S/MIME certificate issue failed

jankom · April 16, 2024, 2:45pm

Using github acme_email python IMAP authenticator fails:

smtplib.SMTPServerDisconnected; Connection Unexpectedly Closed

Anybody has experience with acme_email?

Osiris · April 16, 2024, 2:56pm

It doesn't ring a bell at all to me.. Maybe you could provide more information?

Although, I'm pretty sure this is not the correct Community for your question, as it seems to be regarding S/MIME certificates and Let's Encrypt does not offer those. Only Domain Validated (DV) certificates.

Although^2 I guess it's kinda related with regard to the ACME part? Sort of? Not entirely though.. And I'm guessing you're referring to GitHub - polhenarejos/acme_email: ACME Email Client for EmailReply-00 Challenge?

jankom · April 16, 2024, 3:22pm

Yes, that's the one, the acme_email. I tried another method explained there, the manual interactive, but it fails, too. Looking at the log file named "letsencrypt.log" I'm guessing it may have to do with "chunking". My email server is running through VPN. Let me try some adjustments. Thanks for the quick reply - Janos

Osiris · April 16, 2024, 3:24pm

If you upload (or paste between three backticks [```]) the log, we can check it and see if we can find something in it.

jankom · April 16, 2024, 7:44pm

I'm still trying some ideas before giving up. There may be an explanation. Will update my post either way. Thanks again - Janos

jankom · April 17, 2024, 11:19am

The log file attached.
Everything seems OK till line 77
Also, line 123 still OK
But then 45 seconds later, line 132 shows the error. The command line error message also indicated the 45 second wait before giving up, and suggested to check the letsencrypt.log

(Attachment letsencrypt.log is missing)

jankom · April 17, 2024, 11:28am

attaching again with file extention changed to txt

letsencrypt.txt (23 KB)

Osiris · April 17, 2024, 11:35am

Looks like a problem at the Castle platform:

requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='acme.castle.cloud', port=443): Read timed out. (read timeout=45)

Previous connections to their ACME server worked fine, but for some reason the /acme/new-order request fails with a timeout at reading the response.

I don't know if perhaps Certbots timeout is just too short (looks like it's set for 45 seconds) or that there actually is an issue with the ACME server.. Perhaps it's broken?

Maybe you could ask this at Castle support, if they have any.

jankom · April 17, 2024, 3:26pm

Thanks again for your help. This topic can be closed now. I contacted the developer, who first advised me that their email server was stuck, but there are other issues.
Janos