[tech] UCC wildcard certificate

James Andrewartha trs80 at ucc.gu.uwa.edu.au
Thu Nov 5 23:22:54 AWST 2015 

On Thu, 5 Nov 2015, Matt Johnston wrote:

> >> On Wed 4/11/2015, at 10:09 am, David Adam <zanchey at ucc.gu.uwa.edu.au> wrote:
> >> 
> >> Alternatively, we could just turn HTTPS off for subdomains. We've got a 
> >> cert for secure.ucc.asn.au that's good until 2018. I didn't put HSTS on my 
> >> domain ;-)
> 
> I've set up letsencrypt certificates for https www.ucc.asn.au, ucc.asn.au and matt.ucc.asn.au (those were the ones I submitted with their beta). https secure.ucc has gone back to using the comodo certificate expiring in 2018. You put multiple "sslcertificatefile"/key lines for different virtualhosts in Apache's config it seems to magically figure it which cert to use. Other user webspace certificates expires on 11 November. Once letsencrypt is generally available I'll get certs for all subdomains again - looking at the web logs there's seems to be only accidental traffic to other domains (apart from zanchey.ucc). 
> 
> I've switched postfix and dovecot (SMTP and IMAP) back to the 2018 secure.ucc certificate. I guess wifi or something else might also need attention?

Postfix is broken:

Nov  5 22:52:46 mooneye postfix/smtpd[21843]: warning: cannot get RSA certificate from file /etc/ssl/secure.ucc/combo-just-secure.ucc-2014.crt: disabling TLS support
Nov  5 22:52:46 mooneye postfix/smtpd[21843]: warning: TLS library problem: 21843:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/ssl/secure.ucc/combo-just-secure.ucc-2014.crt','r'):
Nov  5 22:52:46 mooneye postfix/smtpd[21843]: warning: TLS library problem: 21843:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
Nov  5 22:52:46 mooneye postfix/smtpd[21843]: warning: TLS library problem: 21843:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:722:
Nov  5 22:52:46 mooneye postfix/smtpd[21843]: connect from 58-7-48-39.dyn.iinet.net.au[58.7.48.39]
Nov  5 22:52:46 mooneye postfix/smtpd[21843]: warning: Wrapper-mode request dropped from 58-7-48-39.dyn.iinet.net.au[58.7.48.39] for service smtps. TLS context initialization failed. For details see earlier warnings in your logs.
Nov  5 22:52:46 mooneye postfix/smtpd[21843]: disconnect from 58-7-48-39.dyn.iinet.net.au[58.7.48.39]



-- 
# TRS-80              trs80(a)ucc.gu.uwa.edu.au #/ "Otherwise Bub here will do \
# UCC Wheel Member     http://trs80.ucc.asn.au/ #|  what squirrels do best     |
[ "There's nobody getting rich writing          ]|  -- Collect and hide your   |
[  software that I know of" -- Bill Gates, 1980 ]\  nuts." -- Acid Reflux #231 /

More information about the tech mailing list