I uploaded an fullchain cert from Let's Encrypt... I was asked to reload the GUI... then I cant access the gui again... the server works, mails flows but I cant access the GUI... any idea how to resolve this issue?
Unable to access GUI after uploading my certificates
- Thread starter TomasHermansson
- Start date
-
- Tags
- let's encrypt ssl cert
root@mail:~# curl -vk mail.dmz.se
* Trying 192.168.1.3:80...
* connect to 192.168.1.3 port 80 failed: Connection refused
* Failed to connect to mail.dmz.se port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to mail.dmz.se port 80: Connection refused
root@mail:~#
root@mail:~# curl -vk mail.dmz.se:8006
* Trying 192.168.1.3:8006...
* Connected to mail.dmz.se (192.168.1.3) port 8006 (#0)
> GET / HTTP/1.1
> Host: mail.dmz.se:8006
> User-Agent: curl/7.74.0
> Accept: */*
>
^C
root@mail:~#
root@mail:~# curl -vk https://mail.dmz.se:8006
* Trying 192.168.1.3:8006...
* Connected to mail.dmz.se (192.168.1.3) port 8006 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
^C
root@mail:~#
* Trying 192.168.1.3:8006...
* Connected to mail.dmz.se (192.168.1.3) port 8006 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
^C
root@mail:~#
20 min...
root@mail:~# curl -vk https://mail.dmz.se:8006
* Trying 192.168.1.3:8006...
* Connected to mail.dmz.se (192.168.1.3) port 8006 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
Still nothing
root@mail:~# systemctl status pmgproxy pmgdaemon
● pmgproxy.service - Proxmox Mail Gateway's unprivileged API and API-proxy daemon
Loaded: loaded (/lib/systemd/system/pmgproxy.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-04-05 16:38:22 CEST; 21h ago
Process: 837 ExecStart=/usr/bin/pmgproxy start (code=exited, status=0/SUCCESS)
Main PID: 840 (pmgproxy)
Tasks: 4 (limit: 9462)
Memory: 116.3M
CPU: 38min 36.738s
CGroup: /system.slice/pmgproxy.service
├─ 840 pmgproxy
├─55431 pmgproxy worker
├─55432 pmgproxy worker
└─55433 pmgproxy worker
Apr 06 13:47:39 mail pmgproxy[55436]: /etc/pmg/pmg-api.pem: failed to load local private key (key_file or key) at /usr/>
Apr 06 13:47:39 mail pmgproxy[840]: worker 55432 finished
Apr 06 13:47:39 mail pmgproxy[840]: starting 1 worker(s)
Apr 06 13:47:39 mail pmgproxy[840]: worker 55437 started
Apr 06 13:47:39 mail pmgproxy[55433]: worker exit
Apr 06 13:47:39 mail pmgproxy[55437]: /etc/pmg/pmg-api.pem: failed to load local private key (key_file or key) at /usr/>
Apr 06 13:47:39 mail pmgproxy[840]: worker 55433 finished
Apr 06 13:47:39 mail pmgproxy[840]: starting 1 worker(s)
Apr 06 13:47:39 mail pmgproxy[840]: worker 55438 started
Apr 06 13:47:39 mail pmgproxy[55438]: /etc/pmg/pmg-api.pem: failed to load local private key (key_file or key) at /usr/>
root@mail:~# curl -vk https://mail.dmz.se:8006
* Trying 192.168.1.3:8006...
* Connected to mail.dmz.se (192.168.1.3) port 8006 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
Still nothing
root@mail:~# systemctl status pmgproxy pmgdaemon
● pmgproxy.service - Proxmox Mail Gateway's unprivileged API and API-proxy daemon
Loaded: loaded (/lib/systemd/system/pmgproxy.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-04-05 16:38:22 CEST; 21h ago
Process: 837 ExecStart=/usr/bin/pmgproxy start (code=exited, status=0/SUCCESS)
Main PID: 840 (pmgproxy)
Tasks: 4 (limit: 9462)
Memory: 116.3M
CPU: 38min 36.738s
CGroup: /system.slice/pmgproxy.service
├─ 840 pmgproxy
├─55431 pmgproxy worker
├─55432 pmgproxy worker
└─55433 pmgproxy worker
Apr 06 13:47:39 mail pmgproxy[55436]: /etc/pmg/pmg-api.pem: failed to load local private key (key_file or key) at /usr/>
Apr 06 13:47:39 mail pmgproxy[840]: worker 55432 finished
Apr 06 13:47:39 mail pmgproxy[840]: starting 1 worker(s)
Apr 06 13:47:39 mail pmgproxy[840]: worker 55437 started
Apr 06 13:47:39 mail pmgproxy[55433]: worker exit
Apr 06 13:47:39 mail pmgproxy[55437]: /etc/pmg/pmg-api.pem: failed to load local private key (key_file or key) at /usr/>
Apr 06 13:47:39 mail pmgproxy[840]: worker 55433 finished
Apr 06 13:47:39 mail pmgproxy[840]: starting 1 worker(s)
Apr 06 13:47:39 mail pmgproxy[840]: worker 55438 started
Apr 06 13:47:39 mail pmgproxy[55438]: /etc/pmg/pmg-api.pem: failed to load local private key (key_file or key) at /usr/>
did you also prepend that file with the private key/did you upload the private key too? if not, that must be done, the file should look like this:
Code:
-----BEGIN PRIVATE KEY-----
... the private key
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
... first part of cert chain...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.. second part of the cert chain..
-----END CERTIFICATE-----
and so onOk, will give it a another try as soon as I get the GUI working again... can I remove the cert I uploaded and get back to workint state?
and then
root@mail:~# pmgconfig cert delete api --restart
Deleting custom certificate files
Restarting pmgproxy
root@mail:~#
And now it works again! Thanks for superb support!