Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:kasdivi.com
I ran this command:
It produced this output:
My web server is (include version):apache
The operating system my web server runs on is (include version):FreeBSD 14.1
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):3.01
This is a continuation of my saga with Certbot
I am running on Dovecot and Postfix on FreeBSD 14 ,1.
I am have the exact same problems as set forth here
I have checked permissions which i are 744
the appropriate parts of the main.cf are
# SASL CONFIG
broken_sasl_auth_clients = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_hostname, reject_non_fqdn_hostname, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unlisted_sender, permit
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, check_client_access hash:/usr/local/etc/postfix/rbl_override, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining,
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
# TLS CONFIG
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/etc/letsencrypt/live/kasdivi.com/privkey.key
smtpd_tls_cert_file = /usr/local/etc/letsencrypt/live/kasdivi.com/fullchain.pem
#smtpd_tls_CAfile = /usr/local/etc/ssl/openssl/rootCA.crt
#smtpd_tls_key_file = /usr/local/etc/ssl/test/private.key
#smtpd_tls_cert_file = /usr/local/etc/ssl/test/certficate.crt
#smtpd_tls_CAfile = /usr/local/etc/letsencrypt/live/kasdivi.com/fullchain.pem
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_mandatory_protocols= >=TLSv1.2
tls_random_source = dev:/dev/urandom
I am getting the following error in my log files
May 5 10:01:31 triggerfish postfix/smtpd[94025]: warning: TLS library problem: error:80000002:system library::No such file or directory:/usr/src/crypto/openssl/crypto/bio/bss_file.c:297:calling fopen(/usr/local/etc/letsencrypt/live/kasdivi.com/privkey.key, r):
May 5 10:01:31 triggerfish postfix/smtpd[94025]: warning: TLS library problem: error:10080002:BIO routines::system lib:/usr/src/crypto/openssl/crypto/bio/bss_file.c:300:
May 5 10:01:31 triggerfish postfix/smtpd[94025]: warning: TLS library problem: error:0A080002:SSL routines::system lib:/usr/src/crypto/openssl/ssl/ssl_rsa.c:367:
M
I cân receive. but not send email
I am receiving the following error emails
Transcript of session follows.
Out: 220 triggerfish.theoceanwindow.com ESMTP Postfix
In: EHLO smtpclient.apple
Out: 250-triggerfish.theoceanwindow.com
Out: 250-PIPELINING
Out: 250-SIZE 25600000
Out: 250-VRFY
Out: 250-ETRN
Out: 250-STARTTLS
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250-DSN
Out: 250-SMTPUTF8
Out: 250 CHUNKING
In: STARTTLS
Out: 454 4.7.0 TLS not available due to local problem
In: MAIL FROM:<jason@kasdivi.com>
Out: 530 5.7.0 Must issue a STARTTLS command first
In: QUIT
Out: 221 2.0.0 Bye
``.
the server passed. SSL Tests but I can't upload the pdf of the results
It doesn't take much but I am stumped. at least I can't email
Maybe I should go with a paid certficate