Unable to access any https locations

progeek · July 15, 2021, 7:06pm

hello,
i am using a Debian 10 with Axigen free version,
i try to generate a let’s Encrypt certificates but is not working,

Seams that Axigen is impossible to connect to any https external location. What i miss?

I have edited the full paths for URL’s because i am a new user.

i get this errors:

2021-07-15 15:01:58 -0400 02 axigen-62 WEBADMIN:0000002D: HTTP-Client: Error performing request in connection to axigencom : 443/api/countries/:SSL peer certificate or SSH remote key was not OK
2021-07-15 15:01:58 -0400 02 axigen-62 WEBADMIN:0000002D: HTTP-Client: Error performing request in connection to axigencom:443/api/countries/:SSL peer certificate or SSH remote key was not OK
2021-07-15 15:01:58 -0400 02 axigen-62 WEBADMIN:0000002D: HTTP-Client: Error performing request in connection to axigencom:443/api/countries/:SSL peer certificate or SSH remote key was not OK
2021-07-15 15:01:58 -0400 02 axigen-62 WEBADMIN:0000002D: previous line is repeated 2 times.
2021-07-15 15:01:58 -0400 02 axigen-62 WEBADMIN:0000002D: SupportInfo: connection retries exceeded the 5 limit while GET-ing to endpoint axigencom:443
2021-07-15 15:01:58 -0400 08 axigen-62 WEBADMIN:00000028: Session 0xF35B2B4A associated with this connection
2021-07-15 15:01:58 -0400 08 axigen-62 WEBADMIN:00000028: SupportInfo: connected to endpoint axigen.com:443
2021-07-15 15:01:58 -0400 02 axigen-62 WEBADMIN:00000028: HTTP-Client: Error performing request in connection to axigencom:443/api/countries/:SSL peer certificate or SSH remote key was not OK
2021-07-15 15:01:58 -0400 02 axigen-62 WEBADMIN:00000028: HTTP-Client: Error performing request in connection to axigencom:443/api/countries/:SSL peer certificate or SSH remote key was not OK
2021-07-15 15:01:58 -0400 02 axigen-62 WEBADMIN:00000028: HTTP-Client: Error performing request in connection to axigencom:443/api/countries/:SSL peer certificate or SSH remote key was not OK
2021-07-15 15:01:59 -0400 02 axigen-62 WEBADMIN:00000028: previous line is repeated 1 time.
2021-07-15 15:01:59 -0400 02 axigen-62 WEBADMIN:0000002D: SSL_read error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
2021-07-15 15:01:59 -0400 02 axigen-62 WEBADMIN:00000028: HTTP-Client: Error performing request in connection toaxigencom:443/api/countries/:SSL peer certificate or SSH remote key was not OK
2021-07-15 15:01:59 -0400 02 axigen-62 WEBADMIN:00000028: SupportInfo: connection retries exceeded the 5 limit while GET-ing to endpoint axigencom:443
2021-07-15 15:01:59 -0400 02 axigen-62 WEBADMIN:00000028: SSL_read error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
2021-07-15 15:02:03 -0400 08 axigen-62 WEBADMIN:00000028: Let’s Encrypt: Issuance Job added successfully
2021-07-15 15:02:04 -0400 08 axigen-62 WEBADMIN:00000028: LetsE: Found current request
2021-07-15 15:02:04 -0400 08 axigen-62 JOBLOG:7000001D: LetsE: Acme job executing
2021-07-15 15:02:04 -0400 08 axigen-62 JOBLOG:7000001D: LetsE: Found current request
2021-07-15 15:02:04 -0400 08 axigen-62 JOBLOG:7000001D: LetsE: AcmeInitState for progeek.ro executing
2021-07-15 15:02:04 -0400 08 axigen-62 WEBADMIN:00000028: LetsE: Found current request
2021-07-15 15:02:04 -0400 02 axigen-62 JOBLOG:7000001D: HTTP-Client: Error performing request in connection to acme-v02.api.letsencrypt.org:443/directory:SSL peer certificate or SSH remote key was not OK
2021-07-15 15:02:04 -0400 02 axigen-62 JOBLOG:7000001D: LetsE: connection error on GET when populating acme link directory
2021-07-15 15:02:04 -0400 02 axigen-62 JOBLOG:7000001D: LetsE: Job step action => Connection-related error, re-attempting after 15 seconds
2021-07-15 15:02:05 -0400 08 axigen-62 WEBADMIN:00000028: LetsE: Found current request
2021-07-15 15:02:09 -0400 02 axigen-62 SERVER:00000000: previous line is repeated 4 times.
2021-07-15 15:02:09 -0400 02 axigen-62 SERVER:00000000: SSL_accept error:1408F10B:SSL routines:ssl3_get_record:wrong version number
2021-07-15 15:02:09 -0400 08 axigen-62 WEBADMIN:00000028: previous line is repeated 8 times.
2021-07-15 15:02:10 -0400 08 axigen-62 WEBADMIN:00000028: LetsE: Found current request
2021-07-15 15:02:11 -0400 08 axigen-62 WEBADMIN:00000028: LetsE: Found current request
2021-07-15 15:02:11 -0400 08 axigen-62 WEBADMIN:00000028: LetsE: Found current request

