Aaargh! No more STARTTLS!
George Mitchell
george+freebsd at m5p.com
Tue Jul 25 23:19:35 UTC 2017
On 07/25/17 17:01, George Mitchell wrote:
> FreeBSD 10.3-RELEASE-p20
> Base system sendmail
>
> Some time between 8:17 AM and 12:06 PM on the 17th of July, my sendmail
> stopped offering STARTTLS, for no reason I can determine. My last
> system rebuild (for 10.3-p20) was on July 12. My LetsEncrypt cert was
> last renewed on June 10 and will remain valid until September 8. I
> don't know of anything else that happened on July 17. Outgoing STARTTLS
> seems to have continued working. What did I do wrong this time??
> -- George
>
Actually, I already fixed this once and forgot about it. Renewing a
LetsEncrypt certificate results in a group/world readable privkey.pem
file. Sendmail understandably barfs. I had a fix in certbot for this
but obviously I did it wrong. Anyhowever, after turning off group and
world read permission on my privkey.pem file, my server is once again
offering STARTTLS! -- George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20170725/7d72ec03/attachment.sig>
More information about the freebsd-hackers
mailing list