New to Axigen Questions

Background: I’ve been using Microsoft e-mail products for > 25 years now, including running Exchange Server at home. (Yes, they were fully licensed copies as I received “Not for Resale” versions from Microsoft that were passed out to IT professionals at our IT groups.) Yes, running Exchange at home is definitely overkill, but it’s fun being able to set things up and running it with my own rules. As Microsoft no longer has that program, I’m looking to replace my family’s Exchange 2010 server with Axigen rather than move to Exchange Online (EXO), even though I support O365 professionally. Since I’m new to Axigen, I have a few questions and hope that people here can answer and help me get started. If the answer is in the documentation, please point me there as I actually enjoy reading documentation and don’t take offense if people point me there. I’ve been using the chat site’s chat function to get a few initial questions answered (their responses are usually very quick,) but figured I could try here as well in case other users had additional input. (Axigen - please feel to answer as well, but it also allows me to see how the rest of the community here helps each other as I will be relying on the people here if/when I have problems.) While I don’t expect Axigen to be Exchange, I definitely want to know how to best take advantage of its abilities.

Environment: Home use / single domain / Let’s Encryp (wildcard) certificate / DDNS (ZoneEdit) with backup MX / Windows Server 2019 Essentials / Outlook clients (Windows & Android)

Questions:

  1. When I started the install process, I read the EULA, which stated that there were no “free” options except the 30 day trial. I asked about that in the chat and the response was pointing me to online EULA - Section 2.1.1. When I read it, it appears that the free license is for a “Yearly License.” Does it automatically renew or something similar? Will I be forced to remove the software after a year? (I held off completing the install until I fully understood the license.)
  2. Since I’m familiar with Exchange Server, I have relied on ActiveSync to keep everything updated on all of my devices. Not only do I heavily use e-mail, but also calendar, contacts and tasks. I need to sync everything to each of my computers and to my Android devices. Since ActiveSync is not included in the free version, what are alternative ways to sync up everything (preferably with the categories I setup in Outlook.) I’ve read a little about CalDAV & CardDAV, but not overly familiar with them. Axigen chat told me about DAVx⁵ which I haven’t had time to research yet. I’m not opposed to using other PIM clients for Android. How does everyone sync their calendars & contacts since IMAP only syncs e-mail. And please correct me if I’m wrong, but I suspect that the Outlook Connector is required for the Outlook for Windows clients to sync up each of those items.
  3. I’ve been a user of Exchange’s Public Folders for all of my e-mail subscriptions. I noticed that Axigen also has public folders. Does it function the same in an Outlook client, or do we need to use the Webmail to access them? Are they accessible from mobile clients?
  4. What about shared mailboxes? I read that Axigen can share mailboxes, but can I setup shared mailboxes that are not tied to a specific user that won’t count against the 5 user limitation like I can in EXO? (Since there’s only two users, I’m not too worried about creating a couple of additional mailboxes that I just have a bunch of aliases for.)
  5. Since Axigen has a webadmin portal as well as webmail built-in, does it use IIS functionality, or does it install its own web server?
  6. How does Axigen work with Windows Active Directory? I read here that it can, but that article is over 10 years old and several versions ago.
  7. I’ve read the Axigen supports TLS 1.3. Has anyone had any problems with implementing this?
  8. Are there any known security issues?
  9. I’ve read in the forum that there have been problems with renewing certificates. Is this a common issue?
  10. I’ve read that Axigen has some logging, but does it include any message tracking abilities?

I’m sure that I’ll have more in the near future, but wanted to start with these. I welcome any/all answers.

(Note: I tried to include more links, but Axigen blocked them as I’m a new member.)

I went ahead and pulled the trigger and did an install of Axigen on the server. I see now that I’m supposed to renew my yearly license.
.

.

I did a little bit of searching and found Axigen’s License Registration page. I’m guessing that this is where I do my yearly renewal. Since I don’t know if Axigen reminds us to renew it, I’ve already added it to my task list to renew it a few days beforehand.

I’ve tried to install my certificate into Axigen, but it just won’t let me. Since I use Let’s Encrypt, I didn’t think it would be a problem. Using OpenSSL, I converted it to a PEM file and tried to upload it via WebAdmin. Unfortunately, it keeps giving me a “The certificate could not be uploaded.” error.
.

