Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - markus.neubauer

Pages: [1] 2 3 4
Email and Groupware / Re: Letsencrypt and 3rd party certificates
« on: February 27, 2019, 01:18:06 pm »
Sorry for late reply!

1. Does the script work for more than 1 domain?
2. After executing the script. If all goes well, will the customer's email services recognize the certificate correctly?

1. As you're using letsencrypt, it will work with more domains/hosts (alternate names) and as long as the http(!) request reaches your letsencrypt setup (.well-known...) you are free to combine host/domain names.
2. All services are using the certificate and shall/will be restarted upon renewal (should be done within the script).

So far the script is active on several systems with no problems or dropouts.

Email and Groupware / Re: Letsencrypt and 3rd party certificates
« on: November 27, 2018, 06:02:13 pm »
Checking dovecot cert status - cp: cannot stat '/etc/letsencrypt/live/': No such file or directory

Usually this means there are no certificates generated - check your content in directory /etc/letsencrypt/live/
Due to the nature of letsencrypt, this can have many reasons:
  • is your http reachable from internet on port 80? (maybe a forward from your router if you are NATed)
  • does directory /var/www/html/.well-known exist?
  • check with letsencrypt manually

Suggestions for the script are welcome - or maybe your request finds its way into the product.  ;)

The solution depends on your installation status.

Do you receive the error then use a bash shell and simply do:
Code: [Select]
dpkg --install --force-all libapt-pkg5.0_${A_VERSION}_amd64.deb # instead force-all you may use force-downgrade
apt update
apt upgrade

I'd suggest using pinning (preferences.d)!

It's up to Zentyal now, they have to inform their users, as it is a security issue, and describe a manual way to bring their system's back to real life (also community version). Sorry to say that, but a system with no security updates should be shut down (more or less early) -> I'm a hardliner in this  8)

Use pinning to release (see above) and you will not get any more held information on this. Upgrades in this case will be done using the major release.

Try these commands,
sudo dpkg --install --force-downgrade libapt-pkg5.0_1.2.29_amd64.deb
;) and dont forget to hold the package (see before) or you will run in the same issue again...

Email and Groupware / Re: Letsencrypt and 3rd party certificates
« on: October 30, 2018, 11:11:46 am »
The script has changed to also reload nginx.

@half_life: Sorry, but i disagree in "A more permanent way to do this is to use hooks see"

After some years of Zentyal expirience I noticed that mas files and configs can change. The way I'm using/suggesting is not bound to a release but does the system part independently. If you are focused on the "right way" and can keep an eye on it every time an update occurs, then you are right  ;)

Try apt-get update
You are affected if the response is:
apt-get: relocation error: /usr/lib/x86_64-linux-gnu/ symbol _ZN9pkgSystem9LockInnerEv, version APTPKG_5.0 not defined in file with link time reference
Problem: From here on your system will never update again!

It occured after the last update see /var/log/apt/history.log within 5.1 (example):
Start-Date: 2018-10-26  20:11:39
Commandline: apt-get -o DPkg::Options::=--force-confold --yes --force-yes --no-install-recommends install apt ap
Requested-By: ebox (111)
Upgrade: apt:amd64 (1.2.27, 1.2.29), apt-utils:amd64 (1.2.27, 1.2.29), apt-transport-https:amd64 (1.2.27, 1.2.29
End-Date: 2018-10-26  20:11:47

Solution: This is a case which you have to fix manually by your own. Use sudo or root for execution.
(Solution from gabor.strama gives the right direction!)

In detail, put this to a bash shell with root access:
Code: [Select]
A_VERSION=1.2.29 # see log obove
cd /var/cache/apt/archives
if [ 'x86_64' == "`uname -m`" ]; then
  # on 64-Bit System use:
  dpkg --install --force-all libapt-pkg5.0_${A_VERSION}_amd64.deb
  # on i386 System use:
  dpkg --install --force-all libapt-pkg5.0_${A_VERSION}_i386.deb
You do not need to continue here, continue and read the comment at the end from "J. A. Calvo" ->,32403.msg109058.html#msg109058

A method to hold/pin the package after downgrading using preferences (not prefrerred any more):
Code: [Select]
# Prevent updates temporary
apt-mark hold libapt-pkg5.0

cat << EOT > /etc/apt/preferences.d/libapt
Package: Package: libapt-pkg5.0
Pin: release a=xenial*
Pin-Priority: 1000

Package: Package: libapt-inst2.0
Pin: release a=xenial*
Pin-Priority: 1000
apt-mark unhold libapt-pkg5.0
# test
apt upgrade
Now, only a Ubuntu xenial release will update the packages.

To clearify: Zentyal is responsible to fix this issue or the systems won't even get security updates. It's in Zentyal's hand providing information on this case and release a script to fix this issue for the installed base. Furthermore Zentyal has to include a step in the upgrade procedure from 5.1 -> 6.0 +f that removes the file /etc/apt/preferences.d/libapt again.

In the meantime there is a simple script solution for zentyal 5 at
The script is meant for /usr/local/sbin/ and should do what is necessary for the official services, just make it executable an run once interactive.

Self Reply: Seen to late -> solves the question.

@Development: This should be on by default...

Email and Groupware / Where are office messages (absence/vacation)
« on: February 10, 2018, 02:49:54 pm »
Where are the absence/vacation settings in Zentyal 5.0.1?

The original setup, shown here can not be found.

Do I have to activate it at some place (and how)?

After upgrading to 4.2.2 mail user cannot set up the collected addressbook in the expected way.

Affected: Webmail Interface Settings E-Mail

When using settings -> email
The offered addressbooks are duplicated and only the addressbooks from a common group.

To be offered the users collected addressbook which still exists in the addressbooks tabs.

Within I've started a new project to automatically deploy the Thunderbird setup as a full provisioning service.

This kind of setup is not meant for users but might be interesting to admins and devops responsible for the deployment rollout.

Testers are welcome, especially other languages than German. Help and assistance can be provided in english in a limited fashion.

Email and Groupware / Re: Global Shared Addressbook URL
« on: December 23, 2016, 09:47:38 am »
You may want to go to Addressbook -> Extras -> Settings and end up on the settings page Addressing (german: Adressieren below Verfassen).

Check your LDAP Directory Servers and add an entry:
Name: Zentyal Users
Serveraddress: [YOUR_OWN_SERVER_ADD/IP]
Port: 389
BindDN: CN=[YOUR Prename] [YOUR Lastname],CN=Users,DC=[YOUR_DOMAIN],DC=[YOUR_TLD]


Remark: [YOUR Prename] [YOUR Lastname] is shown in the Zentyal config editor -> Users and Computers -> Manage, see the shown name (german: Angezeigter Name)

Pages: [1] 2 3 4