Gary - thanks for this info - I'll add it to our setup notes.
Jeff
On 4/15/2024 8:25 AM, Gary Bowling wrote:
Hey Jeff, glad you're making progress. Be aware that when you get a
new cert from Letsencrypt that the default now retrieves an ECDSA
cert. Which is fine for apache, but doesn't work on qmail, or at least
it didn't for me. To fix that you'll need to configure letsencrypt to
give you an RSA 2048 cert.
There are two ways to do that. If you want all your certs to be RSA
2048, you can add this to the /etc/letsencrypt/cli.ini file.
key-type = rsa
rsa-key-size = 2048
If you just want to do that for your keys you use in qmail, then you
can put the above in the /etc/letsencrypt/renewal/domain.conf file.
Where "domain" is the name of the cert you're renewing. Certbot
creates the file so it should already be there.
Gary
On 4/14/2024 10:39 PM, Jeff Koch wrote:
I may have resolved this. I did the Rocy9 distro install of apache
and copied the mod_http2.so file over to our install of apache. Seems
to work (no errors) but I won't know for sure until we setup Lets
Encrypt SSL certbot tomorrow
Jeff
On 4/14/2024 3:11 PM, Jeff Koch wrote:
Hi - we're setting up a new mailserver with Rocky 9 and the learning
curve is slow as is usual with the first time with a new distro.
Anyway because our various scripts look for apache at
/usr/local/apache/ we've decided to compile our own binary with the
latest apache and have run into trouble / errors related to 'nghttp2'.
We did download, compile and install the latest nghttp2-1.61.0 from
github. The configure and make went well and http1.1 works but
apache generates the following error when we activate mod_http2
(Cannot load modules/mod_http2.so into server:
/usr/local/apache2/modules/mod_http2.so: undefined symbol:
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation)
If anyone on the list has compiled their own httpd 2.4.59 with Rocky
9 would you mind sharing the details ?
Thanks, Jeff Koch
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