.
I figured that maybe Axigen can’t use my *.domain.com cert, so I even tried generating a new certificate using domain.com, but after the circle spins for a while, I get the error “The SSL certificate could not be generated!” I don’t know if it’s because I’ve already got a cert with Let’s Encrypt or something else. I’ve even tried requesting certificates for mail.domain.com and smtp.domain.com, but get the same results. (I have NOT yet tried doing a CSR because, if I understand the documentation, if I have Axigen request the certificate, it will automatically handle all of the renewals.

What’s my next step to add a certificate? My goal is to encrypt HTTPS, SMTPS and IMAPS.

I’ve tried multiple things, but continue to get errors. Below is my (edited) log file:

2020-01-14 13:00:28 -0700 08 Server WEBADMIN:00000189: Let’s Encrypt: Issuance Job added successfully
2020-01-14 13:00:29 -0700 08 Server WEBADMIN:0000018B: connection closed with [127.0.0.1:63370]
2020-01-14 13:00:29 -0700 08 Server WEBADMIN:00000189: LetsE: Found current request
2020-01-14 13:00:29 -0700 08 Server JOBLOG:70000015: LetsE: Acme job executing
2020-01-14 13:00:29 -0700 08 Server JOBLOG:70000015: LetsE: Found current request
2020-01-14 13:00:29 -0700 08 Server JOBLOG:70000015: LetsE: AcmeInitState for domain.com executing
2020-01-14 13:00:29 -0700 08 Server JOBLOG:70000015: LetsE: Response code 200
2020-01-14 13:00:29 -0700 08 Server JOBLOG:70000015: LetsE: Account location is https://acme-v02.api.letsencrypt.org/acme/acct/75829518, TOS URI is https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2020-01-14 13:00:29 -0700 02 Server JOBLOG:70000015: LetsE: Acme init state completed, moving to reg state
2020-01-14 13:00:29 -0700 08 Server JOBLOG:70000015: LetsE: Job step action => Proceeding to next state
2020-01-14 13:00:29 -0700 08 Server JOBLOG:70000015: LetsE: AcmeRegState for domain.com executing
2020-01-14 13:00:30 -0700 08 Server JOBLOG:70000015: LetsE: Response code 201
2020-01-14 13:00:30 -0700 02 Server JOBLOG:70000015: LetsE: Acme reg state completed, moving to challenge state
2020-01-14 13:00:30 -0700 08 Server JOBLOG:70000015: LetsE: Job step action => Proceeding to next state
2020-01-14 13:00:30 -0700 08 Server JOBLOG:70000015: LetsE: AcmeChallengeState for domain.com executing
2020-01-14 13:00:30 -0700 08 Server JOBLOG:70000015: LetsE: Response code 200
2020-01-14 13:00:30 -0700 08 Server JOBLOG:70000015: LetsE: Job step action => Waiting is needed, going to sleep
2020-01-14 13:00:34 -0700 08 Server WEBADMIN:00000189: previous line is repeated 10 times.
2020-01-14 13:00:35 -0700 08 Server WEBADMIN:00000189: LetsE: Found current request
2020-01-14 13:00:41 -0700 08 Server WEBADMIN:00000189: previous line is repeated 10 times.
2020-01-14 13:00:41 -0700 08 Server WEBADMIN:00000189: LetsE: Found current request
2020-01-14 13:00:45 -0700 08 Server JOBLOG:70000016: LetsE: Acme job executing
2020-01-14 13:00:45 -0700 08 Server JOBLOG:70000016: LetsE: AcmeChallengeState for domain.com executing
2020-01-14 13:00:45 -0700 02 Server JOBLOG:70000016: LetsE: Acme challenge state failed, perhaps domain.com cannot be accessed by the letsencrypt servers?
2020-01-14 13:00:45 -0700 02 Server JOBLOG:70000016: LetsE: Issuance Job for domain.com abandoned!
2020-01-14 13:00:45 -0700 02 Server JOBLOG:70000016: LetsE: last protocol errType All OK!
2020-01-14 13:00:45 -0700 02 Server JOBLOG:70000016: LetsE: last protocol errDetail All OK!
2020-01-14 13:00:45 -0700 02 Server JOBLOG:70000016: LetsE: Job step action => Cannot complete current work item, abandoning
2020-01-14 13:00:45 -0700 08 Server WEBADMIN:00000189: previous line is repeated 6 times.
2020-01-14 13:00:45 -0700 02 Server WEBADMIN:00000189: LetsE: Could not open file C:\Program Files\Axigen Mail Server\letsencrypt\domain.com\cert.pem to check its header for letsencrypt
2020-01-14 13:00:54 -0700 02 Server WEBADMIN:00000189: previous line is repeated 1 time.
2020-01-14 13:00:54 -0700 08 Server WEBADMIN:00000189: Let’s Encrypt: Issuance Job added successfully
2020-01-14 13:00:55 -0700 08 Server WEBADMIN:00000189: LetsE: Found current request
2020-01-14 13:00:55 -0700 08 Server JOBLOG:70000017: LetsE: Acme job executing
2020-01-14 13:00:55 -0700 08 Server JOBLOG:70000017: LetsE: Found current request
2020-01-14 13:00:55 -0700 08 Server JOBLOG:70000017: LetsE: AcmeInitState for mail.domain.com executing
2020-01-14 13:00:59 -0700 08 Server JOBLOG:70000017: LetsE: Response code 200
2020-01-14 13:00:59 -0700 08 Server JOBLOG:70000017: LetsE: Account location is https://acme-v02.api.letsencrypt.org/acme/acct/75830038, TOS URI is https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2020-01-14 13:00:59 -0700 02 Server JOBLOG:70000017: LetsE: Acme init state completed, moving to reg state
2020-01-14 13:00:59 -0700 08 Server JOBLOG:70000017: LetsE: Job step action => Proceeding to next state
2020-01-14 13:00:59 -0700 08 Server JOBLOG:70000017: LetsE: AcmeRegState for mail.domain.com executing
2020-01-14 13:00:59 -0700 08 Server JOBLOG:70000017: LetsE: Response code 201
2020-01-14 13:01:00 -0700 02 Server JOBLOG:70000017: LetsE: Acme reg state completed, moving to challenge state
2020-01-14 13:01:00 -0700 08 Server JOBLOG:70000017: LetsE: Job step action => Proceeding to next state
2020-01-14 13:01:00 -0700 08 Server JOBLOG:70000017: LetsE: AcmeChallengeState for mail.domain.com executing
2020-01-14 13:01:00 -0700 08 Server JOBLOG:70000017: LetsE: Response code 200
2020-01-14 13:01:00 -0700 08 Server JOBLOG:70000017: LetsE: Job step action => Waiting is needed, going to sleep
2020-01-14 13:01:00 -0700 08 Server WEBADMIN:00000189: previous line is repeated 10 times.
2020-01-14 13:01:01 -0700 08 Server WEBADMIN:00000189: LetsE: Found current request
2020-01-14 13:01:07 -0700 08 Server WEBADMIN:00000189: previous line is repeated 10 times.
2020-01-14 13:01:07 -0700 08 Server WEBADMIN:00000189: LetsE: Found current request
2020-01-14 13:01:13 -0700 08 Server WEBADMIN:00000189: previous line is repeated 10 times.
2020-01-14 13:01:13 -0700 08 Server WEBADMIN:00000189: LetsE: Found current request
2020-01-14 13:01:15 -0700 08 Server JOBLOG:70000018: LetsE: Acme job executing
2020-01-14 13:01:15 -0700 08 Server JOBLOG:70000018: LetsE: AcmeChallengeState for mail.domain.com executing
2020-01-14 13:01:15 -0700 02 Server JOBLOG:70000018: LetsE: Acme challenge state failed, perhaps mail.domain.com cannot be accessed by the letsencrypt servers?
2020-01-14 13:01:15 -0700 02 Server JOBLOG:70000018: LetsE: Issuance Job for mail.domain.com abandoned!
2020-01-14 13:01:15 -0700 02 Server JOBLOG:70000018: LetsE: last protocol errType All OK!
2020-01-14 13:01:15 -0700 02 Server JOBLOG:70000018: LetsE: last protocol errDetail All OK!
2020-01-14 13:01:15 -0700 02 Server JOBLOG:70000018: LetsE: Job step action => Cannot complete current work item, abandoning
2020-01-14 13:01:15 -0700 08 Server WEBADMIN:00000189: previous line is repeated 2 times.
2020-01-14 13:01:15 -0700 02 Server WEBADMIN:00000189: LetsE: Could not open file C:\Program Files\Axigen Mail Server\letsencrypt\mail.domain.com\cert.pem to check its header for letsencrypt

I was finally able to import my *.domain.com certificate by converting it to a CRT file and then adding it to Axigen with the key. Unfortunately, I think Axigen is having a problem with it as it doesn’t understand that the wildcard covers everything and I keep getting warning messages that the FQDN doesn’t match the certificate.

