly to the mail server in order to obtain an LE cert, resulting in the same failure of not being able to obtain a certificate. Logs:
2024-09-30 14:09:13 -0500 08 Mail JOBLOG:70000002: LetsE: Acme job executing
2024-09-30 14:09:13 -0500 08 Mail JOBLOG:70000002: LetsE: AcmeChallengeState for mx.<domain>.com executing
2024-09-30 14:09:13 -0500 02 Mail JOBLOG:70000002: LetsE: Acme challenge state failed, perhaps mx.<domain>.com cannot be accessed by the letsencrypt servers?
2024-09-30 14:09:13 -0500 02 Mail JOBLOG:70000002: LetsE: Issuance Job for mx.<domain>.com abandoned!
2024-09-30 14:09:13 -0500 02 Mail JOBLOG:70000002: LetsE: last protocol errType All OK!
2024-09-30 14:09:13 -0500 02 Mail JOBLOG:70000002: LetsE: last protocol errDetail All OK!
2024-09-30 14:09:13 -0500 02 Mail JOBLOG:70000002: LetsE: Job step action => Cannot complete current work item, abandoning
2024-09-30 14:09:13 -0500 02 Mail WEBADMIN:00000001: LetsE: Could not open file /var/opt/axigen/letsencrypt/mx.<domain>.com/cert.pem to check its header for letsencrypt
2024-09-30 14:09:13 -0500 02 Mail WEBADMIN:00000001: LetsE: Could not open file /var/opt/axigen/letsencrypt/mx.<domain>.com/cert.pem to check its header for letsencrypt
I’m sure at this point, I have finally hit the request limit, but this has gotten to the point of beyond frustration, and I am about to either just do away with this solution for something else or see if I can use certbot on the server as a different approach, which I’ve never used before.
My webmail port is still 443, but Webadmin I did have to change, which is 9443, and my port 80 configuration is still on Webadmin at 0.0.0.0:80, while my 8080 port is :8080. I’ve also tried those ports being forwarded through the firewall without any luck either. At a loss at this point if anyone has anything else to suggest.