JJussi · July 16, 2021, 8:13am

Can’t remember did I got that error message when I had “problems” with SSL… But during the process, the key is that your Axigen HTTP (port 80) must be enabled! So, you must always have ports 80 and 443 services enabled at Axigen admin if you want to have Let’s encrypt work.

progeek · July 16, 2021, 12:15pm

i manage to remove that error, after a full uninstall.
Now i have another problem, because i can’t receive any email.
i send emails but not receive.

the domain is: progeek.ro
webmail: mail.progeek.ro

indreias · July 16, 2021, 12:41pm

Hello Zaharia,

I’ve checked the MX record for your domain and it point to mail.progeek.ro.

Now, because the HTTPS to that hostname brings the WebMail interface BUT a telnet session on port 25 is rejected due to “connection timeout” I could only think at the following failure reasons:

1/ you made a NAT into your router / firewall but only for several ports (like 443, 993 and 465 - all looks fine) - if this is the case you will need a NAT rule for port 25 (to receive from external email servers)

2/ you have a rule for port 25 but no listener on Axigen side - if this and you don’t know how to add and configure it please share your axigen.cfg file so I could try provide any further guidance.

HTH,
Ioan

indreias · July 16, 2021, 12:46pm

Hello again,

Another possible reason, as the PTR DNS record for your IPv4 address is resolved with static-86-127-71-168.rdsnet.ro, is that maybe your ISP have blocked inbound IP traffic on port 25.

This is not a usual case as the default rule is to prevent outbound traffic to port 25 but who knows, maybe in your case they made something wrong on their side.

HTH,
Ioan

progeek · July 16, 2021, 1:05pm

Thx, worked and fixed, the 25 port was not open from my side.
Now i receive email, but are directly put on Trash. :))) even from Gmail

indreias · July 16, 2021, 1:28pm

Glad to hear that you managed to open port 25.

The reasons for the message being delivered into Trash could be revealed if you will set the Log Level to Protocol Communication for Processing service (from WebAdmin) and check the logs (especially the PROCESSING lines) for a new fresh mail.

HTH,
Ioan

progeek · July 16, 2021, 1:51pm

possible to be SpamAssassin, but i don’t know for sure, just been moved to Trash.

indreias · July 16, 2021, 2:14pm

Actually it seems to be more related to the WebAdmin server side sieve filter rules:

2021-07-16 09:47:13 -0400 08 mail PROCESSING:00012FC8: Start filter WASieveServer of type script filter from server
2021-07-16 09:47:13 -0400 08 mail PROCESSING:00012FC8: Fileinto Trash requested for <x.y@progeek.ro>
2021-07-16 09:47:13 -0400 08 mail PROCESSING:00012FC8: Finished filtering mail object 012FC8 with filter: WASieveServer of type script filter from server

Could you please share the content of filters/wasieve-server.sieve from Axigen working dir?

BR,
Ioan

progeek · July 16, 2021, 2:29pm

here it is: