Change of SSL-certificates ends in a desaster

newbieataxigen · January 6, 2020, 12:24pm

Hello

As a newbie with Axigen I “destroyed” my Axigen Installation when i tried to change the SSL certificates. Before I was happy to install Axigen as Free Mailer, could establish my domain, could import the mails from the old imap server and everything runs fine. I could also install a SSL certificate from Letsencriypt. In the Webadmin surface I could see three SSL certifcates, first from (i think to remembering) Global Sign, second from Axigen and third the Letsencrypt.

“At least” I tried to tune the acceptance of exterior browsers which “struggles” with the Global Sign and the Axigen certificate by deleting both on the surface of the Webadmin page. After that i rebooted my mailserver and since that i am locked out from my Axigen mail server.

I could found im var/log/mail.log that the listeners could not start anymore and tried to change /var/opt/axigen/run/axigen.cfg by first changing the configuration of the listeners which relates to ssl connections (443,465,587,993,9443) and secondly by deleting this listener configurations (listeners regarding 25, 143, 7000, 9000 remains untouched) but /var/log/mail./log simply declares:

Jan 6 11:50:27 mail Axigen[109]: INFO: Valid license key read from file ‘/var/opt/axigen/axigen_lk.bin’
Jan 6 11:50:27 mail Axigen[109]: INFO: License key dumped into text form in file ‘/var/opt/axigen/run/axigen_lk.txt’
Jan 6 11:50:27 mail Axigen[109]: INFO: Reading configuration file ‘/var/opt/axigen/run/axigen.cfg’
Jan 6 11:50:27 mail Axigen[109]: ERROR: /var/opt/axigen/run/axigen.cfg(328:16): No attribute ‘requestClientAuth’ for a ‘TCPListener’ object
Jan 6 11:50:27 mail Axigen[109]: ERROR: ConfigManager: Cannot load server config file ‘/var/opt/axigen/run/axigen.cfg’
Jan 6 11:50:27 mail Axigen[109]:ERROR: Missing server storage to store status
Jan 6 11:50:27 mail Axigen[109]:ERROR: Cannot initialize Configuration Manager
Jan 6 11:50:27 mail Axigen[109]:INFO: supervise: finished
Jan 6 11:50:27 mail Axigen[109]:INFO: Axigen Mail Server version 10.3.0.66 (Linux/x64) stopped

Is there any chance for repair?

Thank you for your comments

florin.burada · January 6, 2020, 1:18pm

Hello,

Can you send me the Axigen configuration file (/var/opt/axigen/run/axigen.cfg) and a recursive list of Axigen Working Directory obtained with:

ls -lRh /var/opt/axigen > /tmp/axi_list.txt

Regards,
Florin

newbieataxigen · January 6, 2020, 6:47pm

Hello Florin,

thank you very much for your answer. Do you want me to send the „new“ or the „old“ axigen.cfg or both?

I did make a copy before I „worked directly“ in axigen.cfg.

Kind regards
Jürgen

florin.burada · January 7, 2020, 12:55pm

Hello,

I think the “new” configuration file is enough.

Regards,
Florin

newbieataxigen · January 7, 2020, 2:04pm

I will send you the files but that will take time to Thursday evening.

Kind regards
Jürgen

newbieataxigen · January 9, 2020, 9:44pm

Hello Florin

sorry for the delay. I uploaded a copy of the file "axi_list.txt"axi_list.txt (370.4 KB).

I tried to upload “axigen.cfg” also but your Website did not allowed to upload cfg-files. Therefore I renamed axigen.cfg to "axigen.txt"axigen.txt (30.9 KB)

Thank you for your help and

Kind regards
Jürgen

florin.burada · January 15, 2020, 9:00am

Hello,

Thank you for your response.

The issue is on IMAP configuration for listener on port 143 more exactly at line 328. To resolve this issue you will have to replace the line:

requestClientAuth = no

with

        sslControl = {
            allowedVersions = (tls1 tls1_1 tls1_2)
            certFile = "axigen_cert.pem"
            caFile = "none"
            dhParamFile = "axigen_dh.pem"
            maxChainDepth = 4
            cipherSuite = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"
            preferServerCipherSuiteOrder = yes
            useEphemeralKey = yes
            requestClientAuth = no
        }

Or you may use the repaired file axigen.txt (31.8 KB)

newbieataxigen · January 15, 2020, 5:19pm

Dear Florin

I will try that on Friday.

Thank you very much for your help

Kind regards
Jürgen

newbieataxigen · January 31, 2020, 4:48pm

Dear Florin,

sorry for the late answer. Your assistance was very helpfull. I could start the system which runs now properly with all functions.

So the request can be closed.

Thank you
Jürgen