While I can use the Outlook Connector to connect to Axigen, I cannot connect any of my mobile clients using Outlook via IMAP. I think that this might have to do with the certificates. Tonight, when I tried using the Google e-mail client, it complained of a “Certificate subject and hostname mismatch,” which supports my hypothesis.

I also started looking in the logs and found: 2020-01-16 20:53:48 -0700 02 Server SERVER:00000000: SSL_connect error (A request to send or receive data was disallowed because the socket had already been shut down in that direction with a previous shutdown call.)

In my IMAP log, I can see connection attempts, but get a message saying 2020-01-16 20:53:29 -0700 02 Server IMAP:00000A3F: SSL_write error (An existing connection was forcibly closed by the remote host.)

Can someone please help me with the certificate issue and then we can move forward with the mobile clients?

This is how I update my certificate, have to do it every 3 months though as I havent spent time to automate it.

Im running on Windows 10, so I got the Linux kernel service installed, with ubuntu image from the microsoft store, that gives me access to bash.

I use https://www.sslforfree.com/ for my certificate.

Open bash
Run:
sudo su -> username/password

openssl rsa -in “/mnt/c/temp/Axigen Certificate/private.key” -out “/mnt/c/temp/Axigen Certificate/Norlig.key”

cat “/mnt/c/temp/Axigen Certificate/Norlig.key” “/mnt/c/temp/Axigen Certificate/certificate.crt” > “/mnt/c/temp/Axigen Certificate/Norlig.pem”

cat “/mnt/c/temp/Axigen Certificate/Norlig.key” “/mnt/c/temp/Axigen Certificate/ca_bundle.crt” > “/mnt/c/temp/Axigen Certificate/ca_Norlig.pem”

Copy everything from ----Begin Certificate---- XXX to and including ----End Certificate---- from “ca_Norlig.pem” , to the end of Norlig.pem.
(everything except the RSA key…)

Copy Norlig.pem to: C:\Program1\Axigen Mail Server\certs , restart axigen mail service

In the listeners, I set the certificate to “certs/Norlig.pem”

hope this helps

Thanks for the reply Norlig. I figured out that Axigen just doesn’t like wildcard certificates. I’m familiar with how to use Let’s Encrypt and have been using them for quite a while on my previous server. When I created a cert with specific host names instead of using a wildcard, after installing it, the web portions work fine. The next step is to figure out why I can’t connect using IMAP:993 and SMTP:465. I was hoping that the cert change would fix the issue… and it definitely was a problem, but not the entire problem for the mobile client.

I havent managed to get the IMAP and SMTP listeners to work with SSL either.

currently got both 143/993(ssl) enabled on IMAP and both 25/465(ssl) enabled on SMTP Receiving.
If I disable the listeners without SSL, Outlook stops working on my android phone.

I’ve basically put it to rest at this point, as I just use my email for private non-important stuff, and don’t connect to open hotspots when I am out and about.

hope you do find a resolution though :slight_smile:

Hello Norlig,

I’m very curious what exactly doesn’t work for you in regard to IMAP and SMTP with SSL?
Could you open a separate thread so we could look over to your specific scenario?

Best regards,
Ioan

Hello Trekke,

I think you are on a wrong track here as it is not Axigen that doesn’t like wildcard but LetsEncrypt, which is accepting only the DNS challenge for wildcard certificates.

From: FAQ - Let's Encrypt

We have a client that is generating his own LE “star certificate” for a couple of domains (like 20) and use that single certificate for all SSL listeners without problems. All you have to do is to configure “service axigen restart” as the post deployment step into the 3rd party tool you are using.

HTH,
Ioan